An evaluation of break-the-glass access control model for medical data in wireless sensor networks

Maw, Htoo Aung; Xiao, Hannan; Christianson, Bruce; Malcolm, James A.

doi:10.1109/healthcom.2014.7001829

Cited by 13 publications

(9 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The access control policies are proper techniques used for privacy-preserving. Most of time, hybrid access control policies are adopted to propose a privacy-preserving access control mechanisms [28]- [33]. It is common to use the combination of the access control and the pseudonymization in one privacy-preserving scheme, which stores the users' data in an anonymized manner, and shared the anonymized data according to the access control policies.…”

Section: B Access Control Based Schemes For Ehealthcare Systemmentioning

confidence: 99%

Achieve Privacy-Preserving Priority Classification on Patient Health Data in Remote eHealthcare System

Wang

Guan

2019

IEEE Access

View full text Add to dashboard Cite

The wireless body area network (WBAN) has attracted considerable attention and becomes a promising approach to provide a 24-h on-the-go healthcare service for users. However, it still faces many challenges on the privacy of users' sensitive personal information and the confidentiality of healthcare center's disease models. For this reason, many privacy-preserving schemes have been proposed in recent years. However, the efficiency and accuracy of those privacy-preserving schemes become a big issue to be solved. In this paper, we propose an efficient and privacy-preserving priority classification scheme, named PPC, for classifying patients' encrypted data at the WBAN-gateway in a remote eHealthcare system. Specifically, to reduce the system latency, we design a non-interactive privacy-preserving priority classification algorithm, which allows the WBAN-gateway to conduct the privacy-preserving priority classification for the received users' medical packets by itself and to relay these packets according to their priorities (criticalities). A detailed security analysis shows that the PPC scheme can achieve the priority classification and packets relay without disclosing the privacy of the users' personal information and the confidentiality of the healthcare center's disease models. In addition, the extensive experiments with an android app and two java server programs demonstrate its efficiency in terms of computational costs and communication overheads.

show abstract

Section: B Access Control Based Schemes For Ehealthcare Systemmentioning

confidence: 99%

Achieve Privacy-Preserving Priority Classification on Patient Health Data in Remote eHealthcare System

Wang

Guan

2019

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Also, focused on emergency access to protected EHR information over wireless sensor networks (WSN) that implement RBAC, Maw et al [ 18 ] proposed a “breaking the glass” feature allowing access to a previously blocked object under certain user circumstances and obligations.…”

Section: Literature Review Classificationmentioning

confidence: 99%

“…Although some articles focused only at describing the need of an additional security layer or different access control model combination [ 26 , 29 , 31 ], we can summarize RBAC current adaptation needs as follows: Conditional or emergency access and authorization are delegated. Context- and situation access-based solutions are advocated to be adapted over original RBAC features [ 14 , 16 – 18 , 32 ] requiring additional user's obligation. Access segmentation and interdomain/federation scenarios are needed.…”

Section: Rbac Current Security Trends and Limitations Mapped On Himentioning

confidence: 99%

See 1 more Smart Citation

Health Information System Role-Based Access Control Current Security Trends and Challenges

Carvalho

Bandiera-Paiva

2018

Journal of Healthcare Engineering

View full text Add to dashboard Cite

Objective This article objective is to highlight implementation characteristics, concerns, or limitations over role-based access control (RBAC) use on health information system (HIS) using industry-focused literature review of current publishing for that purpose. Based on the findings, assessment for indication of RBAC is obsolete considering HIS authorization control needs. Method We have selected articles related to our investigation theme “RBAC trends and limitations” in 4 different sources related to health informatics or to the engineering technical field. To do so, we have applied the following search query string: “Role-Based Access Control” OR “RBAC” AND “Health information System” OR “EHR” AND “Trends” OR “Challenges” OR “Security” OR “Authorization” OR “Attacks” OR “Permission Assignment” OR “Permission Relation” OR “Permission Mapping” OR “Constraint”. We followed PRISMA applicable flow and general methodology used on software engineering for systematic review. Results 20 articles were selected after applying inclusion and exclusion criteria resulting contributions from 10 different countries. 17 articles advocate RBAC adaptations. The main security trends and limitations mapped were related to emergency access, grant delegation, and interdomain access control. Conclusion Several publishing proposed RBAC adaptations and enhancements in order to cope current HIS use characteristics. Most of the existent RBAC studies are not related to health informatics industry though. There is no clear indication of RBAC obsolescence for HIS use.

show abstract

“…Allowing roles to take advantage of a broken glass without obligations seems to invite for abuses, which we intend to avoid, but even if we assume an implementation that mimics less faithfully what happens to a real glass (see § 4) Ferreira et al's proposal of the break-the-glass diverges from auto-delegation. There are still other works that define ways to extend BTG-RBAC, but their applicability is limited to specific domains such as Wireless Sensor Networks (Maw et al, 2014) and Cloud Computing (Rajesh and Nayak, 2012). There is no understanding about how break-the-glass and delegation relate in general and in the medical domain in particular.…”

Section: Related Workmentioning

confidence: 99%

Comparing and Integrating Break-the-Glass and Delegation in Role-based Access Control for Healthcare

Ferreira

Lenzini

2016

Proceedings of the 2nd International Conference on Information Systems Security and Privacy

View full text Add to dashboard Cite

In healthcare security, Role-based Access Control (RBAC) should be flexible and include capabilities such as Break-the-Glass and Delegation. The former is useful in emergencies to overcome otherwise a denial of access, the latter to transfer rights temporarily, for example, to substitute doctors. Current research studies these policies separately, but it is unclear whether they are different and independent capabilities. Motivated to look into this matter, we present a formal characterization of Break-the-Glass and Delegation in the RBAC model and we inquire on how these two policies relate. After giving arguments in favour of keeping them apart as different policies, we propose an RBAC model that includes them.

show abstract

An evaluation of break-the-glass access control model for medical data in wireless sensor networks

Cited by 13 publications

References 12 publications

Achieve Privacy-Preserving Priority Classification on Patient Health Data in Remote eHealthcare System

Achieve Privacy-Preserving Priority Classification on Patient Health Data in Remote eHealthcare System

Health Information System Role-Based Access Control Current Security Trends and Challenges

Comparing and Integrating Break-the-Glass and Delegation in Role-based Access Control for Healthcare

Contact Info

Product

Resources

About