An adaptive mutual trust based access control model for electronic healthcare system

With the increasing growth of the Electronic healthcare system (EHS), the security of the EHS is an essential requirement because different types of users (patient, doctor, nurse, etc.) are accessing these systems for various purposes like treatment, research, drug analysis, etc. In the EHS, two major security challenges arise. First one is the selection of an access control mechanism without any prior information about the healthcare users. The second one is how much amount of data will be shared by the healthcare services and practitioner. Hence, a suitable access control technique is essential which not only provides the static access but also dynamically control the views of the requested data, so that the information will be shared in a controlled manner. In the healthcare system, trust can be viewed as an important judgment parameter for controlling the access of different stakeholders as it is an open system with different types of users. The main aim of the work is to control the access view so that only authorized user can access the information in a controlled manner. It also improves adaptivity of the access control model by integration of dynamic trust degree of communicating parties. To fulfill the above-discussed security requirements, in this paper, we have proposed an access control model, which is based on the trust degree of the healthcare user and service, named as mutual trust. The assessment of user and service trust degree is based on the beta distribution technique. A rule set has been developed based on this mutual trust degree to control the data access view, which is dynamically changed with the communicating parties trust level. The detail implementation of the proposed model shows that the accuracy and efficiency of the model are better as compared to other models.