Skip to main content

Advertisement

SpringerLink
Log in

Cerberus, an Access Control Scheme for Enforcing Least Privilege in Patient Cohort Study Platforms

A Comprehensive Access Control Scheme Applied to the GENIDA Project – Study of Genetic Forms of Intellectual Disabilities and Autism Spectrum Disorders

  • Patient Facing Systems
  • Published:
Journal of Medical Systems Aims and scope Submit manuscript

Abstract

Cohort Study Platforms (CSP) are emerging as a key tool for collecting patient information, providing new research data, and supporting family and patient associations. However they pose new ethics and regulatory challenges since they cross the gap between patients and medical practitioners. One of the critical issues for CSP is to enforce a strict control on access privileges whilst allowing the users to take advantage of the breadth of the available data. We propose Cerberus, a new access control scheme spanning the whole life-cycle of access right management: design, implementation, deployment and maintenance, operations. Cerberus enables switching from a dual world, where CSP data can be accessed either from the users who entered it or fully de-identified, to an access-when-required world, where patients, practitioners and researchers can access focused medical data through explicit authorisation by the data owner. Efficient access control requires application-specific access rights, as well as the ability to restrict these rights when they are not used. Cerberus is implemented and evaluated in the context of the GENIDA project, an international CSP for Genetically determined Intellectual Disabilities and Autism Spectrum Disorders. As a result of this study, the software is made available for the community, and validated specifications for CSPs are given.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

Notes

  1. https://mygene2.org/

  2. http://www.rarechromo.org/

  3. https://www.genespark.org/

  4. https://www.23andme.com/

  5. https://www.patientslikeme.com/

  6. hope.unistra.fr

  7. https://genida.unistra.fr/

  8. http://www.radico.fr/

  9. https://github.com/Genida/django-cerberus-ac

  10. https://github.com/Genida/django-cerberus-ac/tree/master/src/cerberus_ac/genida.rdf

References

  1. Alshehri, S., and Raj, R. K., Secure access control for health information sharing systems. In: 2013 IEEE international conference on healthcare informatics (ICHI), IEEE, pp 277–286, 2013.

  2. Ardagna, C. A., Di Vimercati, S. D. C., Foresti, S., Grandison, T. W., Jajodia, S., and Samarati, P., Access control for smarter healthcare using policy spaces. Comput Secur 29(8):848–858, 2010

  3. Asiki, G., Murphy,, G., Nakiyingi-Miiro, J., Seeley, J., Nsubuga, R. N., Karabarinde, A., Waswa, L., Biraro, S., Kasamba, I., Pomilla, C., et al., The general population cohort in rural south-western uganda: a platform for communicable and non-communicable disease studies. International journal of epidemiology p dys234, 2013.

  4. Ayed, S., Idrees, M. S., Cuppens, N., and Cuppens, F., Achieving dynamicity in security policies enforcement using aspects. International Journal of Information Security pp 1–21, 2017.

  5. Azkia, H., Cuppens-Boulahia, N., Cuppens, F., Coatrieux, G., and Oulmakhzoune, S., Deployment of a posteriori access control using ihe atna. Int J Inf Secur 14(5):471–483, 2015.

  6. Baldus, H., Corroy, S., Fazzi, A., Klabunde, K., and Schenk, T., Human-centric connectivity enabled by body-coupled communications. IEEE Commun Mag 47(6):172–178, 2009.

  7. Bhatti, R., Moidu, K., and Ghafoor, A., Policy-based security management for federated healthcare databases (or rhios). In: Proceedings of the international workshop on Healthcare information and knowledge management, ACM, pp 41–48, 2006.

  8. Blobel, B., Authorisation and access control for electronic health record systems. Int J Med Inform 73(3):251–257, 2004.

  9. Bruce, N., Sain, M., and Lee, H. J., A support middleware solution for e-healthcare system security. In: Advanced Communication Technology (ICACT), 2014 16th International Conference on, IEEE, pp 44–47, 2014.

  10. Buttyan, L., and Holczer, T., Traffic analysis attacks and countermeasures in wireless body area sensor networks. In: 2012 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM), IEEE, pp. 1–6, 2012.

