Scalable and secure access control policy for healthcare system using blockchain and enhanced Bell–LaPadula model

Access control is a policy in data security that controls access to resources. The current access control mechanisms are facing many problems, due to the interference of the third-party, privacy, and security of data. These problems can be addressed by blockchain, the technology that gained major attention in recent years and has many capabilities. However, in the blockchain network, every peer maintains the same state of the ledger to view the complete history of transactions that leads to scalability issues in the blockchain network. To address the problem of scalability we propose an enhanced Bell–LaPadula model and categorized the peers and transactions in different clearance and security levels. The peers don’t have to maintain the complete history of transactions owing to the clearance level. To provide data security in the network we constructed a dynamic access control policies using a smart contracts. We test our model on a blockchain-based healthcare network. The Hyperledger Fabric tool is used to run a complete infrastructure of healthcare organization while the Hyperledger composer modeling tool is used to implement the smart contracts and to provide dynamic access control functionality on the blockchain network.

[1]  Charles Morisset,et al.  A Formal Comparison of the Bell & LaPadula and RBAC Models , 2008, 2008 The Fourth International Conference on Information Assurance and Security.

[2]  Yaghoub Farjami,et al.  MedSBA: a novel and secure scheme to share medical data based on blockchain technology and attribute-based encryption , 2020, Journal of Ambient Intelligence and Humanized Computing.

[3]  Hao Wang,et al.  Secure Cloud-Based EHR System Using Attribute-Based Cryptosystem and Blockchain , 2018, Journal of Medical Systems.

[4]  Anas Abou El Kalam,et al.  FairAccess: a new Blockchain-based access control framework for the Internet of Things , 2016, Secur. Commun. Networks.

[5]  Matthias Mettler,et al.  Blockchain technology in healthcare: The revolution starts here , 2016, 2016 IEEE 18th International Conference on e-Health Networking, Applications and Services (Healthcom).

[6]  Shabir A. Parah,et al.  Enhancing speed of SIMON: A light-weight-cryptographic algorithm for IoT applications , 2018, Multimedia Tools and Applications.

[7]  Alex Pentland,et al.  Decentralizing Privacy: Using Blockchain to Protect Personal Data , 2015, 2015 IEEE Security and Privacy Workshops.

[8]  V. Monisha,et al.  A Honey Bee behaviour inspired novel Attribute-based access control using enhanced Bell-Lapadula model in cloud computing , 2015, International Confernce on Innovation Information in Computing Technologies.

[9]  Ying Yang,et al.  LBACWeb: a lattice-based access control model for mobile thin client based on web OSes , 2019, ICCSP.

[10]  Liu Feng,et al.  A security BLP model used in classified protection system , 2011, 2011 6th IEEE Joint International Information Technology and Artificial Intelligence Conference.

[11]  Naoto Yanai,et al.  RBAC-SC: Role-Based Access Control Using Smart Contract , 2018, IEEE Access.

[12]  Stefan Poslad,et al.  Block-Based Access Control for Blockchain-Based Electronic Medical Records (EMRs) Query in eHealth , 2018, 2018 IEEE Global Communications Conference (GLOBECOM).

[13]  Adnan Abdul-Aziz Gutub,et al.  Counting-based secret sharing technique for multimedia applications , 2019, Multimedia Tools and Applications.

[14]  Andrew Lippman,et al.  MedRec: Using Blockchain for Medical Data Access and Permission Management , 2016, 2016 2nd International Conference on Open and Big Data (OBD).

[15]  Jiannong Cao,et al.  BlocHIE: A BLOCkchain-Based Platform for Healthcare Information Exchange , 2018, 2018 IEEE International Conference on Smart Computing (SMARTCOMP).

[16]  Tanesh Kumar,et al.  Secure and Efficient Data Accessibility in Blockchain Based Healthcare Systems , 2018, 2018 IEEE Global Communications Conference (GLOBECOM).

[17]  Ralph Deters,et al.  Blockchain based access control systems: State of the art and challenges , 2019, 2019 IEEE/WIC/ACM International Conference on Web Intelligence (WI).

[18]  Rakesh Tripathi,et al.  Traceability of counterfeit medicine supply chain through Blockchain , 2019, 2019 11th International Conference on Communication Systems & Networks (COMSNETS).

