面向医疗大数据的风险自适应的访问控制模型

doi:10.11959/j.issn.1000-436x.2015328

摘要/Abstract

摘要：

面对医疗大数据，策略制定者难以预测医生的访问需求，进而制定准确的访问控制策略。针对上述问题，提出一种基于风险的访问控制模型，能够适应性地调整医生的访问能力，保护患者隐私。该模型通过分析医生的访问历史，使用信息熵和EM算法量化医生侵犯隐私造成的风险。利用量化的风险，监测和控制对于医疗记录的过度访问以及特殊情况下的访问请求。实验结果表明，该模型是有效的，并且相比于其他模型能更为准确地进行访问控制。

关键词: 风险访问控制, 大数据, 隐私, 自适应

Abstract:

While dealing with the big data in healthcare,it was difficult for a policy maker to foresee what information a doctor may need,even to make an accurate access control policy.To deal with it,a risk-based access control model that regulates doctors’ access rights adaptively was proposed to protect patient privacy.This model analyzed the history of access,applies the EM algorithm and the information entropy technique to quantify the risk of privacy violation.Using the quantified risk,the model can detect and control the over-accessing and exceptional accessing of patients’ data.Experimental results show that this model is effective and more accurate than other models.

Key words: risk-based access control, big data, privacy, adaptive

惠榛,李昊,张敏,冯登国. 面向医疗大数据的风险自适应的访问控制模型[J]. 通信学报, 2015, 36(12): 190-199.

Zhen HUI,Hao LI,Min ZHANG,Deng-guo FENG. Risk-adaptive access control model for big data in healthcare[J]. Journal on Communications, 2015, 36(12): 190-199.

图/表 7

图1

图2

图3

表1

图4

表2

图5

参考文献 23

[1]	.[EB/OL].
[2]	.[EB/OL].
[3]	.[EB/OL].
[4]	.[EB/OL].
[5]	SANDHU R . The future of access control:attributes,automation,and adaptation[A]. Computational Intelligence,Cyber Security and Computational Models[C]. 2014. 45-45.
[6]	冯登国, 张敏, 李昊 . 大数据安全与隐私保护[J]. 计算机学报, 2014,37(1): 246-258. FENG D G , ZHANG M , LI H . Big data security and privacy protection[J]. Chinese Journal of Computers, 2014,37(1): 246-258.
[7]	SANDHU R , PIERANGELA S . Access control:principle and practice[J]. Communications Magazine, 1994,32(9): 40-48.
[8]	GRAHAM G S , DENNING P J . Protection:principles and practice[A]. Proceedings of the Conference[C]. ACM, 1972. 417-429.
[9]	HARRISON M A , RUZZO W L , ULLMANJ D . Protection in operating systems[J]. Communications of the ACM, 1976,19(8): 461-471.
[10]	SANDHU R , COYNE E , FEINSTEIN H ,et al. Role-based access control models[J]. Computer, 1996,29(2): 38-47.
[11]	JASONPROGRAMOFFICE . Horizontal Integration:Broader Access Models for Realizing Information Dominance[R]. The MITRE Corporation 2004.
[12]	WANG Q , JIN H . Quantified risk-adaptive access control for patient privacy protection in health information systems[A]. Proceedings of the 6th ACM Symposium on Information,Computer and Communications Security[C]. ACM, 2011. 406-410.
[13]	CHENG P C , ROHATGI P , KESER C ,et al. Fuzzy multi-level security:an experiment on quantified risk-adaptive access control[A]. IEEE Symposium on Security and Privacy(SP '07)[C]. IEEE, 2007. 222-230.
[14]	NI Q , BERINNO E , LOBO J . Risk-based access control systems built on fuzzy inferences[A]. In Proceedings of the 5th ACM Symposium on Information,Computer and Communications Security[C].ACM. 2010. 250-260.
[15]	NISSANK N , KHAYAT E J . Risk based security analysis of permissons in RBAC[A]. Proceedings of the 2nd International Workshop on Security in Information Systems,2004[C]. IEEE, 2004. 332-341.
[16]	CELIKEL E , KANTARCIOGLU M , THURAISINGHAM B M ,et al. A risk management approach to RBAC[J]. Risk and Decision Analysis, 2009,1(1): 21-33.
[17]	CHEN L , JASON C . Risk-aware role-based access control[A]. Security and Trust Management[C]. Springer Berlin Heidelberg, 2012. 140-156.
[18]	BIJON K Z , KRISHNAN R , SANDHU R . A framework for risk-aware role based access control[A]. Proceedings of the 6th Symposium on Security Analytics and Automation 2013[C]. IEEE, 2013. 462-469.
[19]	MCGRAW R . Risk-adaptable access control RADAC[R]. Privilege (Access) Management Workshop, 2009.
[20]	SANTOS D R , WESTPHALL C M , WESTPHALL C B . A dynamic risk-based access control architecture for cloud computing[A]. IEEE Network Operations ＆ Management Symposium[C]. IEEE, 2014. 1-9.
[21]	谢文冲, 杨英杰, 汪永伟 ,等. 基于风险的访问控制操作需求计算方法研究[J]. 计算机工程与设计, 2013,34(7): 2281-2285. XIE W C , YANG Y J , WANG Y W ,et al. Research on computing method of operational need in risk-based access control[J]. Computer Engineering and Design, 2013,34(7): 2281-2285.
[22]	王超, 陈性元 . 基于加权熵的访问控制策略安全性分析研究[J]. 电子学报, 2013,41(1): 47-51. WANG C , CHEN X Y . An approach for security analysis to access control policy based on entropy-weigh[J]. Acta Electronica Sinica, 2013,41(1): 47-51.
[23]	DEMPSTER A P , LAIRD N M , RUBIN D B . Maximum likelihood from incomplete data via the EM algorithm[J]. Journal of the Royal Statistical Society,Series B (Methodological), 1977: 1-38.

