Modern healthcare systems operate in highly dy- namic environments requiring adaptable access control mecha- nisms. Access to sensitive data and medical equipment should be granted or denied according to the current health situation of the patient. To handle the need for adaptable access control of healthcare scenarios, we propose a novel model that allows dynamic access control decisions based on the context character- izing the source, type of access request, patient, and estimated risk corresponding to the conditions of the patient. Estimating patient status risk requires analyzing vital physiological data whose availability is growing thanks to the widespread diffusion of the Internet of Medical Things (IoMT) devices. Inferring the patient health status risk through Machine Learning (ML) techniques is possible, but to achieve better accuracy, the training phase requires the aggregation of vast amounts of data from different sources. This aggregation could be difficult or even impossible due to organization regulations and privacy laws. To address these issues, this paper proposes a novel Federated Learning Risk-based Authorization Middleware for Healthcare (FRAMH) that supports risk-based access control to deal with changing and unforeseen medical situations. Our solution infers the risk of health status through a federated learning (FL) approach enriched with blockchain to avoid the weaknesses of centralized servers. The implemented prototype and a large set of experimental results demonstrate the advantages of FL in estimating the risk in healthcare scenarios. Through this approach, even a medical institution with a limited dataset can achieve a satisfying risk estimation and efficient access control enforcement.
Mazzocca C., Romandini N., Colajanni M., Montanari R. (2023). FRAMH: A Federated Learning Risk-Based Authorization Middleware for Healthcare. IEEE TRANSACTIONS ON COMPUTATIONAL SOCIAL SYSTEMS, 10(4), 1679-1690 [10.1109/TCSS.2022.3210372].
FRAMH: A Federated Learning Risk-Based Authorization Middleware for Healthcare
Mazzocca C.;Romandini N.;Colajanni M.;Montanari R.
2023
Abstract
Modern healthcare systems operate in highly dy- namic environments requiring adaptable access control mecha- nisms. Access to sensitive data and medical equipment should be granted or denied according to the current health situation of the patient. To handle the need for adaptable access control of healthcare scenarios, we propose a novel model that allows dynamic access control decisions based on the context character- izing the source, type of access request, patient, and estimated risk corresponding to the conditions of the patient. Estimating patient status risk requires analyzing vital physiological data whose availability is growing thanks to the widespread diffusion of the Internet of Medical Things (IoMT) devices. Inferring the patient health status risk through Machine Learning (ML) techniques is possible, but to achieve better accuracy, the training phase requires the aggregation of vast amounts of data from different sources. This aggregation could be difficult or even impossible due to organization regulations and privacy laws. To address these issues, this paper proposes a novel Federated Learning Risk-based Authorization Middleware for Healthcare (FRAMH) that supports risk-based access control to deal with changing and unforeseen medical situations. Our solution infers the risk of health status through a federated learning (FL) approach enriched with blockchain to avoid the weaknesses of centralized servers. The implemented prototype and a large set of experimental results demonstrate the advantages of FL in estimating the risk in healthcare scenarios. Through this approach, even a medical institution with a limited dataset can achieve a satisfying risk estimation and efficient access control enforcement.File | Dimensione | Formato | |
---|---|---|---|
FRAMH.pdf
accesso aperto
Tipo:
Postprint
Licenza:
Licenza per accesso libero gratuito
Dimensione
294.91 kB
Formato
Adobe PDF
|
294.91 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.