Multi-level privacy-preserving access control as a service for personal healthcare monitoring

Usama Salama, Lina Yao, Xianzhi Wang, Hye Young Paik, Amin Beheshti

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

18 Citations (Scopus)


The Internet of Things (IoT) changes many sectors of our lives. In the healthcare domain, IoT presents as mobile medical applications over various sensors that update healthcare professionals on patients' health information. However, IoT-based healthcare systems also face major challenges in protecting patients' privacy via an effective access control system. This paper presents an ambient home solution framework for privacy-preserving monitoring of patients' health status. We focus on two major points: 1) how to use the data collected from ambient and biometric sensors, to perform the high-level task of activity recognition, and 2) how to secure the collected healthcare data via effective access control. We achieve multi-level access control by using Public Key Infrastructure (PKI) for authentication and Attribute-Based Access Control (ABAC) for authorisation. Our access control system regulates access to healthcare data by classification over healthcare professionals and data. Our system provides guidelines to define data classes and healthcare professional groups and specifies security policies to control access to the data classes. The system is flexible and can incorporate more policy rules, professionals, and data classes.

Original languageEnglish
Title of host publicationProceedings - 2017 IEEE 24th International Conference on Web Services
Subtitle of host publicationICWS 2017
EditorsIlkay Altintas, Shiping Chen
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Number of pages4
ISBN (Electronic)9781538607527
Publication statusPublished - 7 Sept 2017
Externally publishedYes
Event24th IEEE International Conference on Web Services, ICWS 2017 - Honolulu, United States
Duration: 25 Jun 201730 Jun 2017


Conference24th IEEE International Conference on Web Services, ICWS 2017
Country/TerritoryUnited States


  • Access control
  • ambient assisted living
  • authentication
  • Internet of Things
  • multi-level access control


Dive into the research topics of 'Multi-level privacy-preserving access control as a service for personal healthcare monitoring'. Together they form a unique fingerprint.

Cite this