Privacy-aware relationship semantics–based XACML access control model for electronic health records in hybrid cloud

State-of-the-art progress in cloud computing encouraged the healthcare organizations to outsource the management of electronic health records to cloud service providers using hybrid cloud. A hybrid cloud is an infrastructure consisting of a private cloud (managed by the organization) and a public cloud (managed by the cloud service provider). The use of hybrid cloud enables electronic health records to be exchanged between medical institutions and supports multipurpose usage of electronic health records. Along with the benefits, cloud-based electronic health records also raise the problems of security and privacy specifically in terms of electronic health records access. A comprehensive and exploratory analysis of privacy-preserving solutions revealed that most current systems do not support fine-grained access control or consider additional factors such as privacy preservation and relationship semantics. In this article, we investigated the need of a privacy-aware fine-grained access control model for the hybrid cloud. We propose a privacy-aware relationship semantics–based XACML access control model that performs hybrid relationship and attribute-based access control using extensible access control markup language. The proposed approach supports fine-grained relation-based access control with state-of-the-art privacy mechanism named Anatomy for enhanced multipurpose electronic health records usage. The proposed (privacy-aware relationship semantics–based XACML access control model) model provides and maintains an efficient privacy versus utility trade-off. We formally verify the proposed model (privacy-aware relationship semantics–based XACML access control model) and implemented to check its effectiveness in terms of privacy-aware electronic health records access and multipurpose utilization. Experimental results show that in the proposed (privacy-aware relationship semantics–based XACML access control model) model, access policies based on relationships and electronic health records anonymization can perform well in terms of access policy response time and space storage.

[1]  Chia-Hung Hsiao,et al.  Privacy preservation and information security protection for patients' portable electronic health records , 2009, Comput. Biol. Medicine.

[2]  Yu-Yi Chen,et al.  A Secure EHR System Based on Hybrid Clouds , 2012, Journal of Medical Systems.

[3]  Xin Jin,et al.  Attribute-based access control models and implementation in cloud infrastructure as a service , 2014 .

[4]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[5]  Arshdeep Bahga,et al.  A Cloud-based Approach for Interoperable Electronic Health Records (EHRs) , 2013, IEEE Journal of Biomedical and Health Informatics.

[6]  Xin Jin,et al.  A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC , 2012, DBSec.

[7]  Zahir Tari,et al.  Hybrid Cryptographic Access Control for Cloud-Based EHR Systems , 2016, IEEE Cloud Computing.

[8]  Rajendra K. Raj,et al.  Designing a Secure Cloud-Based EHR System using Ciphertext-Policy Attribute-Based Encryption , 2011 .

[9]  Nicole Ganz Data Anonymization and its Effect on Personal Privacy , 2015 .

[10]  Jie Wu,et al.  Achieving fine‐grained access control for secure data sharing on cloud servers , 2011, Concurr. Comput. Pract. Exp..

[11]  Madjid Merabti,et al.  An access control model for cloud computing , 2014, J. Inf. Secur. Appl..

[12]  Anju Mohandas,et al.  Privacy preserving content disclosure for enabling sharing of electronic health records in cloud computing , 2014, COMPUTE '14.

[13]  Ling Liu,et al.  Security Models and Requirements for Healthcare Application Clouds , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[14]  Feipei Lai,et al.  A secure electronic medical record sharing mechanism in the cloud computing platform , 2011, 2011 IEEE 15th International Symposium on Consumer Electronics (ISCE).

[15]  Kalai Anand Ratnam,et al.  Cloud services - Enhancing the Malaysian healthcare sector , 2012, 2012 International Conference on Computer & Information Science (ICCIS).

[16]  T. Christopher,et al.  Anatomisation with slicing: a new privacy preservation approach for multiple sensitive attributes , 2016, SpringerPlus.

[17]  Steven R. Simon,et al.  Correlates of electronic health record adoption in office practices: a statewide survey. , 2007, Journal of the American Medical Informatics Association : JAMIA.

[18]  Gail-Joon Ahn,et al.  Security and Privacy Challenges in Cloud Computing Environments , 2010, IEEE Security & Privacy.

[19]  Samee Ullah Khan,et al.  Modeling and Analysis of State-of-the-art VM-based Cloud Management Platforms , 2013, IEEE Transactions on Cloud Computing.

