Skip to main content
SpringerLink
Log in

Advanced Techniques for Deploying Reliable and Efficient Access Control: Application to E-healthcare

  • Systems-Level Quality Improvement
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

Nowadays, e-healthcare is a main advancement and upcoming technology in healthcare industry that contributes to setting up automated and efficient healthcare infrastructures. Unfortunately, several security aspects remain as main challenges towards secure and privacy-preserving e-healthcare systems. From the access control perspective, e-healthcare systems face several issues due to the necessity of defining (at the same time) rigorous and flexible access control solutions. This delicate and irregular balance between flexibility and robustness has an immediate impact on the compliance of the deployed access control policy. To address this issue, the paper defines a general framework to organize thinking about verifying, validating and monitoring the compliance of access control policies in the context of e-healthcare databases. We study the problem of the conformity of low level policies within relational databases and we particularly focus on the case of a medical-records management database defined in the context of a Medical Information System. We propose an advanced solution for deploying reliable and efficient access control policies. Our solution extends the traditional lifecycle of an access control policy and allows mainly managing the compliance of the policy. We refer to an example to illustrate the relevance of our proposal.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. Jaidi, F., and Labbene-Ayachi, F., The problem of integrity in RBAC-based policies within relational databases: synthesis and problem study. ACM IMCOM 9th Int. Conf. Ubiquit. Inf. Manag. Commun. 21, 2015.

  2. Kaur, G., and Gupta, N., E-health: a New perspective on global health. J. Evol. Technol. 15(1):23–35, 2006.

    Google Scholar 

  3. Scherrer, J.R., Spahni, S., Healthcare Information System Architecture (HISA) and its middleware models. AMIA Symp. 1999.

  4. SAMTA project. http://samta.offis.de/.

  5. The Telemedicine System Interoperability Architecture (TSIA). http://telemedicine.sandia.gov/.

  6. Xiang, Y., Gu, Q., Li, Z., A distributed framework of Web-based telemedicine system. Proc. 16th IEEE Symp. Comput.-Based Med. Syst. 108–113, 2003.

  7. Omar, W.M., Taleb-Bendiab, A., E-health support services based on service-oriented architecture. IEEE Int. Conf. Serv. Comput. 135–142, 2006.

  8. Barrows, R., Privacy, confidentiality, and electronic medical records. J. Am. Med. Inf. Assoc. 13(2):139–148, 1996.

    Article  Google Scholar 

  9. Health Insurance Portability and Accountability Act, United States Public Law, 104–191.

  10. Lampson, W., Protection. ACM SIGOPS Oper. Syst. Rev. 8(1):18–24, 1974.

    Article  Google Scholar 

  11. Bell, D., LaPadula, L., Secure computer systems: unified exposition and multics interpretation. MTR-2997. 1975.

  12. Sandhu, R., Coynek, E. J., Feinsteink, H. L., and Youmank, C. E., Role-based access control models. IEEE Comput. 29(2):38–47, 1996.

    Article  Google Scholar 

  13. Lu, S., Hong, Y., Liu, Q., Wang L., Dssouli, R., Access control in e-health portal systems. 4th Int. Conf. Innov. Inf. Technol. 88–92, 2007.

  14. Jajodia, S., Samarati, P., Sapino, M. L., and Subrahmanian, V. S., Flexible support for multiple access control policies. ACM Trans. Database Syst. 26(4):1–57, 2001.

    Google Scholar 

  15. Nirmala, D., Madhu Bindu N., Preserving privacy and providing auditability for cloud assisted mobile-access of health data. Int. J. Comput. Sci. Mechatron. 1(2), 2015.

  16. Mont, M. C., Bramhall, P., Harrison, K., A flexible role-based secure messaging service: Exploiting IBE technology for privacy in health care. 14th Int. Work. Database Exp. Syst. Appl. 2003.

  17. Boneh, D., and Franklin, M., Identity based encryption from the Weil pairing. SIAM J. Comput. 32(3):586–615, 2003.

    Article  Google Scholar 

  18. Basin, D. A., Clavel, M., Doser, J., and Egea, M., Automated analysis of security-design models. Inf. Softw. Technol. 51(5):815–831, 2009.

    Article  Google Scholar 

  19. Idani, A., Ledru, Y., Richier, J., Labiadh, M. A., Qamar, N., Gervais, F., Laleau, R., Milhau, J., Frappier, M., Principles of the coupling between UML and formal notations. ANR-08-SEGI-018. 2011.

  20. Ledru, Y., Idani, A., Milhau, J., Qamar, N., Laleau, R., Richier, J., and Labiadh, M. A., Taking into account functional models in the validation of IS security policies. CAiSE Work. 83:592–606, 2011.

    Google Scholar 

  21. Nyanchama, M., and Osborn, S., The role graph model and conflict of interest. ACM Trans. Inf. Syst. Secur. 1(2):3–33, 1999.

    Article  Google Scholar 

  22. Koch, M., Mancini, L. V., and Parisi-Presicce, F., A graph-based formalism for RBAC. ACM Trans. Inf. Syst. Secur. 5(3):332–335, 2002.

    Article  Google Scholar 

  23. Hansen, F., Oleshchuk, V., Conformance checking of RBAC policy and its implementation. 1st Inf. Sec. Pract. Exp. Conf. 144–155, 2005.

  24. Huang, C., Sun, J., Wang, X., and Si, Y., Security policy management for systems employing role based access control model. Inf. Technol. J. 8:726–734, 2009.

