Auditing Revocable Privacy-Preserving Access Control for EHRs in Clouds. (10th August 2017)
- Record Type:
- Journal Article
- Title:
- Auditing Revocable Privacy-Preserving Access Control for EHRs in Clouds. (10th August 2017)
- Main Title:
- Auditing Revocable Privacy-Preserving Access Control for EHRs in Clouds
- Authors:
- Liu, Weiran
Liu, Xiao
Liu, Jianwei
Wu, Qianhong - Abstract:
- Abstract: Electronic Health Record (EHR) systems bring an abundance of convenience for telediagnosis, medical data sharing and management. A main obstacle for wide adoption of EHR systems is due to the privacy concerns of patients. In this work, we propose a role-based access control (RBAC) scheme for EHR systems to secure private EHRs. In our RBAC, there are two main types of roles, namely independent patients and hierarchically organized medical staffs. A patient is identified by his/her identity, and a medical staff is recognized by his/her role in the medical institute. A user can comprehend an EHR only if he/she satisfies the access policy associated with this EHR, which implies a fine-grained access control. A public auditor is employed to verify whether the EHR is correctly encapsulated with the specified access policy, which provides an a priori approach to find fraudulent EHRs and reduce potential medical disputes. Moreover, our RBAC enforces a forward revocation mechanism. A revoked user cannot access the future EHRs even if his/her previous role satisfies the access policy. These security properties are formally proven under well-established assumptions. Theoretical and experimental analyses show the efficiency of our RBAC in terms of communication and computation.
- Is Part Of:
- Computer journal. Volume 60:Number 12(2017)
- Journal:
- Computer journal
- Issue:
- Volume 60:Number 12(2017)
- Issue Display:
- Volume 60, Issue 12 (2017)
- Year:
- 2017
- Volume:
- 60
- Issue:
- 12
- Issue Sort Value:
- 2017-0060-0012-0000
- Page Start:
- 1871
- Page End:
- 1888
- Publication Date:
- 2017-08-10
- Subjects:
- electronic health record -- data secrecy -- role-based access control -- public audit -- forward revocation
Computers -- Periodicals
005.1 - Journal URLs:
- http://comjnl.oxfordjournals.org/ ↗
http://ukcatalogue.oup.com/ ↗ - DOI:
- 10.1093/comjnl/bxx071 ↗
- Languages:
- English
- ISSNs:
- 0010-4620
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.060000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 25167.xml