[20]  Armin B. Cremers,et al.  Pseudonymization for Secondary Use of Cloud Based Electronic Health Records , 2014 .

[21]  Liu Weidong,et al.  An Efficient Role Based Access Control System for Cloud Computing , 2011, 2011 IEEE 11th International Conference on Computer and Information Technology.

[22]  M. S. Rajasree,et al.  Access control based privacy preserving secure data sharing with hidden access policies in cloud , 2017, J. Syst. Archit..

[23]  Kaija Saranto,et al.  Definition, structure, content, use and impacts of electronic health records: A review of the research literature , 2008, Int. J. Medical Informatics.

[24]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[25]  Zhen Liu,et al.  Time-Domain Attribute-Based Access Control for Cloud-Based Video Content Sharing: A Cryptographic Approach , 2016, IEEE Transactions on Multimedia.

[26]  Yufei Tao,et al.  ANGEL: Enhancing the Utility of Generalization for Privacy Preserving Publication , 2009, IEEE Transactions on Knowledge and Data Engineering.

[27]  Richard O. Sinnott,et al.  Semantic-Based Privacy Protection of Electronic Health Records for Collaborative Research , 2016, 2016 IEEE Trustcom/BigDataSE/ISPA.

[28]  Eric Horvitz,et al.  Patient controlled encryption: ensuring privacy of electronic medical records , 2009, CCSW '09.

[29]  Latanya Sweeney,et al.  Achieving k-Anonymity Privacy Protection Using Generalization and Suppression , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[30]  Sushmita Ruj,et al.  Privacy Preserving Access Control with Authentication for Securing Data in Clouds , 2012, 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (ccgrid 2012).

[31]  Christian Esposito,et al.  Interoperable, dynamic and privacy-preserving access control for cloud data storage when integrating heterogeneous organizations , 2018, J. Netw. Comput. Appl..

[32]  Sherman S. M. Chow,et al.  Improving privacy and security in multi-authority attribute-based encryption , 2009, CCS.

[33]  Qian Zhang,et al.  Outsourcing high-dimensional healthcare data to cloud with personalized privacy preservation , 2015, Comput. Networks.

[34]  Carmelo Pino,et al.  A Survey of Cloud Computing Architecture and Applications in Health , 2013 .

[35]  Yufei Tao,et al.  Anatomy: simple and effective privacy preservation , 2006, VLDB.

[36]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[37]  Xiaohui Liang,et al.  ESPAC: Enabling Security and Patient-centric Access Control for eHealth in cloud computing , 2011, Int. J. Secur. Networks.

[38]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[39]  Pan Li,et al.  Cloud-Assisted Mobile-Access of Health Data With Privacy and Auditability , 2014, IEEE Journal of Biomedical and Health Informatics.

[40]  K. R. Pandilakshmi,et al.  An Advanced Bottom up Generalization Approach for Big Data on Cloud , 2014 .

[41]  Philip S. Yu,et al.  Privacy-preserving data publishing: A survey of recent developments , 2010, CSUR.

[42]  George Hsieh,et al.  Design for a secure interoperable cloud-based Personal Health Record service , 2012, 4th IEEE International Conference on Cloud Computing Technology and Science Proceedings.

[43]  Srimathi Chandrasekaran,et al.  Survey on HealthCloud characteristics , 2015 .

[44]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[45]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[46]  P. Vishvapathi,et al.  Privacy-Preserving Multi-keyword Ranked Search over Encrypted Cloud Data , 2022 .

[47]  Shailendra Singh,et al.  Big Data Privacy Based on Differential Privacy a Hope for Big Data , 2014, 2014 International Conference on Computational Intelligence and Communication Networks.

[48]  Dipak Kalra,et al.  Inter-organizational future proof EHR systems: A review of the security and privacy related issues , 2009, Int. J. Medical Informatics.

[49]  Yuguang Fang,et al.  CAM: Cloud-Assisted Privacy Preserving Mobile Health Monitoring , 2013, IEEE Transactions on Information Forensics and Security.

[50]  Stefan Fenz,et al.  Pseudonymization for improving the Privacy in E-Health Applications , 2008, Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008).

[51]  Fausto Giunchiglia,et al.  RelBAC: Relation Based Access Control , 2008, 2008 Fourth International Conference on Semantics, Knowledge and Grid.

