Access control delegation in the clouds

Current market trends need solutions/products to be developed at high speed. To meet those requirements sometimes it requires collaboration between the organizations. Modern workforce is increasingly distributed, mobile and virtual which will incur hurdles for communication and effective collaboration within organizations. One of the greatest benefits of cloud computing has to do with improvements to organizations communication and collaboration, both internally and externally. Because of the efficient services that are being offered by the cloud service providers today, many business organizations started taking advantage of cloud services. Specifically, Cloud computing enables a new form of service in that a service can be realized by components provided by different enterprises or entities in a collaborative manner. Participating parties are usually loosely connected and they are responsible for managing and protecting resources/data entrusted to them. Such scenario demands advanced and innovative mechanisms for better security and privacy protection of data shared among multiple participating parties. In this thesis, we propose an access control delegation approach that achieves federated security services and preserves autonomy and privacy sharing preferences of involved parties. An important feature of our mechanism is that each party will not need to reveal its own sensitive information when making a global decision with other collaborators, which will encourage a wide range of collaboration and create more business opportunities. --Abstract, page iii

AN ADAPTIVE ROLE-BASED ACCESS CONTROL APPROACH FOR CLOUD E-HEALTH SYSTEMS

Securing and protecting electronic medical records (EMR) stored in a cloud is one of the most critical issues in e-health systems. Many approaches with different security objectives have been developed to adapt this important issue.This paper proposes a new approach for securing and protecting electronic health records against unauthenticated access with allowing different hospitals, health centres and pharmacies access the system, by implementing role-based access control approach that could be applied smoothly in cloud e-health systems

Trusted reasoning-role-based access control for cloud computing environment

Cloud computing has become the new standard in the fast-growing industry of information technology. This poses new challenges to the existing access control models, as the new computing paradigm is highly-distributed and multi-tenancy. The existing access control models are not strong enough due to unavailability of strong multiple relationships between user and resources. In addition, monitoring activities of users to protect the cloud resources is weak. In these contexts, malicious user must be identified for the protection of sensitive data and to limit the access of the user to the resources. This research developed an enhanced access control model for cloud computing, namely Trusted Reasoning-Role-Based Access Control for Cloud Computing Environment (TR2BAC) model. The model consists of four components. The first component is a dimensional domain for strong multiple relations between resources and user management, whereas the second component is reason-based access mechanism to limit users access based on defined reasoning principle. The third component is the trust module that identifies trusted/malicious users, and the fourth component ensures secure data access that classifies and labels the data according to the level of its sensitivity. The resources are then secured accordingly. Simulation results revealed that the performance of the proposed model improved in comparison to the existing state of the art techniques in terms of throughput by 25% and Permission Grants results by 35%. In terms of user authorization, the access time improved by 95% of the total access time which is about 7.5 seconds. In conclusion, this research has developed an enhanced access control model for cloud computing environment that can be used to protect the privacy of users as well as cloud resources from inside and outside attacks

Health data in cloud environments

The process of provisioning healthcare involves massive healthcare data which exists in different forms on disparate data sources and in different formats. Consequently, health information systems encounter interoperability problems at many levels. Integrating these disparate systems requires the support at all levels of a very expensive infrastructures. Cloud computing dramatically reduces the expense and complexity of managing IT systems. Business customers do not need to invest in their own costly IT infrastructure, but can delegate and deploy their services effectively to Cloud vendors and service providers. It is inevitable that electronic health records (EHRs) and healthcare-related services will be deployed on cloud platforms to reduce the cost and complexity of handling and integrating medical records while improving efficiency and accuracy. The paper presents a review of EHR including definitions, EHR file formats, structures leading to the discussion of interoperability and security issues. The paper also presents challenges that have to be addressed for realizing Cloudbased healthcare systems: data protection and big health data management. Finally, the paper presents an active data model for housing and protecting EHRs in a Cloud environment

Evaluation of Attribute-Based Access Control (ABAC) for EHR in Fog Computing Environment

