In the medical industry, it is critical to ensure the confidentiality of patients’ personal health records when storing and managing them. Before cloud computing surfaced, heath providers used local servers and hard drives to store their records and data. As cloud computing has been becoming more prominent many healthcare providers are using the cloud to store and manage their sensitive data. This journal compares and investigates two different access control models, in particular Role-Based Access Control and Attribute-Based Access Control, to validate the confidentiality of data when storing and managing personal health records on cloud services. The comparative analysis of these access control models is done to identify possible inefficiency and privacy restrictions in these two access control based models. In addition, in this journal we propose a new access control model, which we refer to as Role-Attribute-Based-Encryption Access Control (RABE), by combining some of the best aspects of both RBAC and ABAC in order to improve data privacy on cloud systems used in healthcare.
Securing Personal Health Records in Cloud Computing: Patient-Centric and Fine-Grained Data Access Control in Multi-owner Settings
