Abstract
The Electronic Patient Health Recorded systems have been designed and implemented to provide the ability of collaboration among healthcare providers. Such collaborations raise the need for an authorization system to implement network security and protect sensitive data of each patient. Without a proper security protocol, this confidential information could be exploited by malicious attackers. This paper presents a novel access control system called “Access Control Model in Hybrid Cloud for Healthcare Systems” will help us to deal with any security vulnerabilities within the system. The proposed system is based upon two levels of access control: (1) protecting shared data containing basic information of patients among hospitals in the systems and (2) protecting private’s patient data that can be accessed by only the treating doctor. The model is implemented in a real-case application to demonstrate its effectiveness in managing the different level of security and privacy concerns.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abomhara, M., Yang, H., Køien, G.M., Lazreg, M.B.: Work-based access control model for cooperative healthcare environments: formal specification and verification. J. Healthc. Inf. Res. 1(1), 19–51 (2017)
Haas, S., Wohlgemuth, S., Echizen, I., Sonehara, N., Müller, G.: Aspects of privacy for electronic health records. Int. J. Med. Informatics 80(2), e26–e31 (2011)
Karimi, L., Joshi, J.: Multi-owner multi-stakeholder access control model for a healthcare environment. In: 2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC), pp. 359–368. IEEE (2017)
Maw, H.A., Xiao, H., Christianson, B.: An adaptive access control model for medical data in wireless sensor networks. In: 15th International Conference on e-Health Networking, Applications & Services (Healthcom), pp. 303–309. IEEE (2013)
Nguyen, M.H., Son, H.X.: A dynamic solution for fine-grained policy conflict resolution. In: International Conference on Cryptography, Security and Privacy. ACM (2019)
Ni, J., Zhang, K., Lin, X., Shen, X.S.: Securing fog computing for internet of things applications: challenges and solutions. IEEE Commun. Surv. Tutorials 20(1), 601–628 (2017)
Ray, I., Alangot, B., Nair, S., Achuthan, K.: Using attribute-based access control for remote healthcare monitoring. In: 2017 Fourth International Conference on Software Defined Systems (SDS), pp. 137–142. IEEE (2017)
Rissanen, E.: Extensible access control markup language (XACML) version 3.0 (2013)
Ruj, S., Nayak, A., Stojmenovic, I.: Distributed fine-grained access control in wireless sensor networks. In: Parallel & Distributed Processing Symposium (IPDPS), pp. 352–362. IEEE (2011)
Son, H.X., Chen, E.: Towards a fine-grained access control mechanism for privacy protection and policy conflict resolution. Int. J. Adv. Comput. Sci. Appl. 10(2) (2019)
Son, H.X., Dang, T.K., Massacci, F.: REW-SMT: a new approach for rewriting XACML request with dynamic big data security policies. In: International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage, pp. 501–515. Springer (2017)
Son, H.X., Dang, T.K., Tran, L.K.: Xacs–dypol: towards an XACML–based access control model for dynamic security policy
Son, H.X., Nguyen, M.H.: A novel attribute-based access control system for fine-grained privacy protection. In: International Conference on Cryptography, Security and Privacy. ACM (2019)
Son, H.X., Tran, L.K., Dang, T.K., Pham, Y.N.: REW-XAC: an approach to rewriting request for elastic ABAC enforcement with dynamic policies. In: 2016 International Conference on Advanced Computing and Applications (ACOMP), pp. 25–31. IEEE (2016)
Thi, Q.N.T., et al.: Using JSON to specify privacy preserving-enabled attribute-based access control policies. In: International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage, pp. 561–570. Springer (2017)
Yang, Y., Li, X., Qamar, N., Liu, P., Ke, W., Shen, B., Liu, Z.: Medshare: a novel hybrid cloud for medical resource sharing among autonomous healthcare providers. IEEE Access 6, 46949–46961 (2018)
Yu, S., Ren, K., Lou, W.: Fdac: toward fine-grained distributed data access control in wireless sensor networks. IEEE Trans. Parallel Distrib. Syst. 22(4), 673–686 (2011)
Zhang, A., Bacchus, A., Lin, X.: Consent-based access control for secure and privacy-preserving health information exchange. Secur. Commun. Netw. 9(16), 3496–3508 (2016)
Zhang, R., Liu, L., Xue, R.: Role-based and time-bound access and management of EHR data. Secur. Commun. Netw. 7(6), 994–1015 (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Son, H.X., Nguyen, M.H., Vo, H.K., Nguyen, T.P. (2020). Toward an Privacy Protection Based on Access Control Model in Hybrid Cloud for Healthcare Systems. In: Martínez Álvarez, F., Troncoso Lora, A., Sáez Muñoz, J., Quintián, H., Corchado, E. (eds) International Joint Conference: 12th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2019) and 10th International Conference on EUropean Transnational Education (ICEUTE 2019). CISIS ICEUTE 2019 2019. Advances in Intelligent Systems and Computing, vol 951. Springer, Cham. https://doi.org/10.1007/978-3-030-20005-3_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-20005-3_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-20004-6
Online ISBN: 978-3-030-20005-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)