Towards Scalable, Fine-Grained, Intrusion-Tolerant Data Protection Models for Healthcare Cloud

Despite cloud computing has been widely adopted by most industries, the healthcare industry still reveals a slow development in cloud-based solution due to the raising of user fear that their confidential health data or privacy would leak out in the cloud. To allay users' concern of data control, data ownership, security and privacy, we propose a robust data protection framework which is surrounded by a chain of protection schemes from access control, monitoring, to active auditing. The framework includes three key components which are Cloud-based Privacy-aware Role Based Access Control (CPRBAC) model, Triggerable Data File Structure (TDFS), and Active Auditing Scheme (AAS) respectively. Our schemes address controllability, trace ability of data and authorize access to healthcare system resource. Data violation against access control policies can be proactively triggered to perform corresponding defense mechanisms. Our goal is to bring benefits of cloud computing to healthcare industries to assist them improve quality of service and reduce the cost of overall healthcare.

[1]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[2]  Doan B. Hoang,et al.  Novel Data Protection Model in Healthcare Cloud , 2011, 2011 IEEE International Conference on High Performance Computing and Communications.

[3]  X. Wu,et al.  A prime number labeling scheme for dynamic ordered XML trees , 2004, Proceedings. 20th International Conference on Data Engineering.

[4]  Bharat K. Bhargava,et al.  Protection of Identity Information in Cloud Computing without Trusted Third Party , 2010, 2010 29th IEEE Symposium on Reliable Distributed Systems.

[5]  Bharat K. Bhargava,et al.  An Entity-Centric Approach for Privacy and Identity Management in Cloud Computing , 2010, 2010 29th IEEE Symposium on Reliable Distributed Systems.

[6]  Doan B. Hoang,et al.  Mobile Cloud for Assistive Healthcare (MoCAsH) , 2010, 2010 IEEE Asia-Pacific Services Computing Conference.

[7]  SangKeun Lee,et al.  A Binary String Approach for Updates in Dynamic Ordered XML Data , 2010, IEEE Transactions on Knowledge and Data Engineering.

[8]  Hovav Shacham,et al.  SiRiUS: Securing Remote Untrusted Storage , 2003, NDSS.

[9]  Dan Lin,et al.  Preventing Information Leakage from Indexing in the Cloud , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[10]  Markus Jakobsson,et al.  Controlling data in the cloud: outsourcing computation without outsourcing control , 2009, CCSW '09.

[11]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[12]  Athanasios V. Vasilakos,et al.  SecCloud: Bridging Secure Storage and Computation in Cloud , 2010, 2010 IEEE 30th International Conference on Distributed Computing Systems Workshops.

[13]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.

[14]  Cong Wang,et al.  Ensuring data storage security in Cloud Computing , 2009, 2009 17th International Workshop on Quality of Service.

[15]  Feiyi Wang,et al.  SITAR: a scalable intrusion-tolerant architecture for distributed services , 2003, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[16]  Dan Lin,et al.  Data protection models for service provisioning in the cloud , 2010, SACMAT '10.

[17]  Sawan Kumar,et al.  Ensuring data storage security in Cloud Computing , 2009, 2009 17th International Workshop on Quality of Service.

[18]  Divyakant Agrawal,et al.  A Comprehensive Framework for Secure Query Processing on Relational Data in the Cloud , 2011, Secure Data Management.

[19]  Cong Wang,et al.  Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.