Skip to main content
Key Specialties
Cardiology Diabetology Endocrinology Gastroenterology Geriatrics and Gerontology Gynecology and Obstetrics Hematology Infectious Disease Internal Medicine Nephrology Neurology Oncology Pediatrics Respiratory Medicine Rheumatology Surgery
Congress Coverage
2024 ACC Congress 2023 ESMO Congress 2023 EASD Congress 2023 ERS Congress 2023 ESC Congress
Clinical Collections
Advances in Alzheimer’s

Keynote webinar | Spotlight on medication adherence

LIVE: Thursday 27th June 2024, 18:00-19:30 (CEST)
Join our expert panel to discover why you need to understand the drivers of non-adherence in your patients, and how you can optimize medication adherence in your clinics to drastically improve patient outcomes.
ADVANCED SEARCH
Log in
Top
Journal of Medical Systems
Published in: Journal of Medical Systems 12/2016

01-12-2016 | Systems-Level Quality Improvement

Advanced Techniques for Deploying Reliable and Efficient Access Control: Application to E-healthcare

Authors: Faouzi Jaïdi, Faten Labbene-Ayachi, Adel Bouhoula

Published in: Journal of Medical Systems | Issue 12/2016

Login to get access

Abstract

Nowadays, e-healthcare is a main advancement and upcoming technology in healthcare industry that contributes to setting up automated and efficient healthcare infrastructures. Unfortunately, several security aspects remain as main challenges towards secure and privacy-preserving e-healthcare systems. From the access control perspective, e-healthcare systems face several issues due to the necessity of defining (at the same time) rigorous and flexible access control solutions. This delicate and irregular balance between flexibility and robustness has an immediate impact on the compliance of the deployed access control policy. To address this issue, the paper defines a general framework to organize thinking about verifying, validating and monitoring the compliance of access control policies in the context of e-healthcare databases. We study the problem of the conformity of low level policies within relational databases and we particularly focus on the case of a medical-records management database defined in the context of a Medical Information System. We propose an advanced solution for deploying reliable and efficient access control policies. Our solution extends the traditional lifecycle of an access control policy and allows mainly managing the compliance of the policy. We refer to an example to illustrate the relevance of our proposal.
Literature
1.
Jaidi, F., and Labbene-Ayachi, F., The problem of integrity in RBAC-based policies within relational databases: synthesis and problem study. ACM IMCOM 9th Int. Conf. Ubiquit. Inf. Manag. Commun. 21, 2015.
2.
Kaur, G., and Gupta, N., E-health: a New perspective on global health. J. Evol. Technol. 15(1):23–35, 2006.
3.
Scherrer, J.R., Spahni, S., Healthcare Information System Architecture (HISA) and its middleware models. AMIA Symp. 1999.
4.
5.
6.
Xiang, Y., Gu, Q., Li, Z., A distributed framework of Web-based telemedicine system. Proc. 16th IEEE Symp. Comput.-Based Med. Syst. 108–113, 2003.
7.
Omar, W.M., Taleb-Bendiab, A., E-health support services based on service-oriented architecture. IEEE Int. Conf. Serv. Comput. 135–142, 2006.
8.
Barrows, R., Privacy, confidentiality, and electronic medical records. J. Am. Med. Inf. Assoc. 13(2):139–148, 1996.CrossRef
9.
Health Insurance Portability and Accountability Act, United States Public Law, 104–191.
10.
11.
Bell, D., LaPadula, L., Secure computer systems: unified exposition and multics interpretation. MTR-2997. 1975.
12.
