A novel two phase data sensitivity based access control framework for healthcare data
Pages 8867 - 8892
Abstract
This paper proposes a secure data access control framework that utilizes the attribute values and the user specific usage details to provide secure and fine-grained data access. It aims to minimize the data leakage during data retrieval which is a critical challenge for handling health data. No standard data retrieval policies are in place for preserving the privacy of medical data though any data breach may have a disastrous effect on society. In our proposed framework data is divided into different segments based on data sensitivity and data utility and users are authorized based on attribute details. An Integer Linear Programming (ILP) based solution is designed here to optimize the amount of information a user can retrieve from the application while minimizing the data leakage. The data storage technique and the user authorization technique complement each other to decide upon access to the portion of the information available to that particular user. An experimental result shows the sensitivity score calculation of the data items, ILP based privilege value assignment of the users and data retrieval strategy to minimize data leakage. The technique is validated on the benchmark datasets. The results show the utility of the sensitivity score of the data items and user privilege values while ensuring faster data retrieval time as compared to state-of-the-art works.
References
[1]
Abdulghani HA, Nijdam NA, Collen A, and Konstantas D A study on security and privacy guidelines, countermeasures, threats: IoT data at rest perspective Symmetry 2019 11 6 774
[2]
Azeez NA, Van der Vyver C (2018) Security and privacy issues in e-health cloud-based system: A comprehensive content analysis, Egyptian Informatics Journal.
[3]
Barua M, Liang X, Lu R, and Shen XESPAC: Enabling Security and Patient-centric Access Control for eHealth in cloud computingInt J Security Netw201162–367-76https://doi.org/10.1504/IJSN.2011.043666
[4]
Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: 2007 IEEE Symposium on security and privacy (SP’07). IEEE
[5]
Bhatt CA and Kankanhalli MS Multimedia data mining: state of the art and challenges Multimed Tools Appl 2011 51 35-76
[6]
Celikel E, Kantarcioglu M, Thuraisingham B, and Bertino E A risk management approach to RBAC Risk Decis Anal 2009 1 2 21-33
[7]
Chadwick DW and Fatema KA privacy preserving authorisation system for the cloudJ Comput Syst Sci201278513591373https://doi.org/10.1016/j.jcss.2011.12.019
[8]
Chase M, Chow SS (2009) Improving privacy and security in Multi-Authority Attribute-Based encryption. In: Proceedings 16th ACM Conference computer and communications security. pp 121–130.
[9]
di Vimercati SDC, Foresti S, Samarati P (2014) Selective and fine-grained access to data in the cloud. Secure Cloud Computing. Springer New York, 123–148
[10]
Eom J, Lee DH, and Lee KPatient-Controlled Attribute-Based Encryption for secure electronic health records systemJ Med Syst20164012253https://doi.org/10.1007/s10916-016-0621-3
[11]
Garain A, Dawn R, Singh S, and Chowdhury C Differentially private human activity recognition for smartphone users Multimed Tools Appl 2022 81 28 40827-40848
[12]
Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM conference on Computer and communications security (pp 89–98). ACM.
[13]
Harel A, Shabtai A, Rokach L, and Elovici Y M-score:, A misuseability weight measure IEEE Trans Dependable Secure Comput 2012 9 3 414-428
[14]
Hur J and Noh DKAttribute-Based Access control with efficient revocation in data outsourcing systemsIEEE Trans Parallel Distrib Syst20112271214-1221https://doi.org/10.1109/TPDS.2010.203
[15]
Jayapradha J, Prakash M, Alotaibi Y, Khalaf OI, and Alghamdi SA Heap Bucketization anonymity—an efficient privacy-preserving data publishing model for multiple sensitive attributes IEEE Access 2022 10 28773-28791
[16]
Kement CE et al.Comparative analysis of load-shaping-based privacy preservation strategies in a smart gridIEEE Trans Indus Inf201713.63226-3235https://doi.org/10.1109/TII.2017.2718666
[17]
Khan LS, Khan M, Hazzazi MM, and Jamal SS A novel combination of information confidentiality and data hiding mechanism Multimed Tools Appl 2023 82 5 6917-6941
[18]
Krishnan R (2015) Access control and privacy policy challenges in big data, position paper, NSF Workshop on big data security and privacy. http://csi.utdallas.edu/events/NSF/papers/paper10.pdf
[19]
Kudryavtsev LD, Samarin MK (2011) Lagrange interpolation formula. Encyclopedia of Mathematics,[On-line]. Available: http://www.encyclopediaofmath.org/index.php.