  11. Butzkueven, H., Chapman, J., Cristiano, E., Grand’Maison, F., Hoffmann, M., Izquierdo, G., Jolley, D., Kappos, L., Leist, T., Pöhlau, D, et al., Msbase: an international, online registry and platform for collaborative outcomes research in multiple sclerosis. Mult Scler J 12(6):769–774, 2006.

  12. Chen, C. L., Yang, T. T., Chiang, M. L., and Shih, T. F., A privacy authentication scheme based on cloud for medical environment. J Med Syst 38(11):143, 2014.

  13. Choi, C., Choi, J., and Kim, P., Ontology-based access control model for security policy reasoning in cloud computing. J Supercomput 67(3):711–722, 2014.

  14. Colin, F., Mazzucotelli, T., Parrend, P., Deruyver, A., and Mandel, J. L., Genida: a social network and database to inform on natural history of monogenic forms of intellectual disability and autism. In: Proceedings of Human Genetics ES (ed) European Human Genetics Conference, 2015. http://icube-publis.unistra.fr/6-CMPD15

  15. Decker, S., Erdmann, M., Fensel, D., and Studer, R., Ontobroker: Ontology based access to distributed and semi-structured information. In: Database Semantics, Springer, pp 351–369, 1999.

  16. Hochfeld, W. E., Fickl, H., Asfaha, S. M., Durandt, C., Rheeder, P., Drögemöller, B. I., Wright, G. E., Warnich, L., Labuschagne, C. D., et al., Introduction of the amplichip cyp450 test to a south african cohort: a platform comparative prospective cohort study. BMC Med Genet 14(1):20, 2013.

  17. Ferraiolo, D. F., Sandhu, R., Gavrila, S., Kuhn, D. R., and Chandramouli, R., Proposed nist standard for role-based access control. ACM Trans Inf Syst Secur 4(3):224–274, 2001.

  18. Ferreira, A., Chadwick, D., Farinha, P., Correia, R., Zao, G., Chilro, R., and Antunes, L., How to securely break into rbac: the btg-rbac model. In: Computer Security Applications Conference, 2009. ACSAC’09. Annual, IEEE, pp. 23–31, 2009.

  19. Finin, T., Joshi, A., Kagal, L., Niu, J., Sandhu, R., Winsborough, W., and Thuraisingham, B., R owl bac: representing role based access control in owl. In: Proceedings of the 13th ACM symposium on Access control models and technologies, ACM, pp 73–82, 2008.

  20. Garkoti, G., Peddoju, S. K., and Balasubramanian, R., Detection of insider attacks in cloud based e-healthcare environment. In: 2014 International Conference on Information Technology (ICIT), IEEE, pp. 195–200, 2014.

  21. Gope, P., and Amin, R., A novel reference security model with the situation based access policy for accessing ephr data. J Med Syst 40(11):242, 2016.

  22. Hoerbst, A., and Ammenwerth, E., Electronic health records. Methods Inf Med 49(4):320–336, 2010.

  23. Jayabalan, M., and O’Daniel, T., Access control and privilege management in electronic health record: a systematic literature review. J Med Syst 40(12):261, 2016.

  24. Kalam, A. A. E., Baida, R. E., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miege, A., Saurel, C., and Trouessin, G., Organization based access control. In: IEEE 4th International Workshop on Policies for Distributed Systems and Networks, 2003. Proceedings. POLICY 2003. IEEE, pp 120–131, 2003.

  25. Kambourakis, G., Damopoulos, D., Papamartzivanos, D., and Pavlidakis, E., Introducing touchstroke: keystroke-based authentication system for smartphones. Secur Commun Netw 9(6):542–554, 2016.

  26. Koolen, D.A., Vissers, L.E., Pfundt, R., de Leeuw, N., Knight, S.J., Regan, R., Kooy, R.F., Reyniers, E., Romano, C., Fichera, M., et al., A new chromosome 17q21. 31 microdeletion syndrome associated with a common inversion polymorphism. Nat Genet 38(9):999–1001, 2006.

  27. Kruse, C. S., Kristof, C., Jones, B., Mitchell E., and Martinez, A., Barriers to electronic health record adoption: a systematic literature review. J Med Syst 40(12):252, 2016.

