Attribute based access control scheme with controlled access delegation for collaborative E-health environments

Modern electronic healthcare (e-health) settings constitute collaborative environments with complex access requirements. Thus, there is a need for sophisticated fine-grained access control mechanisms to cater these access demands and thereby experience the full potential of e-health systems. In order to realize a flexible access control scheme, integrating access delegation is of paramount importance. However, access delegation has to be enforced in a controlled manner so that it will not jeopardize the security of the system. In this paper, we addressed this issue through proposing an attribute based access control scheme integrated with controlled access delegation capabilities. We demonstrate how the proposed scheme could function by considering a health information sharing scenario which constitutes a collaborative environment. The proposed scheme capable of provisioning multi-level access delegation with each delegating user having the capability of controlling further delegations by the delegatee. In addition, the scheme is also integrated with a mechanism to limit the total number of delegations allowable for a given attribute to accommodate for inappropriate user behaviors. Thus, users can claim access to resources by providing a proof that they possess attribute sets (attributes may or may not be delegated) that satisfy the relevant attribute based access policies which govern the access to the shared resources. The proposed scheme is also equipped with on-demand attribute revocation mechanism along with preventing attacks via attribute collusion. Furthermore, we have shown that the proposed access control scheme is secure and also exhibits superior delegation capabilities compared to the existing attribute based schemes coupled with access delegation capabilities.