[52]  Rajendra K. Raj,et al.  Secure Access for Healthcare Data in the Cloud Using Ciphertext-Policy Attribute-Based Encryption , 2012, 2012 IEEE 28th International Conference on Data Engineering Workshops.

[53]  Nora Kamprath,et al.  Supporting attribute-based access control with ontologies , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[54]  Samee Ullah Khan,et al.  > REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 1 , 2008 .

[55]  Vinod Vaikuntanathan,et al.  Can homomorphic encryption be practical? , 2011, CCSW '11.

[56]  Jianqiang Li,et al.  A hybrid solution for privacy preserving medical data sharing in the cloud environment , 2015, Future Gener. Comput. Syst..

[57]  Jyh-Charn Liu,et al.  SAPPHIRE: Anonymity for enhanced control and private collaboration in healthcare clouds , 2012, 4th IEEE International Conference on Cloud Computing Technology and Science Proceedings.

[58]  Kouichi Sakurai,et al.  Realizing Fine-Grained and Flexible Access Control to Outsourced Data with Attribute-Based Cryptosystems , 2011, ISPEC.

[59]  Samee Ullah Khan,et al.  DaSCE: Data Security for Cloud Environment with Semi-Trusted Third Party , 2017, IEEE Transactions on Cloud Computing.

[60]  Timothy W. Finin,et al.  Semantically Rich, Oblivious Access Control Using ABAC for Secure Cloud Storage , 2017, 2017 IEEE International Conference on Edge Computing (EDGE).

[61]  Steven R. Simon,et al.  Correlates of Electronic Health Record Adoption in Office Practices: A Statewide Survey , 2006, AMIA.

[62]  XiaoFeng Wang,et al.  Sedic: privacy-aware data intensive computing on hybrid clouds , 2011, CCS '11.

[63]  Ling Liu,et al.  Role-based and time-bound access and management of EHR data , 2014, Secur. Commun. Networks.

[64]  Ninghui Li,et al.  Slicing: A New Approach for Privacy Preserving Data Publishing , 2009, IEEE Transactions on Knowledge and Data Engineering.

[65]  Ruhul Amin,et al.  A Novel Reference Security Model with the Situation Based Access Policy for Accessing EPHR Data , 2016, Journal of Medical Systems.

[66]  Shucheng Yu,et al.  Efficient privacy-preserving biometric identification in cloud computing , 2013, 2013 Proceedings IEEE INFOCOM.

[67]  Dov Dori,et al.  Situation-Based Access Control: Privacy management via modeling of patient data access scenarios , 2008, J. Biomed. Informatics.

[68]  Hassan Takabi Privacy aware access control for data sharing in cloud computing environments , 2014, SCC '14.

[69]  Albert Y. Zomaya,et al.  Modeling and Analysis of the Thermal Properties Exhibited by Cyberphysical Data Centers , 2017, IEEE Systems Journal.

[70]  Moni Naor,et al.  Theory and Applications of Models of Computation , 2015, Lecture Notes in Computer Science.

[71]  Reihaneh Safavi-Naini,et al.  Privacy preserving EHR system using attribute-based infrastructure , 2010, CCSW '10.

[72]  Samee Ullah Khan,et al.  e-Health Cloud: Privacy Concerns and Mitigation Strategies , 2015, Medical Data Privacy Handbook.

[73]  Carl A. Gunter,et al.  MyABDAC: compiling XACML policies for attribute-based database access control , 2011, CODASPY '11.

[74]  Pan Su,et al.  Securing patient-centric personal health records sharing system in cloud computing , 2014, China Communications.

[75]  Xiaojiang Du,et al.  Prometheus: Privacy-aware data retrieval on hybrid cloud , 2013, 2013 Proceedings IEEE INFOCOM.

[76]  Karim Djouani,et al.  Semantic Based Authorization Framework For Multi-Domain Collaborative Cloud Environments , 2017, ANT/SEIT.

[77]  Athanasios V. Vasilakos,et al.  Security in cloud computing: Opportunities and challenges , 2015, Inf. Sci..

[78]  Albert Y. Zomaya,et al.  Modeling and Analysis of the Thermal Properties Exhibited by Cyber Physical Data Centers , 2015 .

[79]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.