Securing personal health records in cloud computing: Patient-centric and fine-grained data access control in multi-owner settings

Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering

Volumn 50 LNICST, Issue , 2010, Pages 89-106

  Li, Ming ^a   Yu, Shucheng ^a   Ren, Kui ^b   Lou, Wenjing ^a  

^a WORCESTER POLYTECHNIC INSTITUTE   (United States)

^b ILLINOIS INSTITUTE OF TECHNOLOGY   (United States)

Author keywords

Attribute based encryption; Cloud computing; Fine grained access control; Patient centric privacy; Personal health records

Indexed keywords

ACCESS CONTROL SCHEMES; ATTRIBUTE-BASED ENCRYPTION; COMPUTING ENVIRONMENTS; CRYPTOGRAPHIC KEY; DATA ACCESS CONTROL; EMERGENCY SCENARIO; FINE-GRAINED ACCESS CONTROL; FULL CONTROL; KEY DISTRIBUTION; KEY MANAGEMENT; MEDICAL RECORD; MULTIPLE SECURITIES; OPERATIONAL COSTS; PATIENT-CENTRIC PRIVACY; PERSONAL HEALTH; PERSONAL HEALTH RECORD; PHYSICAL CONTROL; SERVICE PROVIDER; USER ACCESS;

CLOUD COMPUTING; COMPUTER SYSTEMS; DATA REDUCTION; ELECTRONIC DOCUMENT EXCHANGE; HEALTH; HEALTH CARE; PUBLIC KEY CRYPTOGRAPHY; SECURITY SYSTEMS; TELECOMMUNICATION NETWORKS;

ACCESS CONTROL;

EID: 84872006849     PISSN: 18678211     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-3-642-16161-2_6     Document Type: Conference Paper

References (25)

1. Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D.A., Rabkin, A., Stoica, I., Zaharia, M.: Above the clouds: A berkeley view of cloud computing (February 2009)
2. At risk of exposure - in the push for electronic medical records, concern is growing about how well privacy can be safeguarded (2006), http://articles.latimes.com/2006/jun/26/health/he-privacy26
3. The health insurance portability and accountability act of 1996 (1996), http://www.cms.hhs.gov/HIPAAGenInfo/01-Overview.asp
4. Benaloh, J., Chase, M., Horvitz, E., Lauter, K.: Patient controlled encryption: ensuring privacy of electronic medical records. In: CCSW 2009: Proceedings of the 2009 ACM workshop on Cloud computing security, pp. 103-114 (2009)
5. Mandl, K.D., Szolovits, P., Kohane, I.S.: Public standards and patients' control: how to keep electronic medical records accessible but private. BMJ 322(7281), 283 (2001)
6. Wang, W., Li, Z., Owens, R., Bhargava, B.: Secure and efficient access to outsourced data. In: CCSW 2009, pp. 55-66 (2009)
7. Damiani, E., di Vimercati, S.D.C., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Key management for multi-user encrypted databases. In: StorageSS 2005, pp. 74-83 (2005) (Pubitemid 43275375)
8. Atallah, M.J., Frikken, K.B., Blanton, M.: Dynamic and efficient key management for access hierarchies. In: CCS 2005, pp. 190-202 (2005) (Pubitemid 44022003)
9. Blundo, C., Cimato, S., De Capitani di Vimercati, S., De Santis, A., Foresti, S., Paraboschi, S., Samarati, P.: Managing key hierarchies for access control enforcement: Heuristic approaches. In: Computers & Security (2010) (to appear)
10. Scholl, M., Stine, K., Lin, K., Steinberg, D.: Draft security architecture design process for health information exchanges (HIEs). Report, NIST (2009)
11. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM TISSEC 4(3), 224-274 (2001)
12. Jin, J., Ahn, G.-J., Hu, H., Covington, M.J., Zhang, X.: Patient-centric authorization framework for sharing electronic health records. In: SACMAT 2009, pp. 125-134 (2009)
13. di Vimercati, S.D.C., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Overencryption: management of access control evolution on outsourced data. In: VLDB 2007, pp. 123-134 (2007)
14. Dong, C., Russello, G., Dulay, N.: Shared and searchable encrypted data for untrusted servers. In: DBSec 2008, pp. 127-143 (2008)
15. Li, M., Lou, W., Ren, K.: Data security and privacy in wireless body area networks. IEEE Wireless Communications Magazine (February 2010)
16. Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for finegrained access control of encrypted data. In: CCS 2006, pp. 89-98 (2006) (Pubitemid 47131359)
17. Boldyreva, A., Goyal, V., Kumar, V.: Identity-based encryption with efficient revocation. In: CCS 2008, pp. 417-426 (2008)
18. Ibraimi, L., Petkovic, M., Nikova, S., Hartel, P., Jonker, W.: Ciphertext-policy attribute-based threshold decryption with flexible delegation and revocation of user attributes (2009), http://purl.org/utwente/65471
19. Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: IEEE INFOCOM 2010 (2010)
20. Yu, S., Wang, C., Ren, K., Lou, W.: Attribute based data sharing with attribute revocation. In: ASIACCS 2010 (2010)
21. Liang, X., Lu, R., Lin, X., Shen, X.S.: Patient self-controllable access policy on phi in ehealthcare systems. In: AHIC 2010 (2010)
22. Ibraimi, L., Asim, M., Petkovic, M.: Secure management of personal health records by applying attribute-based encryption. Technical Report, University of Twente (2009)
23. Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE S& P 2007, pp. 321-334 (2007) (Pubitemid 47432538)
24. Chase, M., Chow, S.S.: Improving privacy and security in multi-authority attribute-based encryption. In: CCS 2009, pp. 121-130 (2009)
25. Liang, X., Lu, R., Lin, X., Shen, X.S.: Ciphertext policy attribute based encryption with efficient revocation. Technical Report, University of Waterloo (2010)