Modern healthcare systems operate in highly dy- namic environments requiring adaptable access control mecha- nisms. Access to sensitive data and medical equipment should be granted or denied according to the current health situation of the patient. To handle the need for adaptable access control of healthcare scenarios, we propose a novel model that allows dynamic access control decisions based on the context character- izing the source, type of access request, patient, and estimated risk corresponding to the conditions of the patient. Estimating patient status risk requires analyzing vital physiological data whose availability is growing thanks to the widespread diffusion of the Internet of Medical Things (IoMT) devices. Inferring the patient health status risk through Machine Learning (ML) techniques is possible, but to achieve better accuracy, the training phase requires the aggregation of vast amounts of data from different sources. This aggregation could be difficult or even impossible due to organization regulations and privacy laws. To address these issues, this paper proposes a novel Federated Learning Risk-based Authorization Middleware for Healthcare (FRAMH) that supports risk-based access control to deal with changing and unforeseen medical situations. Our solution infers the risk of health status through a federated learning (FL) approach enriched with blockchain to avoid the weaknesses of centralized servers. The implemented prototype and a large set of experimental results demonstrate the advantages of FL in estimating the risk in healthcare scenarios. Through this approach, even a medical institution with a limited dataset can achieve a satisfying risk estimation and efficient access control enforcement.

FRAMH: A Federated Learning Risk-Based Authorization Middleware for Healthcare

Mazzocca C.;Romandini N.;Colajanni M.;Montanari R.
2022

Abstract

Modern healthcare systems operate in highly dy- namic environments requiring adaptable access control mecha- nisms. Access to sensitive data and medical equipment should be granted or denied according to the current health situation of the patient. To handle the need for adaptable access control of healthcare scenarios, we propose a novel model that allows dynamic access control decisions based on the context character- izing the source, type of access request, patient, and estimated risk corresponding to the conditions of the patient. Estimating patient status risk requires analyzing vital physiological data whose availability is growing thanks to the widespread diffusion of the Internet of Medical Things (IoMT) devices. Inferring the patient health status risk through Machine Learning (ML) techniques is possible, but to achieve better accuracy, the training phase requires the aggregation of vast amounts of data from different sources. This aggregation could be difficult or even impossible due to organization regulations and privacy laws. To address these issues, this paper proposes a novel Federated Learning Risk-based Authorization Middleware for Healthcare (FRAMH) that supports risk-based access control to deal with changing and unforeseen medical situations. Our solution infers the risk of health status through a federated learning (FL) approach enriched with blockchain to avoid the weaknesses of centralized servers. The implemented prototype and a large set of experimental results demonstrate the advantages of FL in estimating the risk in healthcare scenarios. Through this approach, even a medical institution with a limited dataset can achieve a satisfying risk estimation and efficient access control enforcement.
Mazzocca C.; Romandini N.; Colajanni M.; Montanari R.
File in questo prodotto:
File Dimensione Formato  
FRAMH.pdf

accesso aperto

Tipo: Postprint
Licenza: Licenza per accesso libero gratuito
Dimensione 294.91 kB
Formato Adobe PDF
294.91 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11585/899376
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? 0
social impact