Rong Jiang,Shanshan Han,Yimin Yu,Weiping Ding

DOI: https://doi.org/10.1016/j.ins.2022.11.102

IF: 8.1

2022-11-25

Information Sciences

Abstract:Access control has been widely adopted by distributed platforms, and its effectiveness is of great importance to the quality of services provided by such platforms. However, traditional access control is difficult to apply to scenarios where authorization changes frequently and to extremely large-scale datasets with limited resources. This paper proposes an access control model based on spectral clustering (SC) and risk (SC-RBAC), which is more suitable for big data medical scenarios. Based on user history access data, an improved SC algorithm is used to cluster doctor users. Then, the user classification is introduced as a parameter into the information entropy to improve the accuracy of quantifying the user's access behavior risk. Finally, based on the accurate risk value of access behavior, we assign access rights to users through the access control function constructed in the paper. Experimental results show that in three different situations, the model proposed in this paper can distinguish the two types of doctors well, the accuracy of the model can reach more than 90%, and it outperforms other access control models.

computer science, information systems

Rong Jiang,Shanshan Han,Mingyue Shi,Tilei Gao,Xusheng Zhao

DOI: https://doi.org/10.1155/2022/3086516

IF: 1.968

2022-03-15

Security and Communication Networks

Abstract:Edge computing is playing an increasingly important role in the field of health care. Edge computing provides high-quality personalized services to patients based on user and device data information. However, edge nodes will collect a large amount of sensitive patient information, and patients will also bear the risk of privacy disclosure while enjoying personalized services. How to reduce the risk of privacy disclosure while ensuring that patients enjoy personalized services brought by edge computing is the research content of this paper. In this paper, the work flow and management mode of Hospital Information System (HIS) are investigated on the spot, and the risk-adaptive access control model based on entropy is established. First, we use International Classification of Diseases, Tenth Revision (ICD-10) to mark the information resources accessed by users and use information entropy to measure the correlation “α” between medical information accessed by users and work tasks. Finally, we analyze the relationship between correlation “α” and risk through an example. The results show that users with high correlation α have low risk of access behavior, and users with low risk have high correlation α of access information resources and work goals. This discovery can help managers predict users’ access behavior in the Big Data environment, so as to dynamically formulate access control policies according to the actual access situation of users and then realize the privacy protection of medical big health data.

computer science, information systems,telecommunications

Runtong Zhang,Donghua Chen,Xiaopu Shang,Xiaomin Zhu,Kecheng Liu

DOI: https://doi.org/10.1109/jbhi.2017.2696573

IF: 7.7

2018-01-01

IEEE Journal of Biomedical and Health Informatics

Abstract:Current access control mechanisms of the hospital information system can hardly identify the real access intention of system users. A relaxed access control increases the risk of compromise of patient privacy. To reduce unnecessary access of patient information by hospital staff, this paper proposes a knowledge-constrained role-based access control (KC-RBAC) model in which a variety of medical domain knowledge is considered in access control. Based on the proposed Purpose Tree and knowledge-involved algorithms, the model can dynamically define the boundary of access to the patient information according to the context, which helps to protect patient privacy by controlling access. Compared with the role-based access control model, KC-RBAC can effectively protect patient information according to the results of the experiments.

Rong Jiang,Yang Xin,Zhenxing Chen,Ying Zhang

DOI: https://doi.org/10.1016/j.asoc.2022.108423

IF: 8.7

2022-03-01

Applied Soft Computing

Abstract:One of the important issues facing HIS (Hospital Information System) in the context of big data is how to ensure that massive data and resources are protected from internal attacks and reduce the abuse of medical information. However, the existing single-value quantitative access control model based on trust or risk may not well reflect the true trust or risk situation because it cannot describe the timeliness and trend of the quantitative value. In response to this problem, we propose an access control model based on the credibility of the requesting user. Quantify the trust based on the user’s historical visit records on the HIS, and introduce the user’s historical behavior trend into the trust evaluation model through the corresponding regression analysis model. Comparative experiments show that in predicting linear, geometric, exponential, and mixed trends, the regression model in this paper is better than existing methods in predicting trust accuracy and predicting trust trends. Different from the working system of trusted access control model proposed in the existing literature, the model in this paper adds “Behavior warning module (BWM)”. The working mode that “User-visit, Early-warning, Trust-evaluation, Access-control” is very effective in reducing information leakage caused by visitors with non-profit purposes (such as curiosity) and purposeless (such as habitual browsing). And this also has a positive effect on improving the overall behavior level of users in the system.