Sandhu, R., Coynek, E. J., Feinsteink, H. L., and Youmank, C. E., Role-based access control models. IEEE Comput. 29(2):38–47, 1996.CrossRef
13.
Lu, S., Hong, Y., Liu, Q., Wang L., Dssouli, R., Access control in e-health portal systems. 4th Int. Conf. Innov. Inf. Technol. 88–92, 2007.
14.
Jajodia, S., Samarati, P., Sapino, M. L., and Subrahmanian, V. S., Flexible support for multiple access control policies. ACM Trans. Database Syst. 26(4):1–57, 2001.
15.
Nirmala, D., Madhu Bindu N., Preserving privacy and providing auditability for cloud assisted mobile-access of health data. Int. J. Comput. Sci. Mechatron. 1(2), 2015.
16.
Mont, M. C., Bramhall, P., Harrison, K., A flexible role-based secure messaging service: Exploiting IBE technology for privacy in health care. 14th Int. Work. Database Exp. Syst. Appl. 2003.
17.
Boneh, D., and Franklin, M., Identity based encryption from the Weil pairing. SIAM J. Comput. 32(3):586–615, 2003.CrossRef
18.
Basin, D. A., Clavel, M., Doser, J., and Egea, M., Automated analysis of security-design models. Inf. Softw. Technol. 51(5):815–831, 2009.CrossRef
19.
Idani, A., Ledru, Y., Richier, J., Labiadh, M. A., Qamar, N., Gervais, F., Laleau, R., Milhau, J., Frappier, M., Principles of the coupling between UML and formal notations. ANR-08-SEGI-018. 2011.
20.
Ledru, Y., Idani, A., Milhau, J., Qamar, N., Laleau, R., Richier, J., and Labiadh, M. A., Taking into account functional models in the validation of IS security policies. CAiSE Work. 83:592–606, 2011.
21.
Nyanchama, M., and Osborn, S., The role graph model and conflict of interest. ACM Trans. Inf. Syst. Secur. 1(2):3–33, 1999.CrossRef
22.
Koch, M., Mancini, L. V., and Parisi-Presicce, F., A graph-based formalism for RBAC. ACM Trans. Inf. Syst. Secur. 5(3):332–335, 2002.CrossRef
23.
Hansen, F., Oleshchuk, V., Conformance checking of RBAC policy and its implementation. 1st Inf. Sec. Pract. Exp. Conf. 144–155, 2005.
24.
Huang, C., Sun, J., Wang, X., and Si, Y., Security policy management for systems employing role based access control model. Inf. Technol. J. 8:726–734, 2009.CrossRef
25.
Thion, R., and Coulondre, S., A relational database integrity framework for access control policies. J. Intell. Inf. Syst. 38(1):131–159, 2012.CrossRef
26.
Elavathingal, E. E., Sethuramalingam, T. K., Wearable electronic healthcare device for home centric patient monitoring. IOJER. 1(2), 2015.
27.
Gunson, N., Marshall, D., Morton, H., and Jack, M., User perceptions of security and usability of single-factor and two-factor authentication in automated telephone banking. Comput. Secur. 30(4):208–220, 2011.CrossRef
28.
He, D., Robust biometric-based user authentication scheme for wireless sensor networks. IACR Cryptol. ePrint 203:1–15, 2012.
29.
Shin, K. C., A robust biometric-based user authentication protocol in wireless sensor network environment. J. Soc. e-Bus. Stud. 18(3):107–123, 2013.CrossRef
30.
Yoon, E. J., Yoo, K. Y., A biometric-based authenticated key agreement scheme using ECC for wireless sensor networks. 29th Ann. ACM Symp. Appl. Comput. 699–705, 2014.
31.
Choi, Y., Lee, Y., Won, D., Security improvement on biometric based authentication scheme for wireless sensor networks using fuzzy extraction. Int. J. Distrib. Sens. Netw. 2, 2016.
32.
Wang, D., Wang, N., Wang, P., and Qing, S., Preserving privacy for free: efficient and provably secure two-factor authentication scheme with user anonymity. Inf. Sci. 321:162–178, 2015.CrossRef
33.
Jiang, Q., Kumar, N., Ma, J., Shen, J., He, D., Chilamkurti, N., A privacy‐aware two‐factor authentication protocol based on elliptic curve cryptography for wireless sensor networks. Int. J. Netw. Manag. 2016.