[19]  Zhuo Tang,et al.  Using Conditional Random Fields to Optimize a Self-Adaptive Bell–LaPadula Model in Control Systems , 2021, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[20]  Li Zhou,et al.  A BLP-Based Model for Hierarchical Orgnizations , 2009, 2009 Second International Workshop on Computer Science and Engineering.

[21]  Davide Calvaresi,et al.  Dynamic consent management for clinical trials via private blockchain technology , 2020, Journal of Ambient Intelligence and Humanized Computing.

[22]  Adnan Abdul-Aziz Gutub,et al.  Multi-Bits Stego-System For Hiding Text in Multimedia Images Based on User Security Priority , 2018 .

[23]  Yaling Zhang,et al.  A Blockchain-Based Framework for Data Sharing With Fine-Grained Access Control in Decentralized Storage Systems , 2018, IEEE Access.

[24]  Ralph Deters,et al.  Physical Access Control Management System Based on Permissioned Blockchain , 2018, 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[25]  Keqin Li,et al.  A Self-Adaptive Bell–LaPadula Model Based on Model Training With Historical Access Logs , 2018, IEEE Transactions on Information Forensics and Security.

[26]  Abrar Alsaidi,et al.  Compression Multi-Level Crypto Stego Security of Texts Utilizing Colored Email Forwarding , 2018, Journal of Computer Science & Computational Mathematics.

[27]  Adnan Abdul-Aziz Gutub,et al.  Enhancing PC Data Security via Combining RSA Cryptography and Video Based Steganography , 2018 .

[28]  Adnan Gutub,et al.  Protecting Medical Records against Cybercrimes within Hajj Period by 3-layer Security , 2019 .

[29]  Rathnakar Acharya,et al.  Secured Information Access based on Bell LaPadula model A Case of Novel Publishing Company , 2010 .

[30]  Sachin Shetty,et al.  Integrating blockchain for data sharing and collaboration in mobile healthcare applications , 2017, 2017 IEEE 28th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC).

[31]  Vishal Patel,et al.  A framework for secure and decentralized sharing of medical imaging data via blockchain consensus , 2019, Health Informatics J..

[32]  Andrew Stranieri,et al.  Continuous Patient Monitoring With a Patient Centric Agent: A Block Architecture , 2018, IEEE Access.

[33]  Douglas C. Schmidt,et al.  FHIRChain: Applying Blockchain to Securely and Scalably Share Clinical Data , 2018, Computational and structural biotechnology journal.

[34]  David W. Chadwick,et al.  On the Modeling of Bell-LaPadula Security Policies Using RBAC , 2008, 2008 IEEE 17th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[35]  Dali Zhu,et al.  Application of Modified BLP Model on Mobile Web Operating System , 2016, 2016 IEEE Trustcom/BigDataSE/ISPA.

[36]  Walid Gaaloul,et al.  Trustless Blockchain-based Access Control in Dynamic Collaboration , 2018, BDCSIntell.

[37]  Sandra Julieta Rueda,et al.  AndroidBLP for Confidentiality Management in Android Environments , 2017, IEEE Latin America Transactions.

[38]  Gang Liu,et al.  An improved blp model with response blind area eliminated , 2017, 2017 International Symposium on Networks, Computers and Communications (ISNCC).

[39]  Jiqiang Liu,et al.  A Mandatory Access Control Model with Enhanced Flexibility , 2009 .

[40]  Yi Zhou,et al.  An improved MLS policy model , 2016, 2016 10th IEEE International Conference on Anti-counterfeiting, Security, and Identification (ASID).

[41]  Jie Lin,et al.  Availability Analysis Method of Multilevel Security Models with Credibility Characteristics , 2009, 2009 International Conference on Networks Security, Wireless Communications and Trusted Computing.

[42]  Adnan Abdul-Aziz Gutub,et al.  Simulating Light-Weight-Cryptography Implementation for IoT Healthcare Data Security Applications , 2019, Int. J. E Health Medical Commun..

[43]  Praneeth Babu Marella,et al.  Ancile: Privacy-Preserving Framework for Access Control and Interoperability of Electronic Health Records Using Blockchain Technology , 2018 .

[44]  Adnan Gutub,et al.  Smart expansion of target key for more handlers to access multimedia counting-based secret sharing , 2020, Multimedia Tools and Applications.