Modelos de control de acceso más utilizados en la seguridad de datos médicos
Barra lateral del artículo
Contenido principal del artículo
Resumen
El acceso no autorizado a datos sensibles de pacientes es un problema que atenta contra ellos mismos y la seguridad de las organizaciones dedicadas al servicio de salud, para lo cual es fundamental implementar controles de acceso (CA), los cuales deben impedir el acceso y uso malintencionado de los datos, por ese motivo se hizo una investigación basada en revisión sistemática, utilizando como metodología a Prisma; además, se utilizó SCOPUS como base de datos incluyendo 82 artículos, que sirvieron para encontrar los modelos de control de acceso más utilizados; por consiguiente, se identificó 5 modelos que fueron los más utilizados (ABE, ABAC, RBAC, BBAC y MAC), representando un total del 52% de todos los estudios revisados, mientras que un 29% pertenecía a los que se implementaron una única vez y el 19% restante a las que surgieron por la solución de problemas identificados dentro de los 5 modelos de uso frecuente.
Detalles del artículo
Esta obra está bajo una licencia internacional Creative Commons Atribución-NoComercial-SinDerivadas 4.0.
Los autores conservan los derechos de autor y ceden a la revista el derecho de la primera publicación y pueda editarlo, reproducirlo, distribuirlo, exhibirlo y comunicarlo en el país y en el extranjero mediante medios impresos y electrónicos. Asimismo, asumen el compromiso sobre cualquier litigio o reclamación relacionada con derechos de propiedad intelectual, exonerando de responsabilidad a la Editorial Tecnológica de Costa Rica. Además, se establece que los autores pueden realizar otros acuerdos contractuales independientes y adicionales para la distribución no exclusiva de la versión del artículo publicado en esta revista (p. ej., incluirlo en un repositorio institucional o publicarlo en un libro) siempre que indiquen claramente que el trabajo se publicó por primera vez en esta revista.
Citas
S. K. Rana et al., «Blockchain Technology and Artificial Intelligence Based Decentralized Access Control Model to Enable Secure Interoperability for Healthcare», Sustainability, vol. 14, n.o 15, Art. n.o 15, ene. 2022, doi: 10.3390/su14159471.
K. Srivastava y N. Shekokar, «Design of machine learning and rule based access control system with respect to adaptability and genuineness of the requester», EAI Endorsed Trans. Pervasive Health Technol., vol. 6, n.o 24, pp. 1-12, 2020, doi: 10.4108/eai.24-9-2020.166359.
A. K. Malik et al., «From conventional to state-of-the-art iot access control models», Electron. Switz., vol. 9, n.o 10, pp. 1-34, 2020, doi: 10.3390/electronics9101693.
E. Psarra, D. Apostolou, Y. Verginadis, I. Patiniotakis, y G. Mentzas, «Context-Based, Predictive Access Control to Electronic Health Records», Electronics, vol. 11, n.o 19, Art. n.o 19, ene. 2022, doi: 10.3390/electronics11193040.
X. Zhou, J. Liu, Q. Wu, y Z. Zhang, «Privacy Preservation for Outsourced Medical Data with Flexible Access Control», IEEE Access, vol. 6, pp. 14827-14841, 2018, doi: 10.1109/ACCESS.2018.2810243.
A. Bouani, Y. B. Maissa, R. Saadane, A. Hammouch, y A. Tamtaoui, «A Comprehensive Survey of Medium Access Control Protocols for Wireless Body Area Networks», Wirel. Commun. Mob. Comput., vol. 2021, 2021, doi: 10.1155/2021/5561580.
Y. Zia, F. Bashir, y K. N. Qureshi, «Dynamic superframe adaptation using group-based media access control for handling traffic heterogeneity in wireless body area networks», Int. J. Distrib. Sens. Netw., vol. 16, n.o 8, 2020, doi: 10.1177/1550147720949140.
S. K. Memon, N. I. Sarkar, y A. Al-Anbuky, «Multiple preemptive EDCA for emergency medium access control in distributed WLANs», Wirel. Netw., vol. 23, n.o 5, pp. 1523-1534, 2017, doi: 10.1007/s11276-016-1236-9.
