Achieving Mobile-Health Privacy Using Attribute-Based Access Control

Pagadala, Vignesh; Ray, Indrakshi

doi:10.1007/978-3-030-18419-3_20

Vignesh Pagadala¹⁸ &
Indrakshi Ray¹⁸

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11358))

Included in the following conference series:

International Symposium on Foundations and Practice of Security

725 Accesses
1 Citations

Abstract

Mobile Health (mHealth) refers to a healthcare-provision scheme which uses mobile communication devices for effective detection, prognosis and delivery of services. mHealth systems consists of sensors collecting information from patients, cell phones through which users access the data, and a cloud-based remote data store for holding health information of the patients. Healthcare data contains sensitive information and it must be protected from unauthorized access. Although role-based access control is commonly used for healthcare data, we advocate the use of attribute-based access control as it offers finer granularity of access and can be used across organizational boundaries. Specifically, we use the NIST Next Generation Access Control (NGAC) for representing the access control policies as it is efficient, expressive, and simplifies policy management. We propose an approach that allows constant time evaluation of access decisions based on using a graph database.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 59.99; Price excludes VAT (USA)

Softcover Book: USD 74.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Avancha, S., Baxi, A., Kotz, D.: Privacy in mobile technology for personal healthcare. ACM Comput. Surv. 45(1), 3:1–3:54 (2012)
Article Google Scholar
Kotz, D.: A threat taxonomy for mHealth privacy. In: Proceedings of 2011 Third International Conference on Communication Systems and Networks (COMSNETS 2011), pp. 1–6 January 2011
Google Scholar
Lomotey, R.K., Deters, R.: Mobile-based medical data accessibility in mhealth. In: Proceedings of 2014 2nd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering , pp. 91–100, April 2014
Google Scholar
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. 4(3), 224–274 (2001)
Article Google Scholar
Elliott, A., Knight, S.: Role explosion: acknowledging the problem. In: Proceedings of the 2010 International Conference on Software Engineering Research & Practice, pp. 349–355 (2010)
Google Scholar
Fischer, J., Marino, D., Majumdar, R., Millstein, T.: Fine-grained access control with object-sensitive roles. In: Drossopoulou, S. (ed.) ECOOP 2009. LNCS, vol. 5653, pp. 173–194. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03013-0_9
Chapter Google Scholar
Hu, V.C., et al.: Guide to attribute based access control (ABAC) definition and considerations (draft). NIST Spec. Publ. 800(162) (2013)
Google Scholar
Scholl, M., Stine, K., Lin, K., Steinberg, D.: Draft security architecture design process for health information exchanges (HIEs). Report, NIST (2009)
Google Scholar
Zhang, R., Liu, L.: Security models and requirements for healthcare application clouds. In: Proceedings of 2010 IEEE 3rd International Conference on Cloud Computing, pp. 268–275, July 2010
Google Scholar
Basnet, R., Mukherjee, S., Pagadala, V.M., Ray, I.: An efficient implementation of next generation access control for the mobile health cloud. In: Proceedings of 2018 Third International Conference on Fog and Mobile Edge Computing (FMEC), pp. 131–138 (2018)
Google Scholar
Ferraiolo, D., Atluri, V., Gavrila, S.: The policy machine: a novel architecture and framework for access control policy specification and enforcement. J. Syst. Architect. 57(4), 412–424 (2011)
Article Google Scholar
Mell, P., Shook, J.M., Gavrila, S.: Restricting insider access through efficient implementation of multi-policy access control systems. In: Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats MIST@CCS, pp. 13–22 (2016)
Google Scholar
Miller, J.J.: Graph database applications and concepts with neo4j. In: Proceedings of the Southern Association for Information Systems Conference, Atlanta, GA, USA, vol. 2324, p. 36 (2013)
Google Scholar

Download references

Author information

Authors and Affiliations

Computer Science Department, Colorado State University, Fort Collins, CO, USA
Vignesh Pagadala & Indrakshi Ray

Authors

Vignesh Pagadala
View author publications
You can also search for this author in PubMed Google Scholar
Indrakshi Ray
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Indrakshi Ray .

Editor information

Editors and Affiliations

Dalhousie University, Halifax, NS, Canada
Nur Zincir-Heywood
École des Mines de Nancy, Nancy, France
Guillaume Bonfante
Concordia University, Montreal, QC, Canada
Mourad Debbabi
Telecom SudParis, Evry, France
Joaquin Garcia-Alfaro

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Pagadala, V., Ray, I. (2019). Achieving Mobile-Health Privacy Using Attribute-Based Access Control. In: Zincir-Heywood, N., Bonfante, G., Debbabi, M., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2018. Lecture Notes in Computer Science(), vol 11358. Springer, Cham. https://doi.org/10.1007/978-3-030-18419-3_20

Download citation

DOI: https://doi.org/10.1007/978-3-030-18419-3_20
Published: 14 April 2019
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-18418-6
Online ISBN: 978-3-030-18419-3
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics