Access control for cloud-based eHealth social networking: design and evaluation
Article first published online: 22 MAR 2013
Copyright © 2013 John Wiley & Sons, Ltd.
Security and Communication Networks
Volume 7, Issue 3, pages 574–587, March 2014
How to Cite
Bai, Y., Dai, L., Chung, S. and Devaraj, D. D. (2014), Access control for cloud-based eHealth social networking: design and evaluation. Security Comm. Networks, 7: 574–587. doi: 10.1002/sec.759
- Issue published online: 19 FEB 2014
- Article first published online: 22 MAR 2013
- Manuscript Accepted: 31 DEC 2012
- Manuscript Revised: 19 OCT 2012
- Manuscript Received: 31 JAN 2012
- access control;
- social networking;
- cloud computing;
eHealth is being rapidly deployed. Lower cost and greater productivity attract government and healthcare enterprise to transit from traditional healthcare service to eHealth service. Security and privacy are growing concerns with the widespread deployment of eHealth and the development of next generation of eHealth services. In this paper, we discuss these security problems and propose a high-level security framework that captures required features in the next-generation eHealth infrastructure. Our framework consists of the following: (i) an adaptive trust-aware tag-based privacy control to specify which data to share and whom to share with. The fine-grained control of data access is guaranteed; (ii) a decentralized authorization that relies on trust propagation protocol to provide robust and resilient access control enforcement; and (iii) a hybrid trust management mechanism that addresses access control information depository on a cloud server. It enforces user-defined access control not only in a distributed environment but also in a privacy-preserving manner so as to minimize the disclosure of privileges and of access policies. Copyright © 2013 John Wiley & Sons, Ltd.