A dynamic access control policy model for sharing of healthcare data in multiple domains

Ahmad Salehi Shahraki, Carsten Rudolph, Marthie Grobler

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

14 Citations (Scopus)

Abstract

Authorization models have been developed to prevent unauthorized access to valuable resources such as electronic healthcare records (EHRs). In an applied environment, such as the healthcare domain, there are several types of authorities that generate EHRs and other security parameters via central authority for their users and the attribute authorities. The use of a central authority introduces several challenges in terms of security and privacy due to the increased risk if the central authority is compromised or corrupted. Observing that this research area has not been well addressed to date, we propose and present the first decentralized multi-authority attribute-based access control (DMA-ABAC) model based on the policy model, which enables authorities to independently control their security settings. We present an access control framework for a dynamic cross-domain authorization model that combines Attribute-Based Access Control (ABAC) and Attribute-Based Group Signature (ABGS). This combination aims at providing flexible access control with resistance against reply and third party storage attacks and attribute collusion, and enhanced access control, privacy and selective attributes.

Original languageEnglish
Title of host publicationProceedings - 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering
EditorsLiqun Chen, Ryan Ko, Liming Zhu
Place of PublicationPiscataway NJ USA
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages618-625
Number of pages8
ISBN (Electronic)9781728127767
ISBN (Print)9781728127781
DOIs
Publication statusPublished - 2019
EventIEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2019 - Rotorua, New Zealand
Duration: 5 Aug 20198 Aug 2019
Conference number: 18th
https://crow.org.nz/TrustCom2019 (Conference website)
https://ieeexplore.ieee.org/xpl/conhome/8883860/proceeding (Proceedings)

Conference

ConferenceIEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2019
Abbreviated titleTrustCom 2019
Country/TerritoryNew Zealand
CityRotorua
Period5/08/198/08/19
Internet address

Keywords

  • Anonymity
  • Attribute-based access control
  • Cross domain
  • Distributed
  • Healthcare
  • Privacy
  • Security

Cite this