Abstract
Nowadays, e-healthcare is a main advancement and upcoming technology in healthcare industry that contributes to setting up automated and efficient healthcare infrastructures. Unfortunately, several security aspects remain as main challenges towards secure and privacy-preserving e-healthcare systems. From the access control perspective, e-healthcare systems face several issues due to the necessity of defining (at the same time) rigorous and flexible access control solutions. This delicate and irregular balance between flexibility and robustness has an immediate impact on the compliance of the deployed access control policy. To address this issue, the paper defines a general framework to organize thinking about verifying, validating and monitoring the compliance of access control policies in the context of e-healthcare databases. We study the problem of the conformity of low level policies within relational databases and we particularly focus on the case of a medical-records management database defined in the context of a Medical Information System. We propose an advanced solution for deploying reliable and efficient access control policies. Our solution extends the traditional lifecycle of an access control policy and allows mainly managing the compliance of the policy. We refer to an example to illustrate the relevance of our proposal.
Similar content being viewed by others
References
Jaidi, F., and Labbene-Ayachi, F., The problem of integrity in RBAC-based policies within relational databases: synthesis and problem study. ACM IMCOM 9th Int. Conf. Ubiquit. Inf. Manag. Commun. 21, 2015.
Kaur, G., and Gupta, N., E-health: a New perspective on global health. J. Evol. Technol. 15(1):23–35, 2006.
Scherrer, J.R., Spahni, S., Healthcare Information System Architecture (HISA) and its middleware models. AMIA Symp. 1999.
SAMTA project. http://samta.offis.de/.
The Telemedicine System Interoperability Architecture (TSIA). http://telemedicine.sandia.gov/.
Xiang, Y., Gu, Q., Li, Z., A distributed framework of Web-based telemedicine system. Proc. 16th IEEE Symp. Comput.-Based Med. Syst. 108–113, 2003.
Omar, W.M., Taleb-Bendiab, A., E-health support services based on service-oriented architecture. IEEE Int. Conf. Serv. Comput. 135–142, 2006.
Barrows, R., Privacy, confidentiality, and electronic medical records. J. Am. Med. Inf. Assoc. 13(2):139–148, 1996.
Health Insurance Portability and Accountability Act, United States Public Law, 104–191.
Lampson, W., Protection. ACM SIGOPS Oper. Syst. Rev. 8(1):18–24, 1974.
Bell, D., LaPadula, L., Secure computer systems: unified exposition and multics interpretation. MTR-2997. 1975.
Sandhu, R., Coynek, E. J., Feinsteink, H. L., and Youmank, C. E., Role-based access control models. IEEE Comput. 29(2):38–47, 1996.
Lu, S., Hong, Y., Liu, Q., Wang L., Dssouli, R., Access control in e-health portal systems. 4th Int. Conf. Innov. Inf. Technol. 88–92, 2007.
Jajodia, S., Samarati, P., Sapino, M. L., and Subrahmanian, V. S., Flexible support for multiple access control policies. ACM Trans. Database Syst. 26(4):1–57, 2001.
Nirmala, D., Madhu Bindu N., Preserving privacy and providing auditability for cloud assisted mobile-access of health data. Int. J. Comput. Sci. Mechatron. 1(2), 2015.
Mont, M. C., Bramhall, P., Harrison, K., A flexible role-based secure messaging service: Exploiting IBE technology for privacy in health care. 14th Int. Work. Database Exp. Syst. Appl. 2003.
Boneh, D., and Franklin, M., Identity based encryption from the Weil pairing. SIAM J. Comput. 32(3):586–615, 2003.
Basin, D. A., Clavel, M., Doser, J., and Egea, M., Automated analysis of security-design models. Inf. Softw. Technol. 51(5):815–831, 2009.
Idani, A., Ledru, Y., Richier, J., Labiadh, M. A., Qamar, N., Gervais, F., Laleau, R., Milhau, J., Frappier, M., Principles of the coupling between UML and formal notations. ANR-08-SEGI-018. 2011.
Ledru, Y., Idani, A., Milhau, J., Qamar, N., Laleau, R., Richier, J., and Labiadh, M. A., Taking into account functional models in the validation of IS security policies. CAiSE Work. 83:592–606, 2011.
Nyanchama, M., and Osborn, S., The role graph model and conflict of interest. ACM Trans. Inf. Syst. Secur. 1(2):3–33, 1999.
Koch, M., Mancini, L. V., and Parisi-Presicce, F., A graph-based formalism for RBAC. ACM Trans. Inf. Syst. Secur. 5(3):332–335, 2002.
Hansen, F., Oleshchuk, V., Conformance checking of RBAC policy and its implementation. 1st Inf. Sec. Pract. Exp. Conf. 144–155, 2005.