computer science, artificial intelligence, interdisciplinary applications

Mingyue Shi,Rong Jiang,Xiaohan Hu,Jingwei Shang

DOI: https://doi.org/10.1007/s10729-019-09490-4

2019-07-23

Health Care Management Science

Abstract:With the rapid development of modern information technology, the health care industry is entering a critical stage of intelligence. Faced with the growing health care big data, information security issues are becoming more and more prominent in the management of smart health care, especially the problem of patient privacy leakage is the most serious. Therefore, strengthening the information management of intelligent health care in the era of big data is an important part of the long-term sustainable development of hospitals. This paper first identified the key indicators affecting the privacy disclosure of big data in health management, and then established the risk access control model based on the fuzzy theory, which was used for the management of big data in intelligent medical treatment, and solves the problem of inaccurate experimental results due to the lack of real data when dealing with actual problems. Finally, the model is compared with the results calculated by the fuzzy tool set in Matlab. The results verify that the model is effective in assessing the current safety risks and predicting the range of different risk factors, and the prediction accuracy can reach more than 90%.

health policy & services

Rong Jiang,Rui Liu,Tao Zhang,Weiping Ding,Shenghu Tian

DOI: https://doi.org/10.1016/j.ins.2023.120054

IF: 8.1

2023-01-01

Information Sciences

Abstract:Electronic Medical Records (EMR), as the core data of medical big data, has improved the efficiency of medical services in the process of sharing and use, but a series of data privacy leakage problems have emerged. Access control technology can ensure users' legitimate and appropriate access to data resources, but traditional access control has many limitations such as static and coarse-grained, which is difficult to meet in the dynamic and complex healthcare environment. We create a model to solve the privacy leakage problem of healthcare big data. The model utilizes the Latent Delicacy Allocation (LDA) topic model to quickly search documents and extract the topic probability distributions between the target patient and other patients' electronic medical records, which improves the efficiency of medical record document analysis; Calculating physician access similarity, we quantify physician access behavior to more accurately describe physician access behavior in the form of data. We combined the intuitionistic fuzzy theory with the trust evaluation method to create a novel trust evaluation method-- Intuitionistic Fuzzy Trust Evaluation Method, which can reflect the uncertainty characteristics that exist in the physician's diagnostic and treatment process when quantifying the trust of the access by using this method, and it is more flexible and practical, which enhances the accuracy of the quantification of the trust. Improving the traditional trust aggregation method by adding a time window and time decay function, the optimized method improves the accuracy of trust aggregation, and the experimental results are more in line with the actual law. We created a new intuitionistic fuzzy trust access control model using a relative entropy-based intuitionistic fuzzy clustering algorithm and a reward and punishment mechanism to achieve adaptive and dynamic access control for physician access behavior. Experiments show that the access control model based on intuitionistic fuzzy trust proposed in this article achieves 95% correctness in identifying user access behaviors and 94.29% correctness in identifying excessive user access behaviors. Experiments have proved that this model has obvious advantages over other models in the process of privacy protection of electronic medical record systems and has certain control effects.