G. Kang y Y.-G. Kim, «Secure Collaborative Platform for Health Care Research in an Open Environment: Perspective on Accountability in Access Control», J. Med. Internet Res., vol. 24, n.o 10, p. e37978, oct. 2022, doi: 10.2196/37978.
S. Salonikias, M. Khair, T. Mastoras, y I. Mavridis, «Blockchain-Based Access Control in a Globalized Healthcare Provisioning Ecosystem», Electronics, vol. 11, n.o 17, Art. n.o 17, ene. 2022, doi: 10.3390/electronics11172652.
P. H. P. Jati et al., «Data Access, Control, and Privacy Protection in the VODAN-Africa Architecture», Data Intell., pp. 1-29, ago. 2022, doi: 10.1162/dint_a_00180.
M. Fareed y A. A. Yassin, «Privacy-preserving multi-factor authentication and role-based access control scheme for the E-healthcare system», Bull. Electr. Eng. Inform., vol. 11, n.o 4, Art. n.o 4, ago. 2022, doi: 10.11591/eei.v11i4.3658.
J. R. Amalraj y R. Lourdusamy, «A Novel Distributed Token-Based Access Control Algorithm Using A Secret Sharing Scheme for Secure Data Access Control», Int. J. Comput. Netw. Appl., vol. 9, n.o 4, p. 374, ago. 2022, doi: 10.22247/ijcna/2022/214501.
L. Zhang et al., «BDSS: Blockchain-based Data Sharing Scheme With Fine-grained Access Control And Permission Revocation In Medical Environment», KSII Trans. Internet Inf. Syst. TIIS, vol. 16, n.o 5, pp. 1634-1652, 2022, doi: 10.3837/tiis.2022.05.012.
S. Thapliyal et al., «ACM-SH: An Efficient Access Control and Key Establishment Mechanism for Sustainable Smart Healthcare», Sustainability, vol. 14, n.o 8, Art. n.o 8, ene. 2022, doi: 10.3390/su14084661.
Q. Wang, L. Hou, J.-C. Hong, X. Yang, y M. Zhang, «Impact of Face-Recognition-Based Access Control System on College Students’ Sense of School Identity and Belonging During COVID-19 Pandemic», Front. Psychol., vol. 13, 2022, Accedido: 8 de noviembre de 2022. [En línea]. Disponible en: https://www.frontiersin.org/articles/10.3389/fpsyg.2022.808189
H. Saidi, N. Labraoui, A. A. A. Ari, L. A. Maglaras, y J. H. M. Emati, «DSMAC: Privacy-Aware Decentralized Self-Management of Data Access Control Based on Blockchain for Health Data», IEEE Access, vol. 10, pp. 101011-101028, 2022, doi: 10.1109/ACCESS.2022.3207803.
K. Zala et al., «On the Design of Secured and Reliable Dynamic Access Control Scheme of Patient E-Healthcare Records in Cloud Environment», Comput. Intell. Neurosci., vol. 2022, p. e3804553, ago. 2022, doi: 10.1155/2022/3804553.
T.-W. Chiang et al., «Novel Lagrange interpolation polynomials for dynamic access control in a healthcare cloud system», Math. Biosci. Eng., vol. 19, n.o 9, Art. n.o mbe-19-09-427, 2022, doi: 10.3934/mbe.2022427.
K. Thilagam et al., «Secure IoT Healthcare Architecture with Deep Learning-Based Access Control System», J. Nanomater., vol. 2022, p. e2638613, may 2022, doi: 10.1155/2022/2638613.
X. Li, «A Blockchain-Based Verifiable User Data Access Control Policy for Secured Cloud Data Storage», Comput. Intell. Neurosci., vol. 2022, p. e2254411, abr. 2022, doi: 10.1155/2022/2254411.
S. Shi, M. Luo, Y. Wen, L. Wang, y D. He, «A Blockchain-Based User Authentication Scheme with Access Control for Telehealth Systems», Secur. Commun. Netw., vol. 2022, p. e6735003, mar. 2022, doi: 10.1155/2022/6735003.
I. Boumezbeur y K. Zarour, «Privacy Preservation and Access Control for Sharing Electronic Health Records Using Blockchain Technology», Acta Inform. Pragensia, vol. 11, n.o 1, pp. 105-122, mar. 2022, doi: 10.18267/j.aip.176.