Huang, C., Sun, J., Wang, X., and Si, Y., Security policy management for systems employing role based access control model. Inf. Technol. J. 8:726–734, 2009.
Thion, R., and Coulondre, S., A relational database integrity framework for access control policies. J. Intell. Inf. Syst. 38(1):131–159, 2012.
Elavathingal, E. E., Sethuramalingam, T. K., Wearable electronic healthcare device for home centric patient monitoring. IOJER. 1(2), 2015.
Gunson, N., Marshall, D., Morton, H., and Jack, M., User perceptions of security and usability of single-factor and two-factor authentication in automated telephone banking. Comput. Secur. 30(4):208–220, 2011.
He, D., Robust biometric-based user authentication scheme for wireless sensor networks. IACR Cryptol. ePrint 203:1–15, 2012.
Shin, K. C., A robust biometric-based user authentication protocol in wireless sensor network environment. J. Soc. e-Bus. Stud. 18(3):107–123, 2013.
Yoon, E. J., Yoo, K. Y., A biometric-based authenticated key agreement scheme using ECC for wireless sensor networks. 29th Ann. ACM Symp. Appl. Comput. 699–705, 2014.
Choi, Y., Lee, Y., Won, D., Security improvement on biometric based authentication scheme for wireless sensor networks using fuzzy extraction. Int. J. Distrib. Sens. Netw. 2, 2016.
Wang, D., Wang, N., Wang, P., and Qing, S., Preserving privacy for free: efficient and provably secure two-factor authentication scheme with user anonymity. Inf. Sci. 321:162–178, 2015.
Jiang, Q., Kumar, N., Ma, J., Shen, J., He, D., Chilamkurti, N., A privacy‐aware two‐factor authentication protocol based on elliptic curve cryptography for wireless sensor networks. Int. J. Netw. Manag. 2016.
Wang, D., He, D., Wang, P., and Chu, C. H., Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans. Dependable Secure Comput. 12(4):428–442, 2015.
Wu, F., Xu, L., Kumari, S., Li, X., An improved and anonymous two-factor authentication protocol for health-care applications with wireless medical sensor networks. Multimedia Systems 1–11, 2015.
Das, A. K., Sutrala, A. K., Kumari, S., Odelu, V., Wazid, M., Li, X., An efficient multi‐gateway‐based three‐factor user authentication and key agreement scheme in hierarchical wireless sensor networks. Secur. Commun. Netw. 2016.
He, D., and Wang, D., Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst. J. 9(3):816–823, 2015.
Jiang, Q., Khan, M. K., Lu, X., Ma, J., He, D., A privacy preserving three-factor authentication protocol for e-Health clouds. J. Supercomput. 1–24, 2016.
Islam, S. K. H., and Obaidat, M. S., Design of provably secure and efficient certificateless blind signature scheme using bilinear pairing. Sec. Commun. Netw. 8:4319–4332, 2015.
Cheng, L., and Wen, Q., Cryptanalysis and improvement of a certificateless partially blind signature. IET Inf. Secur. 9(6):380–386, 2015.
Dong, G., Gao, F., Shi, W., and Gong, P., An efficient certificateless blind signature scheme without bilinear pairing. An. Acad. Bras. Cienc. 86(2):1003–1011, 2014.
He, D., Chen, Y., and Chen, J., An efficient certificateless proxy signature scheme without pairing. Math. Comput. Model. 57(9):2510–2518, 2013.
Jaidi, F., Labbene-Ayachi, F., An approach to formally validate and verify the compliance of low level access control policies. IEEE 17th Int. Conf. Comput. Sci. Eng. 1550–1557, 2014.
Jaidi, F., and Labbene-Ayachi, F., To summarize the problem of Non-conformity in concrete RBAC-based policies: synthesis, system proposal and future directives. NNGT Int. J. Inf. Sec. 2:1–12, 2015.
Jaidi, F., Labbene-Ayachi, F., A reverse engineering and model transformation approach for RBAC-administered databases. 13th Int. Conf. High Perform. Comput. Simul. 2015.
Jaidi, F., and Labbene-Ayachi, F., A formal approach based on verification and validation techniques for enhancing the integrity of concrete role based access control policies. Int. Joint Conf. Adv. Intell. Syst. Comput. 369:53–64, 2015.
Author information
Authors and Affiliations
Corresponding author
Additional information
This article is part of the Topical Collection on Systems-Level Quality Improvement
Rights and permissions
About this article
Cite this article
Jaïdi, F., Labbene-Ayachi, F. & Bouhoula, A. Advanced Techniques for Deploying Reliable and Efficient Access Control: Application to E-healthcare. J Med Syst 40, 262 (2016). https://doi.org/10.1007/s10916-016-0630-2
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10916-016-0630-2