A Context-Aware Security Model for a Combination of Attribute-Based Access Control and Attribute-Based Encryption in the Healthcare Domain

Abstract

The need of a trusted environment in which only authorized users are permitted to access a system was of imperative importance since the early days of cloud computing. Even nowadays, a lot of users seem to be reluctant to store their personal data in the cloud and specifically the data related to bank accounts and the health care domain. Our goal is to enhance the access control mechanisms that can be used in the healthcare domain for enhancing the security and privacy of EHR systems. In this work, we present a context-aware security model which consists of classes and properties that can serve as background knowledge for creating and enforcing access control rules for electronic health records (EHR). We consider two different layers of authorization control based on the current context: (i) the Attribute Based Access Control (ABAC) layer which permits or denies access and/or editing rights to (encrypted) EHRs; and (ii) the Attribute Based Encryption (ABE) layer which handles the way sensitive data should be decrypted.