Fog computing - a connection of billions of devices nearest to the network edge- was recently proposed to support latency-sensitive and real time applications. Electronic Medical Record (EMR) systems are latency-sensitive in nature therefore fog computing considered as appropriate choice for it. This paper proposes a fog environment for E-health system that contains highly confidential information of patients Electronic Health Records (EHR). The proposed E-health system has two main goals: (1) Manage and share EHRs between multiple fog nodes and the cloud,(2) Secure access into EHR on Fog computing without effecting the performance of fog nodes. This system will serve different users based on their attributes and thus providing Attribute Based Access Control ABAC into the EHR in fog to prevent unauthorized access. We focus on reducing the storing and processes in fog nodes to support low capabilities of storage and computing of fog nodes and improve its performance. There are three major contributions in this paper first; a simulator of an E-health system is implemented using both iFogSim and our iFogSimEhealthSystem simulator. Second, the ABAC was applied at the fog to secure the access to patients EHR. Third, the performance of the proposed securing access in E-health system in fog computing was evaluated. The results showed that the performance of fog computing in the secure E-health system is higher than the performance of cloud computing

Trusted cloud computing framework for healthcare sector

Cloud computing is rapidly evolving due to its efficient characteristics such as cost-effectiveness, availability and elasticity. Healthcare organizations and consumers lose control when they outsource their sensitive data and computing resources to a third party Cloud Service Provider (CSP), which may raise security and privacy concerns related to data loss and misuse appealing threats. Lack of consumers' knowledge about their data storage location may lead to violating rules and regulations of Health Insurance Portability and Accountability Act (HIPAA) that can cost them huge penalty. Fear of data breach by internal or external hackers may decrease consumers' trust in adopting cloud computing and benefiting from its promising features. We designed a HealthcareTrusted Cloud Computing (HTCC) framework that maintains security, privacy and considers HIPAA regulations. HTCC framework deploys Trusted Computing Group (TCG) technologies such as Trusted Platform Module (TPM), Trusted Software Stack (TSS), virtual Trusted Platform Module (vTPM), Trusted Network Connect (TNC) and Self Encrypting Drives (SEDs). We emphasize on using strong multi-factor authentication access control mechanisms and strict security controls, as well as encryption for data at storage, in-transit and while process. We contributed in customizing a cloud Service Level Agreement (SLA) by considering healthcare requirements. HTCC was evaluated by comparing with previous researchers' work and conducting survey from experts. Results were satisfactory and showed acceptance of the framework. We aim that our proposed framework will assist in optimizing trust on cloud computing to be adopted in healthcare sector

Health on a Cloud: Modeling Digital Flows in an E-health Ecosystem

A unified and well-knit e-health network is one that provides a common platform to its key stakeholders to facilitate a sharing of information with a view to promoting cooperation and maximizing benefits. A promising candidate worthy of being considered for this ponderous job is the emerging "cloud technology" with its offer of computing as a utility, which seems well-suited to foster such a network bringing together diverse players who would otherwise remain fragmented and be unable to reap benefits that accrue from cooperation. The e-health network serves to provide added value to its various stakeholders through syndication, aggregation and distribution of this health information, thereby reducing costs and improving efficiencies. Because such a network is in fact an interconnected "network of network" that delivers a product or service through both competition and cooperation, it can be thought of as a business ecosystem. . This study attempts to model the digital information flows in an e-health ecosystem and analyze the resulting strategic implications for the key players for whom the rules of the game are bound to change given their interdependent added-values. The ADVISOR framework is deployed to examine the values created and captured in the ecosystem. Based on this analysis, some critical questions that must be addressed as necessary preconditions for an e-Health Cloud, are derived. The paper concludes with the conjecture that "collaboration for value" will replace "competition for revenue" as the new axiom in the health care business that could ideally usher in a fair, efficient and sustainable ecosystem

Survey on securing data storage in the cloud

Cloud Computing has become a well-known primitive nowadays; many researchers and companies are embracing this fascinating technology with feverish haste. In the meantime, security and privacy challenges are brought forward while the number of cloud storage user increases expeditiously. In this work, we conduct an in-depth survey on recent research activities of cloud storage security in association with cloud computing. After an overview of the cloud storage system and its security problem, we focus on the key security requirement triad, i.e., data integrity, data confidentiality, and availability. For each of the three security objectives, we discuss the new unique challenges faced by the cloud storage services, summarize key issues discussed in the current literature, examine, and compare the existing and emerging approaches proposed to meet those new challenges, and point out possible extensions and futuristic research opportunities. The goal of our paper is to provide a state-of-the-art knowledge to new researchers who would like to join this exciting new field