A fuzzy modeling approach for risk-based access control in eHealth cloud

Proceedings - 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2013

Volumn , Issue , 2013, Pages 17-23

  Li, Juan ^a   Bai, Yan ^b   Zaman, Nazia ^a  

^a North Dakota State University   (United States)

^b UNIVERSITY OF WASHINGTON   (United States)

Author keywords

access control; cloud computing; eHealth; fuzzy modeling; risk; security

Indexed keywords

CLOUD APPLICATIONS; CLOUD ENVIRONMENTS; DIFFERENT RISK FACTORS; EHEALTH; FUZZY MODELING; HEALTH CARE APPLICATION; INFORMATION ACCESS; SECURITY;

CLOUD COMPUTING; FUZZY SETS; HEALTH CARE; RISK ASSESSMENT; RISKS; UNCERTAINTY ANALYSIS;

ACCESS CONTROL;

EID: 84893460788     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/TrustCom.2013.66     Document Type: Conference Paper

References (30)

1. N. D. Mahant, "Risk Assessment is Fuzzy Business-Fuzzy Logic Provides the Way to Assess Off-site Risk from Industrial Installations", Risk 2004, No. 206.
2. E. Smith and J. Eloff, "Cognitive Fuzzy Modeling for Enhanced Risk Assessment in Health Care Institution", IEEE Intelligent Systems and Their Applications. March/ April 2000, pp.69-75.
3. M. Negnevitsky, "Artificial Intelligence. A Guide to Intelligent Systems", Addison-Wesley 2002.
4. M. Sharma, Y. Bai, S. Chung, and L. Dai, "Using Risk in Access Control for Cloud-Assisted eHealth", In Proceedings of the 2012 IEEE 14th International Conference on High Performance Computing and Communications (HPCC 2012), Liverpool, UK, June 2012, pp.1047-1052.
5. M. Meglic and et.al, "Feasibility of an eHealth Service to Support Collaborative Depression Care: Results of a Pilot Study", Journal of Medical Internet Research, Dec. 2010; 12(5):e63.
6. J. Lin and et.al., "Fine-grained Data Access Control Systems with User Accountability in Cloud Computing", in Proceedings of 2010 IEEE Second International Conference on Cloud Computing Technology and Science (CloudCom), Indianapolis, IN, Nov/Dec 2010, pp. 89-96.
7. R. Wooten, R. Klink, F. Sinek, Y. Bai, and M. Sharma, "Design and Implementation of a Healthcare Social Cloud System", In Proceedings of the 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid 2012), May 2012, Ottawa, Canada, pp.805-810.
8. Zeng, J., M. An, and N. J. Smith., "Application of a Fuzzy Based Decision Making Methodology to Construction Project Risk Assessment", International Journal of Project Management 25 (6): 589-600, 2007.
9. M. Barua, X.Liang, R. Lu, and X.Shen, "ESPAC: Enabling Security and Patient-centric Access Control for eHealth in cloud computing", International Journal of Security and Networks, 6 (2), pp. 67-76 (2011).
10. N. N. Diep, L. X. Hung, Y. Zhung, S. Lee, Y.-K. Lee, and H. Lee, "Enforcing Access Control Using Risk Assessment," in Proceedings of the Fourth European Conference on Universal Multiservice Networks, Toulouse, France, February 2007, pp. 419-424.
11. N. Mohamed, E. AbuKhousa, J. Al-Jaroodi, "e-Health Cloud: Opportunities and Challenges", Future Internet, Vol. 4(3), 2011, pp.621-645.
12. Q. Wang and H. Jin "Quantified Risk-Adaptive Access Control for Patient Privacy Protection in Health Information Systems", the 6th ACM Symposium on Information, Computer and Communications Security, Hong Kong, China, Mar. 2011.
13. W.-H. Au and K.C.C. Chan, Classification with Degree of Membership: A Fuzzy Approach, in: Proc. of the 1stIEEE Int'l Conf. on Data Mining, San Jose, CA, 2001, pp. 35-42.
14. Octave Fuzzy Logic Toolkit:http://sourceforge.net/projects/octave-fuzzy
15. Health Level Seven International: http://www.hl7.org/
16. H. Lohr, A.-R. Sadeghi, and M. Winandy, "Securing the e-healthcloud," in Proceedings of the 1st ACM International Health Informatics Symposium, ser. IHI '10, 2010, pp. 220-229.
17. J. Benaloh, M. Chase, E. Horvitz, and K. Lauter, "Patient controlled encryption: ensuring privacy of electronic medical records," in CCSW '09, 2009, pp. 103-114.
18. C. Dong, G. Russello, and N. Dulay, "Shared and searchable encrypted data for untrusted servers," in Journal of Computer Security, 2010.
19. V. Goyal, O. Pandey, A. Sahai, and B. Waters, "Attribute-based encryption for fine-grained access control of encrypted data," in CCS '06, 2006, pp. 89-98.
20. M. Li, W. Lou, and K. Ren, "Data security and privacy in wireless body area networks," IEEE Wireless Communications Magazine, Feb. 2010.
21. Li M., Logan Yu S., Zheng Y., Ren K., and Lou W. Scalable and secure sharing of personal health records in cloud computing using attributebased encryption. Parallel and Distributed Systems, 2012, Issue: 99:1.
22. A. Sunyaev, J. M. Leimeister, and H. Krcmar. Open security issues in german healthcare telematics. In HEALTHINF 2010-Proceedings of the 3rd International Conference on Health Informatics, pages 187-194. INSTICC, 2010.
23. Mrinmoy Barua, Xiaohui Liang, Rongxing Lu, and Xuemin Shen. 2011. ESPAC: Enabling Security and Patientcentric Access Control for eHealth in cloud computing. Int. J. Secur. Netw. 6, 2/3 (November 2011), 67-76.
24. A. Lounis, A. Hadjidj, A. Bouabdallah, and Y. Challal. "Secure and Scalable Cloud-based Architecture for e-Health Wireless Sensor Networks". In Proc. of the 21st International Conference on Computer Communication Networks (ICCCN). Munich, Germany. 2012.
25. S. Kandala, R. Sandhu, and V. Bhamidipati, "An Attribute Based Framework for Risk-Adaptive Access Control Models", the 6th International Conference on Availability, Reliability and Security, Vienna, Austria, Aug. 2011.
26. L. Chen and J. Crampton "Risk-Aware Role-Based Access Control", the 7th International Workshop on Security and Trust Management, Copenhagen, Denmark, Jun. 2011.
27. M. B. Line, I. A. Tøndel, and E. A. Gjære,"A Risk-Based Evaluation of Group Access Control Approaches in a Healthcare Setting", the 6th International Conference on Availability, Reliability and Security, Vienna, Austria, Aug. 2011.
28. R. A. Shaikh, K. Adi, and L Logrippo,"Dynamic Risk-based Decision Methods for Access Control Systems", Computers & Security, vol. 31, Nr. 4 (2012), pp. 447-464.
29. Q. Wang and H. Jin "Quantified Risk-Adaptive Access Control for Patient Privacy Protection in Health Information Systems", the 6th ACM Symposium on Information, Computer and Communications Security, Hong Kong, China, Mar. 2011.
30. Y. Bai, L. Dai, and J. Li, "Issues and Challenges in Securing eHealth Systems", International Journal of E-Health and Medical Communications,IGIGlobal.(Forthcoming) 23