Attribute Based Access Control for Healthcare Resources

Mukherjee, Subhojeet; Ray, Indrakshi; Ray, Indrajit; Shirazi, Hossein; Ong, Toan C.; Kahn, Michael G.

doi:10.1145/3041048.3041055

Cited by 24 publications

(7 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, the developers of the application atHealth [31] succeeded in implementing a role-based methodology for their mobile application in 2017, recognising the lack of security in FHIR. However, there also were implementations of the ABAC model for access control to health records [21] in the same year.…”

Section: Related Workmentioning

confidence: 99%

Access Control of EHR Records in a Heterogeneous Cloud Infrastructure

Szabó

Bilicki

2021

Acta Cybern

View full text Add to dashboard Cite

Since the advent of smartphones, IoT and cloud computing, we have seen an industry-wide requirement to integrate different healthcare applications with each other and with the cloud, connecting multiple institutions or even countries. But despite these trends, the domain of access control and security of sensitive healthcare data still raises a serious challenge for multiple developers and lacks the necessary definitions to create a general security framework addressing these issues. Taking into account newer, more special cases, such as the popular heterogeneous infrastructures with a combination of public and private clouds, fog computing, Internet of Things, the area becomes more and more complicated. In this paper we will introduce a categorization of these required policies, describe an infrastructure as a possible solution to these security challenges, and finally evaluate it with a set of policies based on real-world requirements.

show abstract

Section: Related Workmentioning

confidence: 99%

Access Control of EHR Records in a Heterogeneous Cloud Infrastructure

Szabó

Bilicki

2021

Acta Cybern

View full text Add to dashboard Cite

show abstract

“…The most recent effort in that direction is the Fast Health Interoperability Resources (FHIR) [22], which specifies requirements for fast and efficient storage/retrieval of EHR. The authors in [23] exploit ABAC to create ownercentric methodology for granting access to EHR. They focussed on FHIR and suggested ways to allow incremental and batch release of EHR stored using FHIR to any requesting party, based on access policies defined by the resource-owners.…”

Section: B Application Of Abac In Electronic Health Record (Ehr)mentioning

confidence: 99%

“…The authors in [18] use XAMCL to show how a patient's privacy preferences could be expressed and enforced in PHR. XAMCL is deploy in [23] as the privacy preserving technique for EHR. The authors utilize XAMCL for providing fine-grained authorization and access to FHIR resources.…”

Section: A Comparison Of the Different Approachesmentioning

confidence: 99%

Understanding Attribute-based Access Control for Modelling and Analysing Healthcare Professionals’ Security Practices

Nweke¹,

Yeng²,

Wolthusen³

et al. 2020

IJACSA

View full text Add to dashboard Cite

In recent years, there has been an increase in the application of attribute-based access control (ABAC) in electronic health (e-health) systems. E-health systems are used to store a patient's electronic version of medical records. These records are usually classified according to their usage i.e., electronic health record (EHR) and personal health record (PHR). EHRs are electronic medical records held by the healthcare providers, while PHRs are electronic medical records held by the patients themselves. Both EHRs and PHRs are critical assets that require access control mechanism to regulate the manner in which they are accessed. ABAC has demonstrated to be an efficient and effective approach for providing fine grained access control to these critical assets. In this paper, we conduct a survey of the existing literature on the application of ABAC in e-health systems to understand the suitability of ABAC for e-health systems and the possibility of using ABAC access logs for observing, modelling and analysing security practices of healthcare professionals. We categorize the existing works according to the application of ABAC in PHR and EHR. We then present a discussion on the lessons learned and outline future challenges. This can serve as a basis for selecting and further advancing the use of ABAC in e-health systems.

show abstract

“…Mukherjee et al [24] and Ray et al [32] present an ABAC-based approach to medical healthcare data, but this addresses central data stores, not IoT-enabled sensors which may be the source of such data. Zhang and Liu [48] present an ABAC model to provide a finegrained access control for IoT systems.…”

Section: Capability Authorisationmentioning

confidence: 99%

Fine-Grained Access Control for Smart Healthcare Systems in the Internet of Things

Pal¹,

Hitchens²,

Varadharajan³

et al. 2018

EAI Endorsed Transactions on Industrial Networks and Intelligen

View full text Add to dashboard Cite

There has been tremendous growth in the application of the Internet of Things (IoT) in our daily lives. Yet with this growth has come numerous security concerns and privacy challenges for both the users and the systems. Smart devices have many uses in a healthcare system, e.g. collecting and reporting patient data and controlling the administration of treatment. In this paper, we address the specific security issue of access control for smart healthcare systems and the protection of smart things from unauthorised access in such large scale systems. Commonly used access control approaches e.g. Role-Based Access Control (RBAC), AttributeBased Access Control (ABAC) and Capability-Based Access Control (CapBAC) do not, in isolation, provide a complete solution for securing access to IoT-enabled smart healthcare devices. They may, for example, require an overly-centralised solution or an unmanageably large policy base. We propose a novel access control architecture which improves policy management by reducing the required number of authentication policies in a large-scale healthcare system while providing fine-grained access control. The devised access control model employs attributes, roles and capabilities. We apply attributes for role membership assignment and in permission evaluation. Membership of roles grants capabilities. The capabilities which are issued may be parameterised based on attributes of the user and are then used to access specific services provided by things. We also provide a formal specification of the model and a description of its implementation and demonstrate its application through different use-case scenarios. The evaluation results of core functionality of our architecture are provided with the practical testbed experiments.

show abstract

Attribute Based Access Control for Healthcare Resources

Cited by 24 publications

References 14 publications

Access Control of EHR Records in a Heterogeneous Cloud Infrastructure

Access Control of EHR Records in a Heterogeneous Cloud Infrastructure

Understanding Attribute-based Access Control for Modelling and Analysing Healthcare Professionals’ Security Practices

Fine-Grained Access Control for Smart Healthcare Systems in the Internet of Things

Contact Info

Product

Resources

About