R. Jiang, S. Han, M. Shi, T. Gao, y X. Zhao, «Healthcare Big Data Privacy Protection Model Based on Risk-Adaptive Access Control», Secur. Commun. Netw., vol. 2022, p. e3086516, mar. 2022, doi: 10.1155/2022/3086516.
S. Xu, Y. Li, R. H. Deng, Y. Zhang, X. Luo, y X. Liu, «Lightweight and Expressive Fine-Grained Access Control for Healthcare Internet-of-Things», IEEE Trans. Cloud Comput., vol. 10, n.o 1, pp. 474-490, ene. 2022, doi: 10.1109/TCC.2019.2936481.
K. C. y Dr. R. S., «Top-Down Approach in Access Control with Timing Enabled Key Distribution for Hierarchical Systems in Electronic Health Records», Indian J. Comput. Sci. Eng., vol. 13, n.o 1, pp. 34-39, feb. 2022, doi: 10.21817/indjcse/2022/v13i1/221301033.
S. Khan et al., «An Efficient and Secure Revocation-Enabled Attribute-Based Access Control for eHealth in Smart Society», Sensors, vol. 22, n.o 1, 2022, doi: 10.3390/s22010336.
I. Ullah, H. Zahid, F. Algarni, y M. A. Khan, «An access control scheme using heterogeneous signcryption for IoT environments», Comput. Mater. Contin., vol. 70, n.o 3, pp. 4307-4321, 2022, doi: 10.32604/cmc.2022.017380.
Z. Szabó y V. Bilicki, «Evaluation of EHR Access Control in a Heterogenous Test Environment», Acta Cybern., vol. 25, n.o 2, pp. 485-516, 2021, doi: 10.14232/ACTACYB.290283.
A. Iftekhar, X. Cui, Q. Tao, y C. Zheng, «Hyperledger fabric access control system for internet of things layer in blockchain-based applications», Entropy, vol. 23, n.o 8, 2021, doi: 10.3390/e23081054.
H. H. Hlaing, Y. Funamoto, y M. Mambo, «Secure content distribution with access control enforcement in named data networking», Sensors, vol. 21, n.o 13, 2021, doi: 10.3390/s21134477.
F. Khan, S. Khan, S. Tahir, J. Ahmad, H. Tahir, y S. A. Shah, «Granular data access control with a patient-centric policy update for healthcare», Sensors, vol. 21, n.o 10, 2021, doi: 10.3390/s21103556.
M. T. de Oliveira, H.-V. Dang, L. H. A. Reis, H. A. Marquering, y S. D. Olabarriaga, «AC-AC: Dynamic revocable access control for acute care teams to access medical records», Smart Health, vol. 20, 2021, doi: 10.1016/j.smhl.2021.100190.
H. M. Hussien, S. M. Yasin, N. I. Udzir, y M. I. H. Ninggal, «Blockchain-based access control scheme for secure shared personal health records over decentralised storage», Sensors, vol. 21, n.o 7, 2021, doi: 10.3390/s21072462.
P. Meier, J. H. Beinke, C. Fitte, J. Schulte to Brinke, y F. Teuteberg, «Generating design knowledge for blockchain-based access control to personal health records», Inf. Syst. E-Bus. Manag., vol. 19, n.o 1, pp. 13-41, 2021, doi: 10.1007/s10257-020-00476-2.
M. Antonio de Carvalho Junior y P. Bandiera-Paiva, «Implications of loosened Role-based Access Control session control implementation for the enforcement of Dynamic Mutually Exclusive Roles properties on Health Information Systems», Inform. Med. Unlocked, vol. 27, 2021, doi: 10.1016/j.imu.2021.100780.
F. Chen et al., «Data Access Control Based on Blockchain in Medical Cyber Physical Systems», Secur. Commun. Netw., vol. 2021, 2021, doi: 10.1155/2021/3395537.
S.-C. Haw, O. Tahir Yinka, T. T. V. Yap, y S. Subramaniam, «Improving the data access control using blockchain for healthcare domain», F1000Research, vol. 10, 2021, doi: 10.12688/f1000research.72890.2.