Mingyue Shi,Rong Jiang,Wei Zhou,Sen Liu,Savio Sciancalepore

DOI: https://doi.org/10.1155/2020/5610839

IF: 1.968

2020-09-29

Security and Communication Networks

Abstract:Information leakage in the medical industry has become an urgent problem to be solved in the field of Internet security. However, due to the need for automated or semiautomated authorization management for privacy protection in the big data environment, the traditional privacy protection model cannot adapt to this complex open environment. Although some scholars have studied the risk assessment model of privacy disclosure in the medical big data environment, it is still in the initial stage of exploration. This paper analyzes the key indicators that affect medical big data security and privacy leakage, including user access behavior and trust, from the perspective of users through literature review and expert consultation. Also, based on the user’s historical access information and interaction records, the user’s access behavior and trust are quantified with the help of information entropy and probability, and a definition expression is given explicitly. Finally, the entire experimental process and specific operations are introduced in three aspects: the experimental environment, the experimental data, and the experimental process, and then, the predicted results of the model are compared with the actual output through the 10-fold cross verification with Matlab. The results prove that the model in this paper is feasible. In addition, the method in this paper is compared with the current more classical medical big data risk assessment model, and the results show that when the proportion of illegal users is less than 15%, the model in this paper is more superior in terms of accuracy and recall.

computer science, information systems,telecommunications

DOI: https://doi.org/10.1186/s40537-023-00783-8

2023-06-17

Journal Of Big Data

Abstract:The rapid development of healthcare big data has brought certain convenience to medical research and health management, but privacy protection of healthcare big data is an issue that must be considered in the process of data application. Access control is one of the methods for privacy protection, but traditional access control models cannot adapt to the dynamic, continuous, and real-time characteristics of healthcare big data scenarios. In this paper, we propose an access control model based on risk quantification and usage control (RQ-UCON). The model adds a risk quantification module to the traditional UCON model to achieve privacy protection of medical data. This module classifies risks into direct and indirect risks and quantifies them based on the physician's visit history. The model stores the quantified risk values as subject attributes. The RQ-UCON model uses an improved Exponentially Weighted Moving Average (EWMA) and penalty factors to predict risk value and to update the risk values of the subject attributes in real-time. The RQ-UCON model uses agglomerative hierarchical clustering to cluster the risk values of physicians within the department, resulting in risk intervals for each physician's operational behavior. Each risk interval is stored as a condition in the RQ-UCON model. Finally, according to the model whether the subject attributes meet the model conditions to determine whether the subject has the corresponding access rights, and according to the risk interval to grant the subject the corresponding access rights. Through the final experiment, it can be seen that the access control model proposed in this paper has a certain control on the excessive access behavior of doctors and has a certain limitation on the privacy leakage of healthcare big data.

Shaden Al-Aqeeli,Mznah Al-Rodhaan,Yuan Tian

DOI: https://doi.org/10.1109/iciht.2017.7899150

2017-01-01

Abstract:Preserving privacy of the electronic health records of the patients has been a fundamental issue in the healthcare domain. Several techniques have been employed to maintain privacy of the sensitive information such as controlling access to the medical records. While acting as a first line of defense against illegitimate access, traditional access control schemes fall short of defending against misbehavior of the already authenticated and authorized users; a risk that can harbor devastating consequences upon potential data release or leak. Several approaches can be implemented to overcome this risk such as establishing the notion of trustworthiness of the system users, which makes the access control scheme more dynamic and adaptable. In effect, as opposed to rigidly denying an access request, an access control model becomes more tolerable towards risky access requests by employing risk mitigation strategies. This paper introduces a novel risk mitigation strategy, for the healthcare domain, through which the risk associated with an access request is evaluated against the privacy preferences of the patient undergoing the medical procedure. The proposed strategy, which is HIPAA compliant, decides the set of data objects that can be safely exposed to the healthcare service provider such that unnecessarily repeated tests and procedures can be avoided and the privacy preferences of the patient are preserved.

Runtong Zhang,Donghua Chen,Xiaopu Shang

DOI: https://doi.org/10.1109/INDIN.2016.7819293

2016-01-01

Abstract:Access control is an important technical method to protect the sensitive data in the information system. This paper mainly focuses on the issue of privacy preserving for patients' information in HIS. On the basis of providing hospital employees necessary patient information that can support the treatment, the proposed Knowledge-Constrained Role Based Access Control (KC-RBAC) model tries to reduce the scope of patients' information that can be accessed by hospital employees. Compared with the traditional RBAC model, the medical knowledge and nonmedical knowledge lying in the process of treatment are introduced into KC-RBAC, which outline the boundary of accessible data for different users in the system.

