SEARCH
ISTC-CC NEWSLETTER
RESEARCH HIGHLIGHTS
Ling Liu's SC13 paper "Large Graph Processing Without the Overhead" featured by HPCwire.
ISTC-CC provides a listing of useful benchmarks for cloud computing.
Another list highlighting Open Source Software Releases.
Second GraphLab workshop should be even bigger than the first! GraphLab is a new programming framework for graph-style data analytics.
ISTC-CC Abstract
Role-Based and Time-Bound Access and Management of
EHR Data
International Journal of Security and Communication Networks, 2012 Wiley.
Rui Zhang*^, Ling Liu^ and Rui Xue*
*State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China
^College of Computing, Georgia Institute of Technology
Security and privacy are widely recognized as important requirements for access and management of Electronic Health Record (EHR) data. In this paper we argue that EHR data needs to be managed with customizable access control in both spatial and temporal dimensions. We present a role-based and time-bound access control model (RBTBAC) that provides more flexibility in both roles (spatial capability) and time (temporal capability) dimensions to control the access of sensitive data. Through algorithmic combination of role-based access control and time-bound key management, our RBTBAC model has two salient features. First, we have developed a privacy-aware and dynamic key structure for rolebased privacy aware access and management of EHR data, focusing on the consistency of access authorization (including data and time interval) with the activated role of user. In addition to role-based access, a path-invisible EHR structure is built for preserving privacy of patients. Second, we have employed a time tree method for generating time granule values, offering fine granularity of time-bound access authorization and control. Our initial experimental results show that treelike time structure can improve the performance of the key management scheme significantly and RBTBAC model is more suitable than existing solutions for EHR data management since it offers high-efficiency and better security and privacy.
KEYWORDS: EHR system; privacy preserving; role-based access control; time-bound key management; time tree
FULL PAPER: pdf