Hybrid Cryptographic Access Control for Cloud-Based EHR Systems

Premarathne, Uthpala Subodhani; Abuadbba, Alsharif; Alabdulatif, Abdulatif; Khalil, Ibrahim; Tari, Zahir; Zomaya, Albert Y.; Buyya, Rajkumar

doi:10.1109/mcc.2016.76

Cited by 61 publications

(34 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Hybrid techniques represent combination of different complex cryptographic, access control, and data partitioning techniques. 2,9,24,34,35,[45][46][47][48][49][50][51][52][53][54][55][56][57][58][59] Privacy-aware anonymity-based techniques. Privacy-preserving techniques have different sanitization mechanisms to transform data into anonymized form.…”

Section: Ehr Privacy-preserving Techniques and Cloud Deployment Modelsmentioning

confidence: 99%

Privacy-aware relationship semantics–based XACML access control model for electronic health records in hybrid cloud

Kanwal

Jabbar

Anjum

et al. 2019

International Journal of Distributed Sensor Networks

View full text Add to dashboard Cite

State-of-the-art progress in cloud computing encouraged the healthcare organizations to outsource the management of electronic health records to cloud service providers using hybrid cloud. A hybrid cloud is an infrastructure consisting of a private cloud (managed by the organization) and a public cloud (managed by the cloud service provider). The use of hybrid cloud enables electronic health records to be exchanged between medical institutions and supports multipurpose usage of electronic health records. Along with the benefits, cloud-based electronic health records also raise the problems of security and privacy specifically in terms of electronic health records access. A comprehensive and exploratory analysis of privacy-preserving solutions revealed that most current systems do not support fine-grained access control or consider additional factors such as privacy preservation and relationship semantics. In this article, we investigated the need of a privacy-aware fine-grained access control model for the hybrid cloud. We propose a privacy-aware relationship semantics-based XACML access control model that performs hybrid relationship and attribute-based access control using extensible access control markup language. The proposed approach supports fine-grained relation-based access control with state-of-the-art privacy mechanism named Anatomy for enhanced multipurpose electronic health records usage. The proposed (privacy-aware relationship semantics-based XACML access control model) model provides and maintains an efficient privacy versus utility trade-off. We formally verify the proposed model (privacy-aware relationship semantics-based XACML access control model) and implemented to check its effectiveness in terms of privacyaware electronic health records access and multipurpose utilization. Experimental results show that in the proposed (privacyaware relationship semantics-based XACML access control model) model, access policies based on relationships and electronic health records anonymization can perform well in terms of access policy response time and space storage.

show abstract

Section: Ehr Privacy-preserving Techniques and Cloud Deployment Modelsmentioning

confidence: 99%

Privacy-aware relationship semantics–based XACML access control model for electronic health records in hybrid cloud

Kanwal

Jabbar

Anjum

et al. 2019

International Journal of Distributed Sensor Networks

View full text Add to dashboard Cite

show abstract

“…Similar to [ 14 , 17 ], they propose a context-based access decision that adds the “Role Roaming” and the “Active Auditing” to the scheme. Also using an information segmentation approach to store EHR securely in the cloud environment, Premarathne et al [ 21 ] suggest the use of steganography-cryptography to index protected information. Also exploring context-based adaptions built upon RBAC, Bhatti et al [ 28 ] proposed encoding disclosure and privacy rules by using a declarative predicate-based syntax in the policy that is XML-based language they call X-GTRBAC.…”

Section: Literature Review Classificationmentioning

confidence: 99%

“… Access segmentation and interdomain/federation scenarios are needed. Record-dependent or attribute-based encryption using single or multiple trust supplier [ 15 , 21 , 24 , 33 ] is suggested. Fine granular authorization for better security policy representation either using semantic-, time-, or spatial-based approaches is advised [ 20 , 25 , 27 ].…”

Section: Rbac Current Security Trends and Limitations Mapped On Himentioning

confidence: 99%

Health Information System Role-Based Access Control Current Security Trends and Challenges

Carvalho

Bandiera-Paiva

2018

Journal of Healthcare Engineering

View full text Add to dashboard Cite

Objective This article objective is to highlight implementation characteristics, concerns, or limitations over role-based access control (RBAC) use on health information system (HIS) using industry-focused literature review of current publishing for that purpose. Based on the findings, assessment for indication of RBAC is obsolete considering HIS authorization control needs. Method We have selected articles related to our investigation theme “RBAC trends and limitations” in 4 different sources related to health informatics or to the engineering technical field. To do so, we have applied the following search query string: “Role-Based Access Control” OR “RBAC” AND “Health information System” OR “EHR” AND “Trends” OR “Challenges” OR “Security” OR “Authorization” OR “Attacks” OR “Permission Assignment” OR “Permission Relation” OR “Permission Mapping” OR “Constraint”. We followed PRISMA applicable flow and general methodology used on software engineering for systematic review. Results 20 articles were selected after applying inclusion and exclusion criteria resulting contributions from 10 different countries. 17 articles advocate RBAC adaptations. The main security trends and limitations mapped were related to emergency access, grant delegation, and interdomain access control. Conclusion Several publishing proposed RBAC adaptations and enhancements in order to cope current HIS use characteristics. Most of the existent RBAC studies are not related to health informatics industry though. There is no clear indication of RBAC obsolescence for HIS use.

show abstract

“…The main concern of EHR system is to have simple structure of passwords and thus, attribute based or predicate based cryptographic algorithms are more suitable. Premarathne 2016 [12] addressed how to securely store and manage big EHR data, and how to ensure secure access to this data. To manage EHRs efficiently and securely, the author proposed a design based on steganography, which we use to hide confidential EHR data inside the ECG host data.…”

Section: Review Of Some Security Relatedmentioning

confidence: 99%

A Survey on Security Challenges of Healthcare Analysis Over Cloud

Jain¹,

Singh²

2017

IJERT

View full text Add to dashboard Cite

The evolution of cloud computing in healthcare has revolutionized how the computing is abstracted and utilized on remote third party infrastructure. Introducing the cloud services in the health sector not only facilitates the exchange of electronic medical records among the hospitals and clinics, but also enables the cloud to act as a medical record storage center. Moreover, shifting to the cloud environment relieves the healthcare organizations of the tedious tasks of infrastructure management and also minimizes development and maintenance costs. Because of probable disclosure of medical records stored and exchanged in the cloud, the patients' privacy concerns should essentially be considered when designing the security and privacy mechanisms. Security strength defines the success of any network service. This survey paper aims to discuss, analyze security challenges and available solutions in cloud computing. Various approaches have been used to preserve the security of the health information in the cloud environment.

show abstract

Hybrid Cryptographic Access Control for Cloud-Based EHR Systems

Cited by 61 publications

References 13 publications

Privacy-aware relationship semantics–based XACML access control model for electronic health records in hybrid cloud

Privacy-aware relationship semantics–based XACML access control model for electronic health records in hybrid cloud

Health Information System Role-Based Access Control Current Security Trends and Challenges

A Survey on Security Challenges of Healthcare Analysis Over Cloud

Contact Info

Product

Resources

About