A Dynamic Access Control Policy Model for Sharing of Healthcare Data in Multiple Domains

Abstract—Authorization models have been developed to prevent unauthorized access to valuable resources such as electronic healthcare records (EHRs). In an applied environment, such as the healthcare domain, there are several types of authorities that generate EHRs and other security parameters via central authority for their users and the attribute authorities. The use of a central authority introduces several challenges in terms of security and privacy due to the increased risk if the central authority is compromised or corrupted. Observing that this research area has not been well addressed to date, we propose and present the first decentralized multi-authority attribute-based access control (DMA-ABAC) model based on the policy model, which enables authorities to independently control their security settings. We present an access control framework for a dynamic cross-domain authorization model that combines Attribute-Based Access Control (ABAC) and Attribute-Based Group Signature (ABGS). This combination aims at providing flexible access control with resistance against reply and third party storage attacks and attribute collusion, and enhanced access control, privacy and selective attributes.