ITrust: identity and trust based access control model for healthcare system security

Abstract

The patient and healthcare professionals use the Electronic Healthcare System (EHS) for accessing medical records from the remote locations via the Internet. The emerging healthcare system has several advantages such as better management of the healthcare data, streamlined collaboration, improvement of medical care, insurance purpose, medical data backup, etc. Regardless of its advantages, the sensitivity and openness nature of the healthcare system arises different type of attacks and threats such as insider attack, service hijacking, abuse use of healthcare data, and impersonation attack. In the EHS, without knowing the prior information of the requester, data sharing is another considerable issue. Hence, a dynamic Access Control Model (ACM) is needed to overcome the above-discussed issues. In the EHS, the addition of trust into the access control solutions can provide dynamic access to the resources. To achieve such a model, in this paper, we have added user trust into the Identity Based Access Control (IBAC) model. For the computation of user trust, we have used beta reputation approach. An access control rule set has been proposed based on the trust degree and identity of the user to provide access in a controlled manner. This hybrid ACM and rule set not only protect the data from unauthorized access but also dynamically control the access view of the healthcare data. The experimental result of the proposed model shows that it is more accurate and reliable as compared to other trust models.