访问数目	K		准确率@K			召回率@K			F1分数@K
访问数目	K	本文		WANG	本文		WANG	本文		WANG
	10	1.00		1.00	0.17		0.17	0.29		0.29
	20	1.00		0.95	0.33		0.32	0.50		0.47
5	30	0.97		0.88	0.33		0.32	0.64		0.59
	40	0.93		0.80	0.62		0.53	0.72		0.64
	50	0.88		0.78	0.73		0.65	0.80		0.67
	10	1.00		1.00	0.17		0.17	0.29		0.29
	20	1.00		1.00	0.33		0.33	0.50		0.50
10	30	1.00		0.97	0.50		0.48	0.67		0.64
	40	1.00		0.78	0.67		0.52	0.80		0.62
	50	0.96		0.74	0.80		0.62	0.87		0.67
	10	1.00		1.00	0.17		0.17	0.29		0.29
	20	1.00		1.00	0.33		0.33	0.50		0.50
15	30	1.00		0.97	0.50		0.48	0.67		0.64
	40	1.00		0.88	0.67		0.59	0.80		0.70
	50	0.94		0.76	0.78		0.63	0.85		0.69
	10	1.00		1.00	0.17		0.17	0.29		0.29
	20	1.00		1.00	0.33		0.33	0.50		0.50
20	30	1.00		0.93	0.50		0.47	0.67		0.62
	40	1.00		0.85	0.67		0.57	0.80		0.68
	50	0.96		0.80	0.80		0.67	0.87		0.72

比例	K	准确率@K		召回率@K		F1分数@K
比例	K	本文	WANG	本文	WANG	本文	WANG
	10	0.70	0.70	0.12	0.12	0.20	0.20
	20	0.65	0.65	0.22	0.21	0.33	0.33
2%	30	0.67	0.63	0.33	0.32	0.44	0.42
	40	0.63	0.60	0.42	0.40	0.50	0.58
	50	0.54	0.52	0.45	0.43	0.49	0.47
	10	1.00	1.00	0.17	0.17	0.29	0.29
	20	1.00	0.95	0.33	0.32	0.50	0.48
4%	30	0.97	0.87	0.48	0.44	0.64	0.58
	40	0.93	0.72	0.62	0.48	0.74	0.58
	50	0.84	0.72	0.70	0.60	0.76	0.65
	10	1.00	1.00	0.17	0.17	0.29	0.29
	20	1.00	1.00	0.33	0.33	0.50	0.50
6%	30	1.00	0.97	0.50	0.49	0.67	0.65
	40	1.00	0.92	0.67	0.61	0.80	0.74
	50	1.00	0.90	0.83	0.75	0.90	0.81
	10	1.00	1.00	0.17	0.17	0.29	0.29
	20	1.00	1.00	0.33	0.33	0.50	0.50
8%	30	1.00	1.00	0.50	0.50	0.67	0.67
	40	1.00	0.98	0.67	0.65	0.80	0.78
	50	1.00	0.92	0.83	0.77	0.90	0.84
	10	1.00	1.00	0.17	0.17	0.29	0.29
	20	1.00	1.00	0.33	0.33	0.50	0.50
10%	30	1.00	1.00	0.50	0.50	0.67	0.67
	40	1.00	0.98	0.67	0.65	0.80	0.78
	50	1.00	0.92	0.83	0.77	0.90	0.84