[20]
Kumar TA, Liu H, Thomas JP, and Hou X Content sensitivity based access control framework for Hadoop Digit Commun Netw 2017 3 4 213-225
[21]
Lewko A, Okamoto T, Sahai A, Takashima K, Waters B (2010) Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption. In: Advances in Cryptology–EUROCRYPT 2010: 29th Annual international conference on the theory and applications of cryptographic techniques, French Riviera, May 30–June 3, 2010. Proceedings 29, pp 62–91. Springer Berlin Heidelberg
[22]
Li S, Mu N, Le J, Liao X (2019) A novel algorithm for privacy preserving utility mining based on integer linear programming. Eng Appl Artif Intell 81:300–312
[23]
Li S, Mu N, Le J, Liao X (2019) A novel algorithm for privacy preserving utility mining based on integer linear programming. Eng Appl Artif Intell 81:300–312
[24]
Li W, Ni W, Liu D, Liu RP, Wang P, Luo S (2017) Fine-grained access control for personal health records in cloud computing. In: 2017 IEEE 85th Vehicular Technology Conference (VTC Spring), pp 1–5. IEEE
[25]
Li M, Yu S, Zheng Y, Ren K, and Lou WScalable and secure sharing of personal health records in cloud computing using attribute based encryptionIEEE Trans Parall Distr2013241131-143https://doi.org/10.1109/TPDS.2012.97
[26]
Liu Y, Zhang Y, Ling J, and Liu Z Secure and fine-grained access control on e-healthcare records in mobile cloud computing Futur Gener Comput Syst 2018 78 1020-1026
[27]
Majeed A and Lee S Attribute susceptibility and entropy based data anonymization to improve users community privacy and utility in publishing data Appl Intell 2020 50.8 2555-2574
[28]
Musthafa S, Student MT, and Sudarsa DB Patient–Centric Secure data sharing frame work for Cloud-Based PHR systems Int J Eng Sci Invent 2013 2.5 17-26
[29]
Qiu M, Gai K, Thuraisingham B, Tao L, and Zhao H Proactive user-centric secure data scheme using attribute-based semantic access controls for mobile clouds in financial industry Future Gener Comput Syst 2018 80 421-429
[30]
Roy M, Chowdhury C, Ahmed G, Aslam N, Chattopadhyay S, and Islam SU Intra WBAN routing using Zipf’s law and intelligent transmission power switching approach (ZITA) J Ambient Intell Humanized Comput 2022 13 9 4135-4149
[31]
Saha S, Mallick S, and Neogy SPrivacy-Preserving healthcare data modeling based on sensitivity and utilitySN Comput Sci20223.6482https://doi.org/10.1007/s42979-022-01372-x
[32]
Saha S, Saha P, Neogy S (2018) Hierarchical metadata-based secure data retrieval technique for healthcare application. In: Advanced computing and communication technologies, Springer, Singapore, vol 2018, pp 175–182
[33]
Satyanarayanan M Pervasive computing: Vision and challenges Pers Commun IEEE 2001 8.4 10-17
[34]
TK AK, Liu H, Thomas JP, Mylavarapu G (2015) Identifying sensitive data items within hadoop. In: 2015 IEEE 17th International conference on high performance computing and communications, 2015 IEEE 7th International symposium on cyberspace safety and security, and 2015 IEEE 12th International conference on embedded software and systems, pp 1308–1313. IEEE
[35]
Tang PC, Ash JS, Bates DW, Overhage JM, and Sands DZ Personal health records: definitions, benefits, and strategies for overcoming barriers to adoption J Am Med Inf Assoc 2006 13 2 121-126
[36]
The GDPR Act (2016) https://gdpr-info.eu/
[37]
The HIPAA Act (2000) http://www.hhs.gov/ocr/privacy/
[38]
The Sarbanes-Oxley Act (2002) http://www.soxlaw.com/
[39]
Ullah I and Khusro S On the analysis and evaluation of information retrieval models for social book search Multimed Tools Appl 2023 82 5 6431-6478
[40]
Varriale A, Prinetto P, Carelli A, Trotta P (2016) SECube (TM): Data at rest and data in motion protection. In: Proceedings of the International conference on security and management (SAM), p 138. The steering committee of the world congress in computer science, computer engineering and applied computing (WorldComp)
[41]
Wang Y, Liu F, Pang Z, Hassan A, and Lu W Privacy-preserving content-based image retrieval for mobile computing J Inf Secur Appl 2019 49 102399
[42]
Wazid M, Das AK, Kumar N, and Rodrigues JJ Secure three-factor user authentication scheme for renewable-energy-based smart grid environment IEEE Trans Indus Inf 2017 13 6 3144-3153
[43]
Weisstein EW (2004) Lagrange interpolating polynomial. https://mathworld.wolfram.com/
[44]
Wu R, Ahn GJ, Hu H (2012) Secure sharing of electronic health records in clouds. In: 8th International conference collaborative computing, networking, application and Worksharing (CollaborateCom), Pittsburgh, PA, USA, Oct, pp 711–718.
