Abstract
An important issue in the Cloud-Based Electronic Healthcare System (CBEHS) is to protect the sensitive data and resources from the untrusted user. Enforcing the protection in the CBEHS, the access control model plays an important role. Access control is a security mechanism that checks every request of the data to identify the legitimate user. The access request will be granted or denied with the help of preconfigured access control policies. Although, in the previous years, many access control methods, techniques, and models have been proposed, but due to changing user’s behavior and security requirements in the CBEHS, the models suffer from several attacks and threats like Sybil attacks, collusion attack, insider attack, service hijacking, misuse of health data, and impersonation attack, etc. Due to this type of attack, the healthcare data and resources become more vulnerable. In this paper, we have proposed an access control model which is based on the trustworthiness of the requested user. This Trust-Based Access Control Model for Healthcare System (TBACMHS) framework composed of the trust mechanism, trust model, and access control policies which enhance the accuracy and efficiency of the system. This access control framework will ensure the only trusted and authorized user can access the data and resources. The detail design and presentation of the model show that the accuracy and efficiency of the CBEHS are more as compared to other trust models.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Abdallah AE, Khayat EJ (2005) A formal model for parameterized role-based access control. In: Formal aspects in security and trust. Springer, Berlin, pp 233–246
Al-Janabi S, Al-Shourbaji I, Shojafar M, Shamshirband S (2017) Survey of main challenges (security and privacy) in wireless body area networks for healthcare applications. Egypt Inf J 18(2):113–122
Alam M, Emmanuel N, Khan T, Xiang Y, Hassan H (2018) Garbled role-based access control in the cloud. J Ambient Intell Human Comput 9(4):1153–1166
AlFarraj O, AlZubi A, Tolba A (2018) Trust-based neighbor selection using activation function for secure routing in wireless sensor networks. J Ambient Intell Humaniz Comput. https://doi.org/10.1007/s12652-018-0885-1
Amiribesheli M, Bouchachia H (2017) A tailored smart home for dementia care. J Ambient Intell Humaniz Comput 9:1755–1782. https://doi.org/10.1007/s12652-017-0645-7
Ardagna CA, Cremonini M, di Vimercati SDC, Samarati P (2008) Privacy-enhanced location-based access control. Springer, Boston
Ardagna CA, Di Vimercati SDC, Foresti S, Grandison TW, Jajodia S, Samarati P (2010) Access control for smarter healthcare using policy spaces. Comput Secur 29(8):848–858
Balamurugan B, Venkata Krishna P (2015) Enhanced role-based access control for cloud security. In: Suresh LP, Dash SS, Panigrahi BK (eds) Artificial intelligence and evolutionary algorithms in engineering systems. Springer India, New Delhi, pp 837–852
Banyal R, Jain V, Jain P (2014) Dynamic trust based access control framework for securing multi-cloud environment. In: Proceedings of the 2014 international conference on information and communication technology for competitive strategies, ACM, p 29
Barometer ET (2018) Trust in healthcare. https://www.edelman.com/post/trust-in-healthcare-2018/. Accessed 27 Aug 2018
Behera PK, Khilar PM (2017) A novel trust based access control model for cloud environment. In: Proceedings of the international conference on signal, networks, computing, and systems. Springer, Berlin, pp 285–295
Beuchelt G (2013) Chapter 8—Securing web applications, services, and servers. In: Vacca JR (ed) Computer and information security handbook (second edition), 2nd edn. Morgan Kaufmann, Boston, pp 143–163
Bhattasali T, Chaki R, Chaki N, Saeed K (2018) An adaptation of context and trust aware workflow oriented access control for remote healthcare. Int J Softw Eng Knowl Eng 28(06):781–810
Birkhäuer J, Gaab J, Kossowsky J, Hasler S, Krummenacher P, Werner C, Gerger H (2017) Trust in the health care professional and health outcome: a meta-analysis. PLoS ONE 12(2):e0170988