Y. Ding, H. Xu, Y. Wang, F. Yuan, y H. Liang, «Secure Multi-Keyword Search and Access Control over Electronic Health Records in Wireless Body Area Networks», Secur. Commun. Netw., vol. 2021, 2021, doi: 10.1155/2021/9520941.
Y. Chen, L. Meng, H. Zhou, y G. Xue, «A Blockchain-Based Medical Data Sharing Mechanism with Attribute-Based Access Control and Privacy Protection», Wirel. Commun. Mob. Comput., vol. 2021, 2021, doi: 10.1155/2021/6685762.
J. Zhao, P. Zeng, y K.-K. R. Choo, «An Efficient Access Control Scheme with Outsourcing and Attribute Revocation for Fog-Enabled E-Health», IEEE Access, vol. 9, pp. 13789-13799, 2021, doi: 10.1109/ACCESS.2021.3052247.
C. Camara, P. Peris-Lopez, J. M. De Fuentes, y S. Marchal, «Access Control for Implantable Medical Devices», IEEE Trans. Emerg. Top. Comput., vol. 9, n.o 3, pp. 1126-1138, 2021, doi: 10.1109/TETC.2020.2982461.
J. Sun, L. Ren, S. Wang, y X. Yao, «A blockchain-based framework for electronic medical records sharing with fine-grained access control», PLoS ONE, vol. 15, n.o 10 October, 2020, doi: 10.1371/journal.pone.0239946.
J. Sun, H. Xiong, X. Liu, Y. Zhang, X. Nie, y R. H. Deng, «Lightweight and Privacy-Aware Fine-Grained Access Control for IoT-Oriented Smart Health», IEEE Internet Things J., vol. 7, n.o 7, pp. 6566-6575, 2020, doi: 10.1109/JIOT.2020.2974257.
T. T. Thwin y S. Vasupongayya, «Performance analysis of blockchain-based access control model for personal health record system with architectural modelling and simulation», Int. J. Networked Distrib. Comput., vol. 8, n.o 3, pp. 139-151, 2020, doi: 10.2991/ijndc.k.200515.002.
M. Ali, M.-R. Sadeghi, y X. Liu, «Lightweight fine-grained access control for wireless body area networks», Sens. Switz., vol. 20, n.o 4, 2020, doi: 10.3390/s20041088.
S. R. Vulapula y S. Malladi, «Attribute-Based Encryption for Fine-Grained Access Control on Secure Hybrid Clouds», Int. J. Adv. Comput. Sci. Appl., vol. 11, n.o 10, pp. 380-387, 2020, doi: 10.14569/IJACSA.2020.0111047.
M. Guclu, C. Bakir, y V. Hakkoymaz, «A New Scalable and Expandable Access Control Model for Distributed Database Systems in Data Security», Sci. Program., vol. 2020, 2020, doi: 10.1155/2020/8875069.
Q. Li, Y. Zhang, T. Zhang, H. Huang, Y. He, y J. Xiong, «HTAC: Fine-Grained Policy-Hiding and Traceable Access Control in mHealth», IEEE Access, vol. 8, pp. 123430-123439, 2020, doi: 10.1109/ACCESS.2020.3004897.
L. O. Nweke, P. Yeng, S. D. Wolthusen, y B. Yang, «Understanding attribute-based access control for modelling and analysing healthcare professionals’ security practices», Int. J. Adv. Comput. Sci. Appl., n.o 2, pp. 683-690, 2020, doi: 10.14569/ijacsa.2020.0110286.
X. Zhou, J. Liu, Z. Zhang, y Q. Wu, «Secure Outsourced Medical Data against Unexpected Leakage with Flexible Access Control in a Cloud Storage System», Secur. Commun. Netw., vol. 2020, 2020, doi: 10.1155/2020/8347213.
K. Edemacu, B. Jang, y J. W. Kim, «Efficient and Expressive Access Control with Revocation for Privacy of PHR Based on OBDD Access Structure», IEEE Access, vol. 8, pp. 18546-18557, 2020, doi: 10.1109/ACCESS.2020.2968078.
