Abstract
Mobile Health (mHealth) refers to a healthcare-provision scheme which uses mobile communication devices for effective detection, prognosis and delivery of services. mHealth systems consists of sensors collecting information from patients, cell phones through which users access the data, and a cloud-based remote data store for holding health information of the patients. Healthcare data contains sensitive information and it must be protected from unauthorized access. Although role-based access control is commonly used for healthcare data, we advocate the use of attribute-based access control as it offers finer granularity of access and can be used across organizational boundaries. Specifically, we use the NIST Next Generation Access Control (NGAC) for representing the access control policies as it is efficient, expressive, and simplifies policy management. We propose an approach that allows constant time evaluation of access decisions based on using a graph database.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Avancha, S., Baxi, A., Kotz, D.: Privacy in mobile technology for personal healthcare. ACM Comput. Surv. 45(1), 3:1–3:54 (2012)
Kotz, D.: A threat taxonomy for mHealth privacy. In: Proceedings of 2011 Third International Conference on Communication Systems and Networks (COMSNETS 2011), pp. 1–6 January 2011
Lomotey, R.K., Deters, R.: Mobile-based medical data accessibility in mhealth. In: Proceedings of 2014 2nd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering , pp. 91–100, April 2014
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. 4(3), 224–274 (2001)
Elliott, A., Knight, S.: Role explosion: acknowledging the problem. In: Proceedings of the 2010 International Conference on Software Engineering Research & Practice, pp. 349–355 (2010)
Fischer, J., Marino, D., Majumdar, R., Millstein, T.: Fine-grained access control with object-sensitive roles. In: Drossopoulou, S. (ed.) ECOOP 2009. LNCS, vol. 5653, pp. 173–194. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03013-0_9
Hu, V.C., et al.: Guide to attribute based access control (ABAC) definition and considerations (draft). NIST Spec. Publ. 800(162) (2013)
Scholl, M., Stine, K., Lin, K., Steinberg, D.: Draft security architecture design process for health information exchanges (HIEs). Report, NIST (2009)
Zhang, R., Liu, L.: Security models and requirements for healthcare application clouds. In: Proceedings of 2010 IEEE 3rd International Conference on Cloud Computing, pp. 268–275, July 2010
Basnet, R., Mukherjee, S., Pagadala, V.M., Ray, I.: An efficient implementation of next generation access control for the mobile health cloud. In: Proceedings of 2018 Third International Conference on Fog and Mobile Edge Computing (FMEC), pp. 131–138 (2018)
Ferraiolo, D., Atluri, V., Gavrila, S.: The policy machine: a novel architecture and framework for access control policy specification and enforcement. J. Syst. Architect. 57(4), 412–424 (2011)
Mell, P., Shook, J.M., Gavrila, S.: Restricting insider access through efficient implementation of multi-policy access control systems. In: Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats MIST@CCS, pp. 13–22 (2016)
Miller, J.J.: Graph database applications and concepts with neo4j. In: Proceedings of the Southern Association for Information Systems Conference, Atlanta, GA, USA, vol. 2324, p. 36 (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Pagadala, V., Ray, I. (2019). Achieving Mobile-Health Privacy Using Attribute-Based Access Control. In: Zincir-Heywood, N., Bonfante, G., Debbabi, M., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2018. Lecture Notes in Computer Science(), vol 11358. Springer, Cham. https://doi.org/10.1007/978-3-030-18419-3_20
Download citation
DOI: https://doi.org/10.1007/978-3-030-18419-3_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-18418-6
Online ISBN: 978-3-030-18419-3
eBook Packages: Computer ScienceComputer Science (R0)