Yuan Tian,Biao Song,Mohammad Mehedi Hassan,Eui-Nam Huh

DOI: https://doi.org/10.3837/tiis.2012.10.016

2012-01-01

KSII Transactions on Internet and Information Systems

Abstract:The growing concern for the protection of personal information has made it critical to implement effective technologies for privacy and data management. By observing the limitations of existing approaches, we found that there is an urgent need for a flexible, privacy-aware system that is able to meet the privacy preservation needs at both the role levels and the personal levels. We proposed a conceptual system that considered these two requirements: a graph-based, access control model to safeguard patient privacy. We present a case study of the healthcare field in this paper. While our model was tested in the field of healthcare, it is generic and can be adapted to use in other fields. The proof-of-concept demos were also provided with the aim of valuating the efficacy of our system. In the end, based on the hospital scenarios, we present the experimental results to demonstrate the performance of our system, and we also compared those results to existing privacy-aware systems. As a result, we ensured a high quality of medical care service by preserving patient privacy.

Binyong Li,Fan Yang,Shaowei Zhang

DOI: https://doi.org/10.3390/math12162541

IF: 2.4

2024-08-19

Mathematics

Abstract:Traditional access control systems exhibit limitations in providing flexible authorization and fine-grained access in the face of increasingly complex and dynamic access scenarios. This paper proposes a context-aware risk access control model to address these challenges. By developing a multi-level contextual risk indicator system, the model comprehensively considers real-time contextual information associated with access requests, dynamically evaluates the risk level of these requests, and compares the outcomes with predefined risk policies to facilitate access decisions. This approach enhances the dynamism and flexibility of access control. To improve the accuracy and reliability of risk assessments, we propose a combination weighting method grounded in game theory. This method reconciles subjective biases and the limitations of objective data by integrating both subjective and objective weighting techniques, thus optimizing the determination process for risk factor weights. Furthermore, smart contracts are introduced to monitor user behavior during access sessions, thereby preventing malicious attacks and the leakage of sensitive information. Finally, the model's performance and authorization granularity are assessed through empirical experiments. The results indicate that the model effectively addresses the requirements of dynamic and fine-grained access scenarios, improving the system's adaptability to risk fluctuations while safeguarding sensitive information.

mathematics

Shaden S. Al Aqeeli,Mznah A. Al-Rodhaan,Yuan Tian,Abdullah M. Al-Dhelaan

DOI: https://doi.org/10.4236/etsn.2018.71001

2018-01-01

E-Health Telecommunication Systems and Networks

Abstract:In the healthcare domain, protecting the electronic health record (EHR) is crucial for preserving the privacy of the patient. To help protect the sensitive data, access control mechanisms can be utilized to restrict access to only legitimate users. However, an issue arises when the authorized users abuse their access privileges and violate privacy preferences of the patients. While traditional access control schemes fall short of defending against the misbehavior of authorized users, risk-aware access control models can provide adaptable access to the system resources based on assessing the risk of an access request. When an access request is deemed risky, but within acceptable thresholds, risk mitigation strategies can be exploited to minimize the risk calculated. This paper proposes a risk-aware, privacy-preserving risk mitigation approach that can be utilized in the healthcare domain. The risk mitigation approach controls the patient’s medical data that can be exposed to healthcare professionals, according to their trust level as well as the risk incurred of such data exposure, by developing a novel Risk Measure formula. The developed Risk Measure is proven to manage the risk effectively. Furthermore, Risk Mitigation Data Disclosure algorithms, RIMIDI0 and RIMIDI1, which utilize the developed risk measures, are proposed. Experimental results show the feasibility and effectiveness of the proposed method in preserving the privacy preferences of the patient. Since the proposed approach exposes the patient’s data that are relevant to the undergoing medical procedure while preserving the privacy preferences, positive outcomes can be realized, which will ultimately bring forth quality healthcare services.