  28. Le, X. H., Lee, S., Lee, Y. K., Lee, H., Khalid, M., and Sankar, R., Activity-oriented access control to ubiquitous hospital information and services. Inf Sci 180(16):2979–2990, 2010.

  29. Li, C., Raghunathan, A., and Jha, N. K., Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system. In: 2011 13th IEEE International Conference on e-Health Networking Applications and Services (Healthcom), IEEE, pp 150–156, 2011.

  30. Li, M., Yu, S., Ren, K., and Lou, W., Securing personal health records in cloud computing: Patient-centric and fine-grained data access control in multi-owner settings. In: International Conference on Security and Privacy in Communication Systems, Springer, pp 89–106, 2010.

  31. Liang, X., Li, X., Shen, Q., Lu, R., Lin, X., Shen, X., and Zhuang, W., Exploiting prediction to enable secure and reliable routing in wireless body area networks. In: INFOCOM, 2012 Proceedings IEEE, IEEE, pp. 388–396, 2012.

  32. Mattioli, F., Piton, A., Gérard, B, Superti-Furga, A., Mandel, J. L., and Unger S., Novel de novo mutations in zbtb20 in primrose syndrome with congenital hypothyroidism. Am J Med Genet A 170(6):1626–1629, 2016.

  33. McGee, D. L., Liao, Y., Cao, G., and Cooper, R. S., Self-reported health status and mortality in a multiethnic us cohort. Am J Epidemiol 149(1):41–46, 1999.

  34. Park, J., and Sandhu, R., Towards usage control models: beyond traditional access control. In: Proceedings of the seventh ACM symposium on Access control models and technologies, ACM, pp 57–64, 2002.

  35. Parrend, P., Mazzucotelli, T., and Colin, F., Using design structure matrices (dsm) as security controls for software architectures. Tech. Rep. 1, Complex System Digital Campus, cS-DC Research Report, ARK:69427.03, 2017.

  36. Priebe, T., Dobmeier, W., and Kamprath, N., Supporting attribute-based access control with ontologies. In: The 1st International Conference on Availability, Reliability and Security, 2006. ARES 2006. IEEE, pp 8–pp, 2006.

  37. Pusara, M., and Brodley, C. E., User re-authentication via mouse movements. In: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security. ACM, pp. 1–8, 2004.

  38. Reyher, K., Dufour, S., Barkema, H., Des Côteaux, L, Devries, T., Dohoo, I., Keefe, G., Roy, J. P., and Scholl, D., The national cohort of dairy farms—a data collection platform for mastitis research in canada. J Dairy Sci 94(3):1616–1626, 2011.

  39. Rorís, V. M. A, Gago, J. M. S., Sabucedo, LÁ, Merino, M. R., and Valero, J. S., An ict-based platform to monitor protocols in the healthcare environment. J Med Syst 40(10):225, 2016.

  40. Sandhu, R. S., Coyne, E. J., Feinstein H. L., and Youman C. E., Role-based access control models. Computer 29(2):38–47, 1996.

  41. Seitz, L., Pierson, J. M., and Brunie, L., Semantic access control for medical applications in grid environments. Euro-Par 2003 Parallel Processing pp 374–383, 2003.

  42. Shen, Q., Liang, X., Shen, X., Lin, X., and Luo, H. Y., Exploiting geo-distributed clouds for a e-health monitoring system with minimum service delay and privacy preservation. IEEE J Biomed Health Inf 18(2):430–439, 2014.

  43. Spagnuelo, D., and Lenzini, G., Transparent medical data systems. J Med Syst 41(1):8, 2017.

  44. Suciu, G., Suciu, V., Martian, A., Craciunescu, R., Vulpe, A., Marcu, I., Halunga, S., and Fratu, O., Big data, internet of things and cloud convergence–an architecture for secure e-health applications. J Med Syst 39(11):141, 2015.

  45. Van Esch, H., MECP2 duplication syndrome. Seattle: University of Washington, 2014.

  46. Wang, L., Wijesekera, D., and Jajodia, S., A logic-based framework for attribute based access control. In: Proceedings of the 2004 ACM workshop on Formal methods in security engineering. ACM, pp. 45–55, 2004.

