Secure role-based access control over outsourced EMRs against unwanted leakage

Abstract

Along with large scale deployment of electronic medical record systems, huge amount of health data is collected. To protect the sensitive information, it must be securely stored and accessed. Considering secure storage on cloud servers, we summary a series of attack behaviors and present the security model against many types of unwanted privacy leakage. In this model, the privacy of unleaked medical records is guaranteed, and the influences of privacy leakage are confined in a strict manner. We also propose a role-based access control scheme for hierarchical healthcare organizations to achieve flexible access on these private records. One can access medical records only if his role satisfies the defined access policy, which implies a fine-grained access control. Theoretical and experimental analyses show the efficiency of our scheme in terms of computation and communication.