Xuetao Pu,Rong Jiang,Zhiming Song,Zhihong Liang,Liang Yang

DOI: https://doi.org/10.3389/fpubh.2024.1358184

IF: 5.2

2024-03-29

Frontiers in Public Health

Abstract:The rapid development of the Hospital Information System has significantly enhanced the convenience of medical research and the management of medical information. However, the internal misuse and privacy leakage of medical big data are critical issues that need to be addressed in the process of medical research and information management. Access control serves as a method to prevent data misuse and privacy leakage. Nevertheless, traditional access control methods, limited by their single usage scenario and susceptibility to single point failures, fail to adapt to the polymorphic, real-time, and sensitive characteristics of medical big data scenarios. This paper proposes a smart contracts and risk-based access control model (SCR-BAC). This model integrates smart contracts with traditional risk-based access control and deploys risk-based access control policies in the form of smart contracts into the blockchain, thereby ensuring the protection of medical data. The model categorizes risk into historical and current risk, quantifies the historical risk based on the time decay factor and the doctor's historical behavior, and updates the doctor's composite risk value in real time. The access control policy, based on the comprehensive risk, is deployed into the blockchain in the form of a smart contract. The distributed nature of the blockchain is utilized to automatically enforce access control, thereby resolving the issue of single point failures. Simulation experiments demonstrate that the access control model proposed in this paper effectively curbs the access behavior of malicious doctors to a certain extent and imposes a limiting effect on the internal abuse and privacy leakage of medical big data.

public, environmental & occupational health

Zhengxing Huang,Wei Dong,Huilong Duan

DOI: https://doi.org/10.1016/j.jbi.2015.09.005

IF: 8

2015-12-01

Journal of Biomedical Informatics

Abstract:BACKGROUND AND OBJECTIVE: Risk stratification aims to provide physicians with the accurate assessment of a patient's clinical risk such that an individualized prevention or management strategy can be developed and delivered. Existing risk stratification techniques mainly focus on predicting the overall risk of an individual patient in a supervised manner, and, at the cohort level, often offer little insight beyond a flat score-based segmentation from the labeled clinical dataset. To this end, in this paper, we propose a new approach for risk stratification by exploring a large volume of electronic health records (EHRs) in an unsupervised fashion.METHODS: Along this line, this paper proposes a novel probabilistic topic modeling framework called probabilistic risk stratification model (PRSM) based on Latent Dirichlet Allocation (LDA). The proposed PRSM recognizes a patient clinical state as a probabilistic combination of latent sub-profiles, and generates sub-profile-specific risk tiers of patients from their EHRs in a fully unsupervised fashion. The achieved stratification results can be easily recognized as high-, medium- and low-risk, respectively. In addition, we present an extension of PRSM, called weakly supervised PRSM (WS-PRSM) by incorporating minimum prior information into the model, in order to improve the risk stratification accuracy, and to make our models highly portable to risk stratification tasks of various diseases.RESULTS: We verify the effectiveness of the proposed approach on a clinical dataset containing 3463 coronary heart disease (CHD) patient instances. Both PRSM and WS-PRSM were compared with two established supervised risk stratification algorithms, i.e., logistic regression and support vector machine, and showed the effectiveness of our models in risk stratification of CHD in terms of the Area Under the receiver operating characteristic Curve (AUC) analysis. As well, in comparison with PRSM, WS-PRSM has over 2% performance gain, on the experimental dataset, demonstrating that incorporating risk scoring knowledge as prior information can improve the performance in risk stratification.CONCLUSIONS: Experimental results reveal that our models achieve competitive performance in risk stratification in comparison with existing supervised approaches. In addition, the unsupervised nature of our models makes them highly portable to the risk stratification tasks of various diseases. Moreover, patient sub-profiles and sub-profile-specific risk tiers generated by our models are coherent and informative, and provide significant potential to be explored for the further tasks, such as patient cohort analysis. We hypothesize that the proposed framework can readily meet the demand for risk stratification from a large volume of EHRs in an open-ended fashion.

