Abstract
The patient and healthcare professionals use the Electronic Healthcare System (EHS) for accessing medical records from the remote locations via the Internet. The emerging healthcare system has several advantages such as better management of the healthcare data, streamlined collaboration, improvement of medical care, insurance purpose, medical data backup, etc. Regardless of its advantages, the sensitivity and openness nature of the healthcare system arises different type of attacks and threats such as insider attack, service hijacking, abuse use of healthcare data, and impersonation attack. In the EHS, without knowing the prior information of the requester, data sharing is another considerable issue. Hence, a dynamic Access Control Model (ACM) is needed to overcome the above-discussed issues. In the EHS, the addition of trust into the access control solutions can provide dynamic access to the resources. To achieve such a model, in this paper, we have added user trust into the Identity Based Access Control (IBAC) model. For the computation of user trust, we have used beta reputation approach. An access control rule set has been proposed based on the trust degree and identity of the user to provide access in a controlled manner. This hybrid ACM and rule set not only protect the data from unauthorized access but also dynamically control the access view of the healthcare data. The experimental result of the proposed model shows that it is more accurate and reliable as compared to other trust models.
Similar content being viewed by others
References
Ardagna CA, De Capitani Di Vimercati S, Foresti S, Grandison TW, Jajodia S, Samarati P (2010) Access control for smarter healthcare using policy spaces. Comput Secur 29(8):848–858
Ashtiani M, Azgomi MA (2016) Trust modeling based on a combination of fuzzy analytic hierarchy process and fuzzy vikor. Soft Comput 20(1):399–421
Bai Y, Dai L, Chung S, Devaraj DD (2014) Access control for cloud-based ehealth social networking: design and evaluation. Secur Commun Netw 7(3):574–587
Balamurugan B, Venkata Krishna P (2015) Enhanced role-based access control for cloud security. In: Padma Suresh L, Dash SS, Panigrahi BK (eds) Artificial intelligence and evolutionary algorithms in engineering systems. Springer, New Delhi, pp 837–852
Banyal RK, Jain VK, Jain P (2014) Dynamic trust based access control framework for securing multi-cloud environment. In: Proceedings of the 2014 international conference on information and communication technology for competitive strategies, ICTCS 14. ACM, New York, pp 29:1–29:8
Behera PK, Khilar PM (2017) A novel trust based access control model for cloud environment. In: Proceedings of the international conference on signal, networks, computing, and systems. Springer, pp 285–295
Benantar M (2006) Access control systems: security, identity management and trust models, 1st edn. Springer, Berlin
Bhattasali T, Chaki R, Chaki N, Saeed K (2018) An adaptation of context and trust aware workflow oriented access control for remote healthcare. Int J Softw Eng Knowl Eng 28(06):781–810
Chakraborty S, Ray I (2006) Trustbac: integrating trust relationships into the rbac model for access control in open systems. In: Proceedings of the eleventh ACM symposium on Access control models and technologies. ACM, pp 49–58
Deshpande S, Ingle R (2018) Evidence based trust estimation model for cloud computing services. Int J Netw Secur 20(2):291–303
Duan J, Gao D, Foh CH, Zhang H (2013) Tc-bac: a trust and centrality degree based access control model in wireless sensor networks. Ad Hoc Netw 11(8):2675–2692
Fang W, Zhang C, Shi Z, Zhao Q, Shan L (2016) Btres: beta-based trust and reputation evaluation system for wireless sensor networks. J Netw Comput Appl 59:88–94
Hosseinpour F, Siddiqui AS, Plosila J, Tenhunen H (2018) A security framework for fog networks based on role-based access control and trust models. In: Tjoa AM, Zheng L-R, Zou Z, Raffai M, Xu LD, Novak NM (eds) Research and practical issues of enterprise information systems. Springer International Publishing, Cham, pp 168–180
Jiangcheng Q (2016) User behavior trust based cloud computing access control model
Jøsang A, Ismail R (2002) The beta reputation system. In: Proceedings of the 15th bled electronic commerce conference, vol 5, pp 2502–2511
Li X, Zhou F, Yang X (2011) A multi-dimensional trust evaluation model for large-scale p2p computing. J Parallel Distrib Comput 71(6):837–847
Lin G, Wang D, Bie Y, Lei M (2014) Mtbac: a mutual trust based access control model in cloud computing. China Commun 11(4):154–162
Lin G, Bie Y, Lei M, Zheng K (2014) Aco-btm: a behavior trust model in cloud computing environment. Int J Comput Intell Syst 7(4):785–795
Luke Teacy WT, Patel J, Jennings NR, Travos ML (2006) Trust and reputation in the context of inaccurate information sources. Auton Agent Multi-Agent Syst 12(2):183–198
Manuel P (2015) A trust model of cloud computing based on quality of service. Ann Oper Res 233(1):281–292
Narayanan HAJ, Güneṡ MH (2011) Ensuring access control in cloud provisioned healthcare systems. In: 2011 IEEE Consumer communications and networking conference (CCNC). IEEE, pp 247–251
Røstad L (2009) Access control in healthcare information systems. NTNU Trykk
Samarati P, de Vimercati SC (2000) Access control: policies, models, and mechanisms. In: International school on foundations of security analysis and design. Springer, pp 137–196
Satsiou A, Tassiulas L (2010) Reputation-based resource allocation in p2p systems of rational users. IEEE Trans Parallel Distrib Syst 21(4):466–479
Senese SV (2015) A study of access control for electronic health records
Servos D, Osborn SL (2017) Current research and open problems in attribute-based access control. ACM Comput Surv 49(4):65,1–65,45
Wang W, Han J, Song M, Wang X (2011) The design of a trust and role based access control model in cloud computing. In: 2011 6th International conference on pervasive computing and applications, pp 330–334
Willmott CJ, Matsuura K (2005) Advantages of the mean absolute error (mae) over the root mean square error (rmse) in assessing average model performance. Clim Res 30(1):79–82
Xia H, Jia Z, Ju L, Zhu Y (2011) Trust management model for mobile ad hoc network based on analytic hierarchy process and fuzzy theory. IET Wireless Sensor Syst 1(4):248–266
Yachana NK, Sood SK (2018) A trustworthy system for secure access to patient centric sensitive information. Telematics Inform 35(4):790–800
Yi L, Zhang Y, Ling J, Liu Z (2018) Secure and fine-grained access control on e-healthcare records in mobile cloud computing. Futur Gener Comput Syst 78:1020–1026
Younis YA, Kifayat K, Merabti M (2014) An access control model for cloud computing. J Inf Secur Appl 19(1):45–60
Yüksel B, Küpçü A, Özkasap Ö (2017) Research issues for privacy and security of electronic health services. Futur Gener Comput Syst 68:1–13
Zhang R, Liu L, Xue R (2014) Role-based and time-bound access and management of ehr data. Secur Commun Netw 7(6):994–1015
Acknowledgements
This publication is an outcome of the R&D work undertaken project under the Visvesvaraya PhD Scheme of Ministry of Electronics & Information Technology, Government of India, being implemented by Digital India Corporation.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Singh, A., Chatterjee, K. ITrust: identity and trust based access control model for healthcare system security. Multimed Tools Appl 78, 28309–28330 (2019). https://doi.org/10.1007/s11042-019-07923-4
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-019-07923-4