  47. Wicks, P., Vaughan, T. E., Massagli, M. P., and Heywood, J., Accelerated clinical discovery using self-reported patient data collected online and a patient-matching algorithm. Nat Biotechnol 29(5):411–414, 2011.

  48. Willemsen, M.H., Vulto-van Silfhout, A.T., Nillesen, W.M., Wissink-Lindhout, W.M., van Bokhoven, H., Philip, N., Berry-Kravis, E., Kini, U., van Ravenswaaij-Arts, C., Delle Chiaie, B., et al., Update on kleefstra syndrome. Molecular syndromology 2(3-5):202–212, 2011.

  49. Yarmand, M. H., Sartipi, K., and Down, D. G., Behavior-based access control for distributed healthcare systems. J Comput Secur 21(1):1–39, 2013.

  50. Zeadally, S., Isaac, J. T., and Baig, Z., Security attacks and solutions in electronic health (e-health) systems. J Med Syst 40(12):263, 2016.

  51. Zhou, J., Cao, Z., Dong, X., Lin, X., and Vasilakos, A. V., Securing m-healthcare social networks: challenges, countermeasures and future directions. IEEE Wirel Commun 20(4):12–21, 2013.

Download references

Acknowledgements

We wish to thank Pr. Jamel Chelly for his support to the GENIDA project, the RaDiCo project team for their ongoing technical and legal support, as well as Julie Thompson from ICube laboratory for the correction of the English language. Last but not least, this work was made possible by the development performed by Mihnea Gheorghiu, who during his bachelor internship at ECAM Strasbourg-Europe provided many ideas and lines of code for the Cerberus module of GENIDA platform.

Author information

Authors and Affiliations

  1. ECAM Strasbourg-Europe, 2 Rue de Madrid, 67300, Schiltigheim, France

    Pierre Parrend

  2. ICube laboratory, University of Strasbourg, CNRS, Complex System Digital Campus UNESCO Unitwin, Strasbourg, France

    Pierre Parrend & Pierre Collet

  3. IGBMC - CNRS UMR 7104 - Inserm U 964 1 rue Laurent Fries, BP 10142, 67404 Illkirch CEDEX, Illkirch, France

    Timothée Mazzucotelli, Florent Colin & Jean-Louis Mandel

  4. Chaire de Génétique Humaine, Collège de France, Illkirch, France

    Jean-Louis Mandel

Authors
  1. Pierre Parrend
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Timothée Mazzucotelli
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Florent Colin
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Pierre Collet
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jean-Louis Mandel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pierre Parrend.

Ethics declarations

Conflict of interests

The technical work presented as the contribution of this work implies in itself no ethical challenges. However, it supports medical study protocols which are conducted according to the ethical standard and best practises of research organisations the authors are part of, in particular the INSERM in France, as presented in Section 4.

This article does not contain any studies with human participants performed by any of the authors in the sense of the 1964 Helsinki declaration and its later amendments or comparable ethical standards, since only data gathering and no medical act is involved in the research protocol. This article does not contain any studies with animals performed by any of the authors. Informed consent was obtained from all individual participants included in the study, since the patient or their relatives themselves enter their own data.

This work is funded by the Roche Grant for personalised medicine through the Foundation of the University of Strasbourg, by the IDEX Excellence Initiative of the University of Strasbourg, and by the Institut des Etudes avancées (USIAS) of the University of Strasbourg.

Additional information

This article is part of the Topical Collection on Patient Facing Systems

This research is funded by the IDEX Excellence Initiative of the University of Strasbourg, the Institute of Advanced Studies of the University of Strasbourg (USIAS), and by the Foundation of the University of Strasbourg (Roche fund for personalised medicine). It is supported by the French National Programme for Rare Disease Cohorts (RaDiCo)

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Parrend, P., Mazzucotelli, T., Colin, F. et al. Cerberus, an Access Control Scheme for Enforcing Least Privilege in Patient Cohort Study Platforms. J Med Syst 42, 1 (2018). https://doi.org/10.1007/s10916-017-0844-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10916-017-0844-y

Keywords

Search

Navigation