medical informatics,computer science, interdisciplinary applications

LI Jia-shuai,PENG Chang-gen,ZHU Yi-jie,MA Hai-feng

DOI: https://doi.org/10.11959/j.issn.2096-109x.2016.00015

2016-01-01

Abstract:Traditional access control models are hard to restrain the malicious behavior of authorized users. Accord-ingly, Hadoop platform with this access control model is difficult to prevent the risk of privacy disclosure. A model of access control based on risk was proposed. A risk function of information entropy was designed from users’ his-torical behavior based on setting the tags of subject and object. Furthermore, the tracking chain of risk was built, which could adjust the users’ access authority dynamically according to the risk value and its volatility. Combining with access token and risk supervision, the risk access control mechanism for big data privacy protection was real-ized, which could be applied to enhance the security of Hadoop Kerberos protocol. Finally, the experiment result shows that the model can constrain the authorized users’ access behavior effectively.

Xuezhen Huang,Jiqiang Liu,Zhen Han

DOI: https://doi.org/10.1007/978-3-319-27998-5_13

2015-01-01

Abstract:With development of information technology and communication, corporations and individuals will collect some digital information to support information-based decisions. However, under some conditions, if all original data are released, some privacy will be disclosed, which will threaten data security and data privacy. Therefore, data owners will take some security measures. Role-based access control may authorize related original data accessed by users according to their roles. Privacy-preserving technology release processed data to avoid privacy disclosure. Nevertheless, existing privacy-preserving technologies lack continuity and are quite inefficient. This paper establishes an access model about on anonymized data and combines with the foregoing two security measures. On the premise that data security and data privacy are ensured, there is more flexibility and diversity and work efficiency is improved as well.

Aiguo Chen,Guoming Lu,Hanwen Xing,Yuan Xie,Shunwei Yuan

DOI: https://doi.org/10.1177/1550147720921778

IF: 1.938

2020-01-01

International Journal of Distributed Sensor Networks

Abstract:With the rapid development of intelligent perception and other data acquisition technologies in the Internet of things, large-scale scientific workflows have been widely used in geographically distributed multiple data centers to realize high performance in business model construction and computational processing. However, insider threats pose very significant privacy and security risks to systems. Traditional access-control models can no longer satisfy the reasonable authorization of resources in these new cross-domain environments. Therefore, a dynamic and semantic-aware access-control model is proposed for privacy preservation in multiple data center environments, which implements a semantic dynamic authorization strategy based on an anomaly assessment of users’ behavior sequences. The experimental results demonstrate that this dynamic and semantic-aware access-control model is highly dynamic and flexible and can improve the security of the application system.

Hongfa Ding,Changgen Peng,Youliang Tian,Shuwen Xiang

DOI: https://doi.org/10.1504/ijhpcn.2019.10020627

2019-01-01

International Journal of High Performance Computing and Networking

Abstract:The main problems of the application of access control in the cloud are the necessary flexibility and scalability to support a large number of users and resources in a dynamic and heterogeneous environment, with collaboration and information sharing needs. This paper proposes a risk self-adaptive dynamic access control model, based on Markov chain and Shannon information theory, for big data that stored and processed by cloud. In this model, a simple formal adversary model, a modification of XACML framework including some new and enhanced components, Markov-based methods for calculating the risk values of access requests, and an incentive mechanism for supervising all the access behaviours of subjects are proposed, successively. Our method is easy to deploy and the administrator just need to label the object data. This method is more effective and suitable to control the access in large-scale information system, and protect the sensitive and privacy data.

Chengyi Huo,Zhenqiang Wu

DOI: https://doi.org/10.3969/j.issn.1000-386x.2014.11.018

2015-01-01

Abstract:With the rapid development and wide application of computer and information technology,which bring the informatisation con-struction in medical institutions,the security and privacy are also widely recognised as the important requirements for medical information sys-tem ( HIS) .On the basis of RBAC model,a patient-oriented access control model for privacy protection is built in this paper.In it the patients are allowed to define personalised access control policies according to their own privacy preferences,this effectively solves the trouble of pa-tients’ privacy data leakage and satisfies their personalised privacy protection requirements.