    Article  Google Scholar 

  25. Thion, R., and Coulondre, S., A relational database integrity framework for access control policies. J. Intell. Inf. Syst. 38(1):131–159, 2012.

    Article  Google Scholar 

  26. Elavathingal, E. E., Sethuramalingam, T. K., Wearable electronic healthcare device for home centric patient monitoring. IOJER. 1(2), 2015.

  27. Gunson, N., Marshall, D., Morton, H., and Jack, M., User perceptions of security and usability of single-factor and two-factor authentication in automated telephone banking. Comput. Secur. 30(4):208–220, 2011.

    Article  Google Scholar 

  28. He, D., Robust biometric-based user authentication scheme for wireless sensor networks. IACR Cryptol. ePrint 203:1–15, 2012.

    Google Scholar 

  29. Shin, K. C., A robust biometric-based user authentication protocol in wireless sensor network environment. J. Soc. e-Bus. Stud. 18(3):107–123, 2013.

    Article  Google Scholar 

  30. Yoon, E. J., Yoo, K. Y., A biometric-based authenticated key agreement scheme using ECC for wireless sensor networks. 29th Ann. ACM Symp. Appl. Comput. 699–705, 2014.

  31. Choi, Y., Lee, Y., Won, D., Security improvement on biometric based authentication scheme for wireless sensor networks using fuzzy extraction. Int. J. Distrib. Sens. Netw. 2, 2016.

  32. Wang, D., Wang, N., Wang, P., and Qing, S., Preserving privacy for free: efficient and provably secure two-factor authentication scheme with user anonymity. Inf. Sci. 321:162–178, 2015.

    Article  Google Scholar 

  33. Jiang, Q., Kumar, N., Ma, J., Shen, J., He, D., Chilamkurti, N., A privacy‐aware two‐factor authentication protocol based on elliptic curve cryptography for wireless sensor networks. Int. J. Netw. Manag. 2016.

  34. Wang, D., He, D., Wang, P., and Chu, C. H., Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans. Dependable Secure Comput. 12(4):428–442, 2015.

    Article  Google Scholar 

  35. Wu, F., Xu, L., Kumari, S., Li, X., An improved and anonymous two-factor authentication protocol for health-care applications with wireless medical sensor networks. Multimedia Systems 1–11, 2015.

  36. Das, A. K., Sutrala, A. K., Kumari, S., Odelu, V., Wazid, M., Li, X., An efficient multi‐gateway‐based three‐factor user authentication and key agreement scheme in hierarchical wireless sensor networks. Secur. Commun. Netw. 2016.

  37. He, D., and Wang, D., Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst. J. 9(3):816–823, 2015.

    Article  Google Scholar 

  38. Jiang, Q., Khan, M. K., Lu, X., Ma, J., He, D., A privacy preserving three-factor authentication protocol for e-Health clouds. J. Supercomput. 1–24, 2016.

  39. Islam, S. K. H., and Obaidat, M. S., Design of provably secure and efficient certificateless blind signature scheme using bilinear pairing. Sec. Commun. Netw. 8:4319–4332, 2015.

    Article  Google Scholar 

  40. Cheng, L., and Wen, Q., Cryptanalysis and improvement of a certificateless partially blind signature. IET Inf. Secur. 9(6):380–386, 2015.

    Article  Google Scholar 

  41. Dong, G., Gao, F., Shi, W., and Gong, P., An efficient certificateless blind signature scheme without bilinear pairing. An. Acad. Bras. Cienc. 86(2):1003–1011, 2014.

    Article  Google Scholar 

  42. He, D., Chen, Y., and Chen, J., An efficient certificateless proxy signature scheme without pairing. Math. Comput. Model. 57(9):2510–2518, 2013.

    Article  Google Scholar 

  43. Jaidi, F., Labbene-Ayachi, F., An approach to formally validate and verify the compliance of low level access control policies. IEEE 17th Int. Conf. Comput. Sci. Eng. 1550–1557, 2014.

  44. Jaidi, F., and Labbene-Ayachi, F., To summarize the problem of Non-conformity in concrete RBAC-based policies: synthesis, system proposal and future directives. NNGT Int. J. Inf. Sec. 2:1–12, 2015.

    Google Scholar 

  45. Jaidi, F., Labbene-Ayachi, F., A reverse engineering and model transformation approach for RBAC-administered databases. 13th Int. Conf. High Perform. Comput. Simul. 2015.

  46. Jaidi, F., and Labbene-Ayachi, F., A formal approach based on verification and validation techniques for enhancing the integrity of concrete role based access control policies. Int. Joint Conf. Adv. Intell. Syst. Comput. 369:53–64, 2015.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Digital Security Research Unit, Higher School of Communication of Tunis, University of Carthage, Tunis, Tunisia

    Faouzi Jaïdi, Faten Labbene-Ayachi & Adel Bouhoula

Authors
  1. Faouzi Jaïdi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Faten Labbene-Ayachi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Adel Bouhoula
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Faouzi Jaïdi.

Additional information

This article is part of the Topical Collection on Systems-Level Quality Improvement

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Jaïdi, F., Labbene-Ayachi, F. & Bouhoula, A. Advanced Techniques for Deploying Reliable and Efficient Access Control: Application to E-healthcare. J Med Syst 40, 262 (2016). https://doi.org/10.1007/s10916-016-0630-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-016-0630-2

Keywords

Search

Navigation