Context-Aware and Zero Trust Access Control for E-Health Security
Abstract
In an increasingly connected world, ensuring security in e-health is a challenge. Traditional security models based on perimeter trust are insufficient to guarantee the protection of these systems. Since these models work by directly assigning trust to the user, the entire network becomes vulnerable if the user’s credentials or device are compromised. Thus, this work proposes and evaluates a model based on Zero Trust to considerably increase security in e-health environments. The proposed model is based on privilege reduction and user confidence analysis to perform access control. The evaluation follows simulation in different scenarios, assessing their assertiveness in delegating access. The results show the effective detection of anomalies in accesses by the model.References
Barra, D. C. C., do Nascimento, E. R. P., de Jesus Martins, J., Albuquerque, G. L., and Erdmann, A. L. (2006). Evolução histórica e impacto da tecnologia na área da saúde e da enfermagem. Revista Eletrônica de Enfermagem, 8(3).
Chen, B., Qiao, S., Zhao, J., Liu, D., Shi, X., Lyu, M., Chen, H., Lu, H., and Zhai, Y. (2020). A security awareness and protection system for 5g smart healthcare based on zero-trust architecture. IEEE Internet of Things Journal, 8(13):10248–10263.
Cremonezi, B., Vieira, A., Nacif, J., Silva, E. F., and Nogueira, M. (2021). Um método para extração e refinamento de políticas de acesso baseado em árvore de decisão e algoritmo genético. In Anais do XXXIX SBRC. SBC.
Hany, F. A., Alenezi, A., Walters, R., and Wills, G. (2017). An overview of risk estimation techniques in risk-based access control for the internet of things. In 2nd International Conference on Internet of Things, Big Data and Security, pages 254–260. INSTICC.
Hu, V. C., Kuhn, D. R., Ferraiolo, D. F., and Voas, J. (2015). Attribute-based access control. Computer, 48(2):85–88.
Leandro, M. A. P. et al. (2012). Federação de identidades e computação em nuvem: estudo de caso usando shibboleth. Master’s thesis, Universidade Federal de Santa Catarina.
Luh, F. and Yen, Y. (2020). Cybersecurity in science and medicine: Threats and challenges. Trends in biotechnology, 38(8):825–828.
Mazzocca, C., Romandini, N., Colajanni, M., and Montanari, R. (2022). Framh: A federated learning risk-based authorization middleware for healthcare. IEEE Trans. Comput. Soc. Syst.
Pace, A. (2008). Identity management. Journal of Physics: Conference Series, 119(1):012002.
Pussewalage, H. S. G. and Oleshchuk, V. A. (2017). Attribute based access control scheme with controlled access delegation for collaborative e-health environments. Journal of information security and applications, 37:50–64.
Rose, S., Borchert, O., Mitchell, S., and Connelly, S. (2020). Zero trust architecture. Technical report, National Institute of Standards and Technology.
Santos, D. R. d. et al. (2013). Uma arquitetura de controle de acesso dinâmico baseado em risco para computação em nuvem. Master’s thesis, UFSC.
Sharma, A., Sharma, S., and Dave, M. (2015). Identity and access management-a comprehensive study. In IEEE ICGCIoT.
Souza, W. S. d. (2013). Superando os riscos da segurança baseada em perímetro-uma abordagem com identificação federada através de certificados digitais a3/icp-brasil e saml. Master’s thesis, Universidade Federal do Rio Grande do Norte.
Teerakanok, S., Uehara, T., and Inomata, A. (2021). Migrating to zero trust architecture: reviews and challenges. Security and Communication Networks, 2021.
Wang, Z., Yu, X., Xue, P., Qu, Y., and Ju, L. (2023). Research on medical security system based on zero trust. Sensors, 23(7):3774.
Chen, B., Qiao, S., Zhao, J., Liu, D., Shi, X., Lyu, M., Chen, H., Lu, H., and Zhai, Y. (2020). A security awareness and protection system for 5g smart healthcare based on zero-trust architecture. IEEE Internet of Things Journal, 8(13):10248–10263.
Cremonezi, B., Vieira, A., Nacif, J., Silva, E. F., and Nogueira, M. (2021). Um método para extração e refinamento de políticas de acesso baseado em árvore de decisão e algoritmo genético. In Anais do XXXIX SBRC. SBC.
Hany, F. A., Alenezi, A., Walters, R., and Wills, G. (2017). An overview of risk estimation techniques in risk-based access control for the internet of things. In 2nd International Conference on Internet of Things, Big Data and Security, pages 254–260. INSTICC.
Hu, V. C., Kuhn, D. R., Ferraiolo, D. F., and Voas, J. (2015). Attribute-based access control. Computer, 48(2):85–88.
Leandro, M. A. P. et al. (2012). Federação de identidades e computação em nuvem: estudo de caso usando shibboleth. Master’s thesis, Universidade Federal de Santa Catarina.
Luh, F. and Yen, Y. (2020). Cybersecurity in science and medicine: Threats and challenges. Trends in biotechnology, 38(8):825–828.
Mazzocca, C., Romandini, N., Colajanni, M., and Montanari, R. (2022). Framh: A federated learning risk-based authorization middleware for healthcare. IEEE Trans. Comput. Soc. Syst.
Pace, A. (2008). Identity management. Journal of Physics: Conference Series, 119(1):012002.
Pussewalage, H. S. G. and Oleshchuk, V. A. (2017). Attribute based access control scheme with controlled access delegation for collaborative e-health environments. Journal of information security and applications, 37:50–64.
Rose, S., Borchert, O., Mitchell, S., and Connelly, S. (2020). Zero trust architecture. Technical report, National Institute of Standards and Technology.
Santos, D. R. d. et al. (2013). Uma arquitetura de controle de acesso dinâmico baseado em risco para computação em nuvem. Master’s thesis, UFSC.
Sharma, A., Sharma, S., and Dave, M. (2015). Identity and access management-a comprehensive study. In IEEE ICGCIoT.
Souza, W. S. d. (2013). Superando os riscos da segurança baseada em perímetro-uma abordagem com identificação federada através de certificados digitais a3/icp-brasil e saml. Master’s thesis, Universidade Federal do Rio Grande do Norte.
Teerakanok, S., Uehara, T., and Inomata, A. (2021). Migrating to zero trust architecture: reviews and challenges. Security and Communication Networks, 2021.
Wang, Z., Yu, X., Xue, P., Qu, Y., and Ju, L. (2023). Research on medical security system based on zero trust. Sensors, 23(7):3774.
Published
2024-05-20
How to Cite
FREITAS, Lucas Lino do C.; COELHO, Kristtopher K.; NOGUEIRA, Michele; VIEIRA, Alex Borges; NACIF, José Augusto M.; SILVA, Edelberto Franco.
Context-Aware and Zero Trust Access Control for E-Health Security. In: BRAZILIAN SYMPOSIUM ON COMPUTER NETWORKS AND DISTRIBUTED SYSTEMS (SBRC), 42. , 2024, Niterói/RJ.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 770-783.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2024.1471.