P. Moura, P. Fazendeiro, P. R. M. Inácio, P. Vieira-Marques, y A. Ferreira, «Assessing Access Control Risk for mHealth: A Delphi Study to Categorize Security of Health Data and Provide Risk Assessment for Mobile Apps», J. Healthc. Eng., vol. 2020, 2020, doi: 10.1155/2020/5601068.
Y. Zhang et al., «Research on electronic medical record access control based on blockchain», Int. J. Distrib. Sens. Netw., vol. 15, n.o 11, 2019, doi: 10.1177/1550147719889330.
Y. Chen, W. Sun, N. Zhang, Q. Zheng, W. Lou, y Y. T. Hou, «Towards Efficient Fine-Grained Access Control and Trustworthy Data Processing for Remote Monitoring Services in IoT», IEEE Trans. Inf. Forensics Secur., vol. 14, n.o 7, pp. 1830-1842, 2019, doi: 10.1109/TIFS.2018.2885287.
T. Kanwal et al., «Privacy-aware relationship semantics–based XACML access control model for electronic health records in hybrid cloud», Int. J. Distrib. Sens. Netw., vol. 15, n.o 6, 2019, doi: 10.1177/1550147719846050.
E. Greene, P. Proctor, y D. Kotz, «Secure sharing of mHealth data streams through cryptographically-enforced access control», Smart Health, vol. 12, pp. 49-65, 2019, doi: 10.1016/j.smhl.2018.01.003.
Y. Yang, X. Zheng, W. Guo, X. Liu, y V. Chang, «Privacy-preserving smart IoT-based healthcare big data storage and self-adaptive access control system», Inf. Sci., vol. 479, pp. 567-592, 2019, doi: 10.1016/j.ins.2018.02.005.
S. Chenthara, K. Ahmed, y F. Whittaker, «Privacy-Preserving Data Sharing Using Multi-Layer Access Control Model in Electronic Health Environment», EAI Endorsed Trans. Scalable Inf. Syst., vol. 6, n.o 22, pp. 1-12, 2019, doi: 10.4108/eai.13-7-2018.159356.
K. Riad, R. Hamza, y H. Yan, «Sensitive and Energetic IoT Access Control for Managing Cloud Electronic Health Records», IEEE Access, vol. 7, pp. 86384-86393, 2019, doi: 10.1109/ACCESS.2019.2926354.
Q. Wang, H. Wang, Y. Wang, y R. Guo, «A Distributed Access Control with Outsourced Computation in Fog Computing», Secur. Commun. Netw., vol. 2019, 2019, doi: 10.1155/2019/6782753.
A. R. Rajput, Q. Li, M. Taleby Ahvanooey, y I. Masood, «EACMS: Emergency Access Control Management System for Personal Health Record Based on Blockchain», IEEE Access, vol. 7, pp. 84304-84317, 2019, doi: 10.1109/ACCESS.2019.2917976.
T. T. Thwin y S. Vasupongayya, «Blockchain-Based Access Control Model to Preserve Privacy for Personal Health Record Systems», Secur. Commun. Netw., vol. 2019, 2019, doi: 10.1155/2019/8315614.
F. P. Diez, D. S. Touceda, J. M. S. Cámara, y S. Zeadally, «Lightweight Access Control System for Wearable Devices», IT Prof., vol. 21, n.o 1, pp. 50-58, 2019, doi: 10.1109/MITP.2018.2876985.
G. Chen, Y. Zhan, G. Sheng, L. Xiao, y Y. Wang, «Reinforcement Learning-Based Sensor Access Control for WBANs», IEEE Access, vol. 7, pp. 8483-8494, 2019, doi: 10.1109/ACCESS.2018.2889879.
A. Margheri, M. Masi, R. Pugliese, y F. Tiezzi, «A Rigorous Framework for Specification, Analysis and Enforcement of Access Control Policies», IEEE Trans. Softw. Eng., vol. 45, n.o 1, pp. 2-33, 2019, doi: 10.1109/TSE.2017.2765640.
Y. Zhang, R. H. Deng, G. Han, y D. Zheng, «Secure smart health with privacy-aware aggregate authentication and access control in Internet of Things», J. Netw. Comput. Appl., vol. 123, pp. 89-100, 2018, doi: 10.1016/j.jnca.2018.09.005.