[45]
Wu Y, Wei Z, and Deng RHAttribute-based access to scalable media in cloud-assisted content sharing networksIEEE Trans Multimed2013154778-788https://doi.org/10.1109/TMM.2013.2238910
[46]
Yang Z and Liang Z Automated identification of sensitive data from implicit user specification Cybersecurity 2018 1 1-15
[47]
Yang H, Oleshchuk VA (2015) Traceable hierarchical attribute-based authentication for the cloud. IEEE Conference on Communications and Network Security (CNS). IEEE.
[48]
Yang P, Xiong N, and Ren J Data security and privacy protection for cloud storage: a survey IEEE Access 2020 8 131723-131740
[49]
Yao L, Chen Z, Wang X, Liu D, and Wu G Sensitive label privacy preservation with anatomization for data publishing IEEE Trans Dependable Secure Comput 2019 18 2 904-917
[50]
Yu S, Wang C, Ren K, Lou W (2010) Achieving secure, scalable, and fine-grained data access control in cloud computing. In: 2010 Proceedings IEEE INFOCOM, pp 1-9. IEEE
[51]
Zeng W, Yang Y, Luo B (2014) Content-based access control: Use data content to assist access control for large-scale content-centric databases. In: 2014 IEEE International conference on Big Data (Big Data), Washington, DC USA, pp 701–710.
[52]
Zhang X, Sun S, and Zhang KAn information content-based approach for measuring concept semantic similarity in WordNetWirel Pers Commun2018103.1117-132https://doi.org/10.1007/s11277-018-5429-7
[53]
Zhou J, Lin X, Dong X, and Cao Z PSMPA: Patient Self-controllable and multi-level privacy-preserving cooperative authentication in distributedm-healthcare cloud computing system IEEE Trans Parallel Distrib Syst 2014 26 6 1693-1703
Index Terms
- A novel two phase data sensitivity based access control framework for healthcare data
Index terms have been assigned to the content through auto-classification.
Recommendations
Role-based access control for data service integration
SWS '06: Proceedings of the 3rd ACM workshop on Secure web servicesWe describe the implementation of role-based access control in a data service integration system. Users in research or other projects may access a diverse collection of data sources but are to allowed access to only the part of the data collection that ...
P2 KASE A2 —privacy‐preserving key aggregate searchable encryption supporting authentication and access control on multi‐delegation
Delegation is a technique that allows a subject receiving a delegation (the delegatee) to act on behalf of the delegating subject (the delegator). Although the existing Key Aggregate Searchable Encryption (KASE) schemes support delegation of search rights ...
An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed SystemsRole-based access control (RBAC) is a widely-used protocol to design and build an access control for providing the system security regarding authorization. Even though in the context of internet resources access, the authentication and access control ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
© The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2023. Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
Publisher
Kluwer Academic Publishers
United States
Publication History
Published: 13 June 2023
Accepted: 18 April 2023
Revision received: 10 April 2023
Received: 29 September 2022
Author Tags
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 13 Dec 2024