A Context-Aware Security Model for a Combination of Attribute-Based Access Control and Attribute-Based Encryption in the Healthcare Domain

The need of a trusted environment in which only authorized users are permitted to access a system was of imperative importance since the early days of cloud computing. Even nowadays, a lot of users seem to be reluctant to store their personal data in the cloud and specifically the data related to bank accounts and the health care domain. Our goal is to enhance the access control mechanisms that can be used in the healthcare domain for enhancing the security and privacy of EHR systems. In this work, we present a context-aware security model which consists of classes and properties that can serve as background knowledge for creating and enforcing access control rules for electronic health records (EHR). We consider two different layers of authorization control based on the current context: (i) the Attribute Based Access Control (ABAC) layer which permits or denies access and/or editing rights to (encrypted) EHRs; and (ii) the Attribute Based Encryption (ABE) layer which handles the way sensitive data should be decrypted.

[1]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[2]  Mohammad Hammoudeh,et al.  A Survey on Ciphertext-Policy Attribute-based Encryption (CP-ABE) Approaches to Data Security on Mobile Devices and its Application to IoT , 2017, ICFNDS.

[3]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[4]  Qian Xu,et al.  Decentralized attribute-based conjunctive keyword search scheme with online/offline encryption and outsource decryption for cloud computing , 2019, Future Gener. Comput. Syst..

[5]  Yi Mu,et al.  Improving Security and Privacy Attribute Based Data Sharing in Cloud Computing , 2020, IEEE Systems Journal.

[6]  Gregoris Mentzas,et al.  Ontological Templates for Regulating Access to Sensitive Medical Data in the Cloud , 2017, 2017 IEEE 30th International Symposium on Computer-Based Medical Systems (CBMS).

[7]  I. Kohane,et al.  Finding the missing link for big biomedical data. , 2014, JAMA.

[8]  Stefan Katzenbeisser,et al.  Distributed Attribute-Based Encryption , 2009, ICISC.

[9]  Josep Domingo-Ferrer,et al.  Privacy-preserving cloud computing on sensitive data: A survey of methods, products and challenges , 2019, Comput. Commun..

[10]  Hongbo Zhu,et al.  Fine-grained multi-authority access control in IoT-enabled mHealth , 2019, Ann. des Télécommunications.

[11]  Nuttapong Attrapadung,et al.  Unbounded Dynamic Predicate Compositions in Attribute-Based Encryption , 2019, IACR Cryptol. ePrint Arch..

[12]  Gregoris Mentzas,et al.  Context-aware Security Models for PaaS-enabled Access Control , 2016, CLOSER.

[13]  Abdul Raouf Khan,et al.  ACCESS CONTROL IN CLOUD COMPUTING ENVIRONMENT , 2012 .

[14]  David F. Ferraiolo,et al.  Guide to Attribute Based Access Control (ABAC) Definition and Considerations , 2014 .

[15]  Li Kang,et al.  Privacy-preserving decentralized ABE for secure sharing of personal health records in cloud storage , 2019, J. Inf. Secur. Appl..

[16]  Anind K. Dey,et al.  Understanding and Using Context , 2001, Personal and Ubiquitous Computing.

[17]  Zoe L. Jiang,et al.  Practical attribute-based encryption: Outsourcing decryption, attribute revocation and policy updating , 2018, J. Netw. Comput. Appl..

[18]  Yaling Zhang,et al.  Searchable and revocable multi-data owner attribute-based encryption scheme with hidden policy in cloud storage , 2018, PloS one.

[19]  Allison Bishop,et al.  Decentralizing Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[20]  Elena Ferrari,et al.  Access Control in Data Management Systems , 2010, Access Control in Data Management Systems.

[21]  WangXuan,et al.  Practical attribute-based encryption , 2018 .