J. Sun, X. Wang, S. Wang, y L. Ren, «A searchable personal health records framework with fine-grained access control in cloud-fog computing», PLoS ONE, vol. 13, n.o 11, 2018, doi: 10.1371/journal.pone.0207543.
Y. Ming y T. Zhang, «Efficient privacy-preserving access control scheme in electronic health records system», Sens. Switz., vol. 18, n.o 10, 2018, doi: 10.3390/s18103520.
Y. Yang, X. Liu, y R. H. Deng, «Lightweight break-glass access control system for healthcare internet-of-things», IEEE Trans. Ind. Inform., vol. 14, n.o 8, pp. 3610-3617, 2018, doi: 10.1109/TII.2017.2751640.
Y. Zhang, D. Zheng, y R. H. Deng, «Security and Privacy in Smart Health: Efficient Policy-Hiding Attribute-Based Access Control», IEEE Internet Things J., vol. 5, n.o 3, pp. 2130-2145, 2018, doi: 10.1109/JIOT.2018.2825289.
U. Salama, L. Yao, y H.-Y. Paik, «An internet of things based multi-level privacy-preserving access control for smart living», Informatics, vol. 5, n.o 2, 2018, doi: 10.3390/informatics5020023.
G. Lin, L. You, B. Hu, H. Hong, y Z. Sun, «A coordinated ciphertext policy attribute-based PHR access control with user accountability», KSII Trans. Internet Inf. Syst., vol. 12, n.o 4, pp. 1832-1853, 2018, doi: 10.3837/tiis.2018.04.024.
A. Small y D. Wainwright, «Privacy and security of electronic patient records – Tailoring multimethodology to explore the socio-political problems associated with Role Based Access Control systems», Eur. J. Oper. Res., vol. 265, n.o 1, pp. 344-360, 2018, doi: 10.1016/j.ejor.2017.07.041.
K. Seol, Y.-G. Kim, E. Lee, Y.-D. Seo, y D.-K. Baik, «Privacy-preserving attribute-based access control model for XML-based electronic health record system», IEEE Access, vol. 6, pp. 9114-9128, 2018, doi: 10.1109/ACCESS.2018.2800288.
S. Bhartiya, D. Mehrotra, y A. Girdhar, «Proposing hierarchy-similarity based access control framework: A multilevel Electronic Health Record data sharing approach for interoperable environment», J. King Saud Univ. - Comput. Inf. Sci., vol. 29, n.o 4, pp. 505-519, 2017, doi: 10.1016/j.jksuci.2015.08.005.
M. Abomhara, H. Yang, G. M. Køien, y M. B. Lazreg, «Work-Based Access Control Model for Cooperative Healthcare Environments: Formal Specification and Verification», J. Healthc. Inform. Res., vol. 1, n.o 1, pp. 19-51, 2017, doi: 10.1007/s41666-017-0004-7.
S. M. Bhaskaran y R. Sridhar, «Hybrid solution for privacy-preserving access control for healthcare data», Adv. Electr. Comput. Eng., vol. 17, n.o 2, pp. 31-38, 2017, doi: 10.4316/AECE.2017.02005.
S. Arunkumar, B. Soyluoglu, M. Sensoy, M. Srivatsa, y M. Rajarajan, «Location attestation and access control for mobile devices using GeoXACML», J. Netw. Comput. Appl., vol. 80, pp. 181-188, 2017, doi: 10.1016/j.jnca.2016.11.028.
P. G. Shynu y K. J. Singh, «An enhanced ABE based secure access control scheme for E-health clouds», Int. J. Intell. Eng. Syst., vol. 10, n.o 5, pp. 29-37, 2017, doi: 10.22266/ijies2017.1031.04.
S. Chatterjee et al., «On the Design of Fine Grained Access Control with User Authentication Scheme for Telecare Medicine Information Systems», IEEE Access, vol. 5, pp. 7012-7030, 2017, doi: 10.1109/ACCESS.2017.2694044.
Z. Qin, J. Sun, D. Chen, y H. Xiong, «Flexible and Lightweight Access Control for Online Healthcare Social Networks in the Context of the Internet of Things», Mob. Inf. Syst., vol. 2017, 2017, doi: 10.1155/2017/7514867.