34.
Wang, D., He, D., Wang, P., and Chu, C. H., Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans. Dependable Secure Comput. 12(4):428–442, 2015.CrossRef
35.
Wu, F., Xu, L., Kumari, S., Li, X., An improved and anonymous two-factor authentication protocol for health-care applications with wireless medical sensor networks. Multimedia Systems 1–11, 2015.
36.
Das, A. K., Sutrala, A. K., Kumari, S., Odelu, V., Wazid, M., Li, X., An efficient multi‐gateway‐based three‐factor user authentication and key agreement scheme in hierarchical wireless sensor networks. Secur. Commun. Netw. 2016.
37.
He, D., and Wang, D., Robust biometrics-based authentication scheme for multiserver environment. IEEE Syst. J. 9(3):816–823, 2015.CrossRef
38.
Jiang, Q., Khan, M. K., Lu, X., Ma, J., He, D., A privacy preserving three-factor authentication protocol for e-Health clouds. J. Supercomput. 1–24, 2016.
39.
Islam, S. K. H., and Obaidat, M. S., Design of provably secure and efficient certificateless blind signature scheme using bilinear pairing. Sec. Commun. Netw. 8:4319–4332, 2015.CrossRef
40.
Cheng, L., and Wen, Q., Cryptanalysis and improvement of a certificateless partially blind signature. IET Inf. Secur. 9(6):380–386, 2015.CrossRef
41.
Dong, G., Gao, F., Shi, W., and Gong, P., An efficient certificateless blind signature scheme without bilinear pairing. An. Acad. Bras. Cienc. 86(2):1003–1011, 2014.CrossRef
42.
He, D., Chen, Y., and Chen, J., An efficient certificateless proxy signature scheme without pairing. Math. Comput. Model. 57(9):2510–2518, 2013.CrossRef
43.
Jaidi, F., Labbene-Ayachi, F., An approach to formally validate and verify the compliance of low level access control policies. IEEE 17th Int. Conf. Comput. Sci. Eng. 1550–1557, 2014.
44.
Jaidi, F., and Labbene-Ayachi, F., To summarize the problem of Non-conformity in concrete RBAC-based policies: synthesis, system proposal and future directives. NNGT Int. J. Inf. Sec. 2:1–12, 2015.
45.
Jaidi, F., Labbene-Ayachi, F., A reverse engineering and model transformation approach for RBAC-administered databases. 13th Int. Conf. High Perform. Comput. Simul. 2015.
46.
Jaidi, F., and Labbene-Ayachi, F., A formal approach based on verification and validation techniques for enhancing the integrity of concrete role based access control policies. Int. Joint Conf. Adv. Intell. Syst. Comput. 369:53–64, 2015.CrossRef
Metadata
Title
Advanced Techniques for Deploying Reliable and Efficient Access Control: Application to E-healthcare
Authors
Faouzi Jaïdi
Faten Labbene-Ayachi
Adel Bouhoula
Publication date
01-12-2016
Publisher
Springer US
Published in
Journal of Medical Systems / Issue 12/2016
Print ISSN: 0148-5598
Electronic ISSN: 1573-689X
DOI
https://doi.org/10.1007/s10916-016-0630-2

Other articles of this Issue 12/2016

Journal of Medical Systems 12/2016 Go to the issue

Systems-Level Quality Improvement

An Efficient Searchable Encryption Against Keyword Guessing Attacks for Sharable Electronic Medical Records in Cloud-based System

Systems-Level Quality Improvement

SIMEDIS: a Discrete-Event Simulation Model for Testing Responses to Mass Casualty Incidents

Systems-Level Quality Improvement

Secure and Efficient Two-Factor User Authentication Scheme with User Anonymity for Network Based E-Health Care Applications

Systems-Level Quality Improvement

A Novel Endoscope System for Position Detection and Depth Estimation of the Ureter

Patient Facing Systems

Access control and privilege management in electronic health record: a systematic literature review

Mobile & Wireless Health

Energy Efficient Monitoring of Metered Dose Inhaler Usage