Abstract
We introduce a novel access control mechanism in order to safeguard privacy of medical data of patients in dynamic environments. Our access control model takes advantages from role-based access control (RBAC) and criticality aware access control (CAAC). In this way, our original approach allows the medical professionals with different roles to be granted access to medical records of patients automatically and without explicit request in case of a medical emergency. In this context, we design secure and privacy aware protocols from initial login to patients’ medical data transmission and retrieval by the medical professionals. Moreover, we formally define access control policies for our system. Finally we show the feasibility of our approach by implementation and performance evaluation.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Chakraborty, S., Ray, I.: Trustbac: integrating trust relationships into the rbac model for access control in open systems. In: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies, pp. 49–58. ACM (2006)
Dwork, C.: A firm foundation for private data analysis. Commun. ACM 54(1), 86–95 (2011)
Fraden, J., Neuman, M.: Qrs wave detection. Med. Biol. Eng. Comput. 18(2), 125–132 (1980)
Gilbert, M.D.M.: An examination of federal and commercial access control policy needs. In: National Computer Security Conference, 1993 (16th) Proceedings: Information Systems Security: User Choices, p. 107. DIANE Publishing (1995)
Kreiseler, D., Bousseliot, R.: Automatisierte EKG-Auswertung mit Hilfe der EKG-Signaldatenbank CARDIODAT der PTB. Biomedizinische Technik/Biomed. Eng. 40(1), 319–320 (2009)
Muppavarapu, V., Chung, S.M.: Role-based access control for cyber-physical systems using shibboleth. In: Proceedings of DHS Workshop on Future Directions in Cyber-Physical Systems Security, pp. 57–60 (2009)
Neuman, B.C., Ts’o, T.: Kerberos: an authentication service for computer networks. IEEE Commun. Mag. 32(9), 33–38 (1994)
Osborn, S., Sandhu, R., Munawer, Q.: Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Trans. Inform. Syst. Secur. (TISSEC) 3(2), 85–106 (2000)
Samarati, P., de Vimercati, S.C.: Access control: policies, models, and mechanisms. In: Foundations of Security Analysis and Design, pp. 137–196. Springer, New York (2001)
Sandhu, R.: Role hierarchies and constraints for lattice-based access controls. In: Computer Security ESORICS 96, pp. 65–79. Springer, New York (1996)
Sandhu, R.S.: Role-based access control. Adv. Comput. 46, 237–286 (1998)
Venkatasubramanian, K.K.: Security solutions for cyber-physical systems. Ph.D. thesis, Arizona State University, 2009
Zheng, S., Jiang, D., Liu, Q.: A role and activity based access control model for university identity and access management system. In: Fifth International Conference on Information Assurance and Security, 2009, IAS’09, vol. 2, pp. 487–490. IEEE (2009)
Acknowledgments
This work was supported by the Scientific and Technological Research Council of Turkey (TÜBİTAK) under grant 114E557.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Pulur, N.A., Altop, D.K., Levi, A. (2016). A Role and Activity Based Access Control for Secure Healthcare Systems. In: Abdelrahman, O., Gelenbe, E., Gorbil, G., Lent, R. (eds) Information Sciences and Systems 2015. Lecture Notes in Electrical Engineering, vol 363. Springer, Cham. https://doi.org/10.1007/978-3-319-22635-4_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-22635-4_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-22634-7
Online ISBN: 978-3-319-22635-4
eBook Packages: EngineeringEngineering (R0)