期刊名称:International Journal of Distributed Sensor Networks
印刷版ISSN:1550-1329
电子版ISSN:1550-1477
出版年度:2019
卷号:15
期号:9
页码:1
DOI:10.1177/1550147719875653
出版社:Hindawi Publishing Corporation
摘要:Data and information security is considered to be an important and challenging task for any field of life. But it becomes more critical especially when it deals with the medical field due to life and health hazards. The ratio of internal security threats to external threats always remains high. A huge number of efforts and technical expertise are required in the case of attacking the system from the external environment. But it requires fewer efforts if a system is attacked internally by the stakeholders of the system. This article presents an access control model that secures the medical data of patients against internal cybersecurity threats. It allows only the legitimate users, that is, authorized patients and doctors to communicate despite the fact of physical boundaries. The proposed model implements authorization in combination with permissions and roles instead of roles only for medical staff. It removes the discrepancies in the existing access control models. The proposed model ensures communication among doctors and patients in a secure, private, and efficient manner. The model is demonstrated by using mathematical modeling along with implementation examples. The proposed model outperformed in comparison with state-of-the-art access control models.
关键词:Medical data protection; security and privacy-based data access; role-based access control; cyber security threats; internal data security
其他关键词:Medical data protection ; security and privacy-based data access ; role-based access control ; cyber security threats ; internal data security