论文信息 - eHCBAC: Flexible Column Based Access Control for Electronic Healthcare Systems

eHCBAC: Flexible Column Based Access Control for Electronic Healthcare Systems

An electronic healthcare (e-Health) system is a database system that collects patients' medical data from participating organizations such as hospitals, clinics and insurance companies, and facilitates services for these organizations. Though e-Health system transforms healthcare services with great savings in terms of efficiency and cost, it also triggers great privacy concerns as all patients' data are maintained in a centralized system which may be accessed and misused by unauthorized parties. One of the most important features of an e-Health system is that the sensitive data mainly distribute in certain columns. Thus, we propose a column based access control scheme for an e-Health database system (eHCBAC scheme), which protects the data by means of imposing access control policies on sensitive columns. Furthermore, we design algorithms to achieve eHCBAC for different SQL statements, and implement an prototype system by adding column based access control module into an open-source DBMS kernel. Experimental results demonstrate the effectiveness and efficiency of the prototype system.

Mei Liu | Jiwu Jing | Ge Fu

[1] Gail-Joon Ahn,et al. Patient-centric authorization framework for sharing electronic health records , 2009, SACMAT '09.

[2] Ning Zhang,et al. A Purpose-Based Access Control Model , 2007, Third International Symposium on Information Assurance and Security.

[3] Tim Moses,et al. EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[4] Arif Ghafoor,et al. Policy-based security management for federated healthcare databases (or RHIOs) , 2006, HIKM '06.

[5] Jeffrey D. Ullman,et al. Protection in operating systems , 1976, CACM.

[6] Sushil Jajodia,et al. Toward a multilevel secure relational data model , 1991, SIGMOD '91.

[7] Peter Sewell,et al. Cassandra: flexible trust management, applied to electronic health records , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[8] Carl A. Gunter,et al. Enhancing Database Access Control with XACML Policy , 2009 .

[9] Dorothy E. Denning,et al. The SeaView security model , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[10] Elisa Bertino,et al. Purpose based access control of complex data for privacy protection , 2005, SACMAT '05.

[11] David M. Eyers,et al. OASIS role-based access control for electronic health records , 2006, IEE Proc. Softw..

[12] Sushil Jajodia,et al. Towards a Multilevel Secure Relational Data Model , 1991, SIGMOD Conference.

[13] D. E. Bell,et al. Secure Computer Systems : Mathematical Foundations , 2022 .