Abstract
The need of a trusted environment in which only authorized users are permitted to access a system was of imperative importance since the early days of cloud computing. Even nowadays, a lot of users seem to be reluctant to store their personal data in the cloud and specifically the data related to bank accounts and the health care domain. Our goal is to enhance the access control mechanisms that can be used in the healthcare domain for enhancing the security and privacy of EHR systems. In this work, we present a context-aware security model which consists of classes and properties that can serve as background knowledge for creating and enforcing access control rules for electronic health records (EHR). We consider two different layers of authorization control based on the current context: (i) the Attribute Based Access Control (ABAC) layer which permits or denies access and/or editing rights to (encrypted) EHRs; and (ii) the Attribute Based Encryption (ABE) layer which handles the way sensitive data should be decrypted.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Dey, A.: Understanding and using context. Pers. Ubiquit. Comput. 5, 4–7 (2001)
Ferrari, E.: Access Control in Data Management Systems. Synthesis Lectures on Data Management, vol. 2. Morgan & Claypool Publishers, San Rafael (2010). (no. 2)
Khan, A.R.: Access control in cloud computing environment. ARPN J. Eng. Appl. Sci. 7(5), 613–615 (2012)
Hu, V.C., Ferraiolo, D., Kuhn, R., Schnitzer, A., Sandlin, K., Miller R., Scarfone, K.: Guide to Attribute Based Access Control (ABAC) definition and considerations. NIST Special Publication (2014)
Veloudis, S., Verginadis, Y., Patiniotakis, I., Paraskakis, I., Mentzas, G.: Context-aware security models for PaaS-enabled access control. In: 6th International Conference on Cloud Computing and Services Science (CLOSER 2016), Rome, Italy, 23–25 April 2016
Veloudis, S., Paraskakis, I., Verginadis, Y., Patiniotakis, I., Mentzas, G.: Ontological templates for regulating access to sensitive medical data in the cloud. In: 2017 IEEE 30th International Symposium on Computer-Based Medical Systems (CBMS), pp. 805–810. IEEE, June 2017
Weber, G.M., Mandl, K.D., Kohane, I.S.: Finding the missing link for big biomedical data. JAMA 311, 2479–2480 (2014)
Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 457–473. Springer, Heidelberg (2005)
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: 2007 IEEE Symposium on Security and Privacy (SP 2007), pp. 321–334. IEEE, May 2007
Müller, S., Katzenbeisser, S., Eckert, C..: Distributed attribute-based encryption. In: International Conference on Information Security and Cryptology, pp. 20–36. Springer, Heidelberg (2008)
Moffat, S., Hammoudeh, M., Hegarty, R.: A survey on ciphertext-policy attribute-based encryption (CP-ABE) approaches to data security on mobile devices and its application to IoT. In: Proceedings of the International Conference on Future Networks and Distributed Systems. ACM (2017)
Wang, S., Gao, T., Zhang, Y.: Searchable and revocable multi-data owner attribute-based encryption scheme with hidden policy in cloud storage. PLoS ONE 13, e0206126 (2018)
Lewko, A., Waters, B.: Decentralizing attribute-based encryption. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 568–588. Springer, Heidelberg (2011)
Liu, Z., Jiang, Z.L., Wang, X., Yiu, S.M.: Practical attribute-based encryption: outsourcing decryption, attribute revocation and policy updating. J. Netw. Comput. Appl. 108, 112–123 (2018)
Domingo-Ferrer, J., Farràs, O., Ribes-González, J., Sánchez, D.: Privacy-preserving cloud computing on sensitive data: a survey of methods, products and challenges. Comput. Commun. 140, 38–60 (2019)
Zhan, L., Cui, Y., Mu, Y.: Improving security and privacy attribute based data sharing in cloud computing. IEEE Syst. J., 1–11 (2019)
Attrapadung, N.: Unbounded dynamic predicate compositions in attribute-based encryption. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 34–67. Springer, Cham, May 2019
Xu, Q., Tan, C., Zhu, W., Xiao, Y., Fan, Z., Cheng, F.: Decentralized attribute-based conjunctive keyword search scheme with online/offline encryption and outsource decryption for cloud computing. Future Gener. Comput. Syst. 97, 306–326 (2019)
Li, Q., Zhu, H., Xiong, J., Mo, R., Ying, Z., Wang, H.: Fine-grained multi-authority access control in IoT-enabled mHealth. Ann. Telecommun. 74, 389–400 (2019)
Liang, P., Zhang, L., Kang, L., Ren, J.: Privacy-preserving decentralized ABE for secure sharing of personal health records in cloud storage. J. Inf. Secur. Appl. 47, 258–266 (2019)
Acknowledgments
This research has received funding from the EU, project H2020 826093, Asclepios (https://www.asclepios-project.eu/).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Psarra, E., Verginadis, Y., Patiniotakis, I., Apostolou, D., Mentzas, G. (2020). A Context-Aware Security Model for a Combination of Attribute-Based Access Control and Attribute-Based Encryption in the Healthcare Domain. In: Barolli, L., Amato, F., Moscato, F., Enokido, T., Takizawa, M. (eds) Web, Artificial Intelligence and Network Applications. WAINA 2020. Advances in Intelligent Systems and Computing, vol 1150. Springer, Cham. https://doi.org/10.1007/978-3-030-44038-1_104
Download citation
DOI: https://doi.org/10.1007/978-3-030-44038-1_104
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-44037-4
Online ISBN: 978-3-030-44038-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)