Bushehrian O, Nejad SE (2017) Health-care pervasive environments: a CLA based trust management. In: Galinina O, Andreev S, Balandin S, Koucheryavy Y (eds) Internet of things, smart spaces, and next generation networks and systems. Springer, Cham, pp 247–257
Buzzanca M, Carchiolo V, Longheu A, Malgeri M, Mangioni G (2017) Direct trust assignment using social reputation and aging. J Ambient Intell Humaniz Comput 8(2):167–175
Caballero-Gil C, Caballero-Gil P, Molina-Gil J, Martn-Fernndez F, Loia V (2017) Trust-based cooperative social system applied to a carpooling platform for smartphones. Sensors 17(2):245
Capitani di Vimercati S, Foresti S, Jajodia S, Samarati P (2007a) Access control policies and languages in open environments. Secure data management in decentralized systems. Springer, Berlin, pp 21–58
Capitani di Vimercati S, Foresti S, Samarati P (2007b) Authorization and access control. Security, privacy, and trust in modern data management. Springer, Berlin, pp 39–53
Chen J, Tian Z, Cui X, Yin L, Wang X (2018) Trust architecture and reputation evaluation for internet of things. J Ambient Intell Humaniz Comput. https://doi.org/10.1007/s12652-018-0887-z
Cho C, Baek M, Won Y (2018) Guaranteeing the integrity and reliability of distributed personal information access records. J Ambient Intell Human Comput. https://doi.org/10.1007/s12652-018-0871-7
Coppolino L, DAntonio S, Mazzeo G, Romano L (2017) Cloud security: emerging threats and current solutions. Comput Electr Eng 59:126–140
Darwish A, Hassanien AE, Elhoseny M, Sangaiah AK, Muhammad K (2017) The impact of the hybrid platform of internet of things and cloud computing on healthcare systems: opportunities, challenges, and open problems. J Ambient Intell Human Comput. https://doi.org/10.1007/s12652-017-0659-1
De Capitani Di Vimercati S, Foresti S, Samarati P, Jajodia S (2007) Access control policies and languages. Int J Comput Sci Eng 3(2):94–102
Deshpande S, Ingle R (2018) Evidence based trust estimation model for cloud computing services. Int J Netw Secur 20(2):291–303
Hosseinpour F, Siddiqui AS, Plosila J, Tenhunen H (2018) A security framework for fog networks based on role-based access control and trust models. In: Tjoa AM, Zheng L-R, Zou Z, Raffai M, Xu LD, Novak NM (eds) Research and practical issues of enterprise information systems. Springer, Cham, pp 168–180
Jiang L, Cheng Y, Yang L, Li J, Yan H, Wang X (2018) A trust-based collaborative filtering algorithm for e-commerce recommendation system. J Ambient Intell Human Comput. https://doi.org/10.1007/s12652-018-0928-7
Jiangcheng Q (2016) User behavior trust based cloud computing access control model. Department of Computer Science and Engineering, Blekinge Institute of Technology
Kim S, Kim H (2016) A new metric of absolute percentage error for intermittent demand forecasts. Int J Forecast 32(3):669–679
Kiraz MS (2016) A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing. J Ambient Intell Human Comput 7(5):731–760
Kuhn DR, Coyne EJ, Weil TR (2010) Adding attributes to role-based access control. Computer 43(6):79–81
Li X, Ma H, Zhou F, Gui X (2015) Service operator-aware trust scheme for resource matchmaking across multiple clouds. IEEE Trans Parallel Distrib Syst 26(5):1419–1429
Li X, Zhou F, Yang X (2011) A multi-dimensional trust evaluation model for large-scale p2p computing. J Parallel Distrib Comput 71(6):837–847
Lin G, Wang D, Bie Y, Lei M (2014) Mtbac: a mutual trust based access control model in cloud computing. China Commun 11(4):154–162
Liu X, Liu Q, Peng T, Wu J (2017) Dynamic access policy in cloud-based personal health record (phr) systems. Inf Sci 379:62–81
Malasinghe LP, Ramzan N, Dahal K (2017) Remote patient monitoring: a comprehensive study. J Ambient Intell Human Comput. https://doi.org/10.1007/s12652-017-0598-x
Manuel P (2015) A trust model of cloud computing based on quality of service. Ann Oper Res 233(1):281–292
Maw HA (2016) A trust-based adaptive access control model for wireless sensor networks. Ph.D. Dissertation, University of Hertfordshire
Narayanan HAJ, Güneş MH (2011) Ensuring access control in cloud provisioned healthcare systems. In: Consumer Communications and Networking Conference (CCNC), 2011 IEEE, pp 247–251
O’Hagan M (1988) Aggregating template or rule antecedents in real-time expert systems with fuzzy set logic. In: Twenty-Second Asilomar Conference on Signals, Systems and Computers, vol 2, pp 681–689
Ouaddah A, Mousannif H, Elkalam AA, Ouahman AA (2017) Access control in the internet of things: Big challenges and new opportunities. Comput Netw 112:237–262
Pussewalage HSG, Oleshchuk VA (2016) Privacy preserving mechanisms for enforcing security and privacy requirements in e-health solutions. Int J Inf Manage 36(6, Part B):1161–1173
Samarati P, Di Vimercati SDC (2001) Access control: policies, models, and mechanisms. Lect Notes Comput Sci 2171:137–196
Satsiou A, Tassiulas L (2010) Reputation-based resource allocation in p2p systems of rational users. IEEE Trans Parallel Distrib Syst 21(4):466–479
Senese SV (2015) A study of access control for electronic health records. All Student Theses. 55. http://opus.govst.edu/theses/55
Servos D, Osborn SL (2017) Current research and open problems in attribute-based access control. ACM Comput Surv (CSUR) 49(4):65
Sicuranza M, Esposito A, Ciampi M (2015) An access control model to minimize the data exchange in the information retrieval. J Ambient Intell Human Comput 6(6):741–752
Singh A, Chatterjee K (2017) A multi-dimensional trust and reputation calculation model for cloud computing environments. In: 2017 ISEA Asia Security and Privacy (ISEASP), pp 1–8
Tofallis C (2015) A better measure of relative prediction accuracy for model selection and model estimation. J Oper Res Soc 66(8):1352–1362
Wang W, Han J, Song M, Wang X (2011a) The design of a trust and role based access control model in cloud computing. In: 6th International conference on pervasive computing and applications (ICPCA), 2011, IEEE, pp 330–334
Wang W, Han J, Song M, Wang X (2011b) The design of a trust and role based access control model in cloud computing. In: 2011 6th International conference on pervasive computing and applications, pp 330–334
Willmott CJ, Matsuura K (2005) Advantages of the mean absolute error (MAE) over the root mean square error (RMSE) in assessing average model performance. Clim Res 30(1):79–82
Yachana, Kaur N, Sood SK (2018) A trustworthy system for secure access to patient centric sensitive information. Telematics Inform 35(4):790–800
Yager RR (1988) On ordered weighted averaging aggregation operators in multicriteria decisionmaking. IEEE Trans Syst Man Cybern 18(1):183–190
Yan Z, Li X, Wang M, Vasilakos AV (2017) Flexible data access control based on trust and reputation in cloud computing. IEEE Trans Cloud Comput 5(3):485–498
Yao C, Xu L, Huang X, Liu JK (2014) A secure remote data integrity checking cloud storage system from threshold encryption. J Ambient Intell Human Comput 5(6):857–865
Yarmand MH, Sartipi K, Down DG (2013) Behavior-based access control for distributed healthcare systems. J Comput Secur 21(1):1–39
Zeadally S, Isaac JT, Baig Z (2016) Security attacks and solutions in electronic health (e-health) systems. J Med Syst 40(12):263
Zhang R, Liu L (2010) Security models and requirements for healthcare application clouds. In: 2010 IEEE 3rd International conference on cloud computing, pp 268–275
Zhang R, Liu L, Xue R (2014) Role-based and time-bound access and management of ehr data. Secur Commun Netw 7(6):994–1015. https://doi.org/10.1002/sec.817
Zhao B, Xiao C, Zhang Y, Zhai P, Wang Z (2018) Assessment of recommendation trust for access control in open networks. Clust Comput:1–7
Acknowledgements
This publication is an outcome of the R&D work undertaken project under the Visvesvaraya PhD Scheme of Ministry of Electronics & Information Technology, Government of India, being implemented by Digital India Corporation.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Singh, A., Chatterjee, K. Trust based access control model for securing electronic healthcare system. J Ambient Intell Human Comput 10, 4547–4565 (2019). https://doi.org/10.1007/s12652-018-1138-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-018-1138-z