AUTHORIZATION IN ELECTRONIC HEALTHCARE SYSTEMS

Published 2025-06-30
PHYSICS-MATHEMATICS Vol. 80 No. 2 (2025)
Том 80 №2 (2025)
Authors:
  • PENELOVA M.
  • DIMITROV V.
PDF

Blockchain electronic record is an innovative approach for storing health information. There is still an issue with protection of blockchain from unauthorized access. Healthcare industry clearly distinguishes several types of users, which can access medical data. Authors recommend to use of roles as authorization policies in healthcare systems. On the other hand, using only roles does not provide detailed checks and is not sufficient for achieving privacy.  The paper is concerned with the application of Hybrid Role and Attribute Based Access Control (HRABAC) in blockchain systems. This model uses roles and policy functions with attributes for authorization. Use cases are presented for three roles: Admin, Doctor and Patient. A concrete project with blockchain smart contracts is developed in the programming language Solidity. Data protection with detailed checks is applied from the model HRABAC. The access control decisions are tested with test suite Truffle. The test results meet the requirements for privacy. This paper shows that HRABAC is easy to apply and secure model for blockchain applications in healthcare.

PENELOVA M.

doctoral student, St. Kliment Ohridski Sofia University, Sofia, Bulgaria

E-mail: i_n_f@abv.bg, https://orcid.org/0000-0002-5005-6446

DIMITROV V.

professor, St. Kliment Ohridski Sofia University, Sofia, Bulgaria

E-mail: cht@fmi.uni-sofia.bg, https://orcid.org/0000-0002-7441-253X

  1. Cruz J., Kaji Y., Yanai N., RBAC-SC: Role-Based Access Control Using Smart Contract. IEEE Access: 12240-122 2016, Volume 4, pp. 1-12.
  2. Rahman M., Scalable Role-Based Access Control Using The EOS Blockchain. arXiv preprint arXiv:2007.02163 2020, https://doi.org/10.48550/arXiv.2007.02163 (accessed on 26.03.2025)
  3. Samaniego M., Kassani S., Espana C., Deters R., Access Control Management for Computer-Aided Diagnosis Systems Using Blockchain. arXiv preprint arXiv:2006.11522. 2020, https://arxiv.org/pdf/2006.11522 (accessed on 26.03.2025)
  4. Nyame G., Qin Z., Agyekum K., Sifah E., An ECDSA Approach to Access Control in Knowledge Management Systems Using Blockchain. Information 2020, Volume 11, Issue 2, 111. https://doi.org/10.3390/info11020111
  5. Liu D., Dong A., Yan B., Yu J., DF-RBAC: Dynamic and Fine-grained Role-Based Access Control Scheme with Smart Contract. Procedia Computer Science 2021, Volume 187, pp. 359-364, ISSN 1877-0509, https://doi.org/10.1016/j.procs.2021.04.074.
  6. Yang Z., Chen X., He Y., Liu L., Che Y., Wang X, Xiao K., Xu G., An attribute-based access control scheme using blockchain technology for IoT data protection, High-Confidence Computing 2024, Volume 4, Issue 3, pp. 1-10
  7. Penelova M., Access Control Models. Cybernetics and Information Technologies 2021, Volume 21, Issue 4, Sofia 2021, Print ISSN: 1311-9702; Online ISSN: 1314-40811, DOI: 10.2478/cait-2021-00444, pp. 77-104.
  8. Penelova M., Hybrid Role and Attribute Based Access Control Applied in Information Systems. Cybernetics and Information Technologies 2021, Volume 21, Issue 3, Sofia 2021 Print ISSN: 1311-9702; Online ISSN: 1314-4081, DOI: 10.2478/cait-2021-0031, pp. 85-96.
  9. Ferraiolo D., Kuhn D., Chandramouli R. Role-Based Access Control. Second Edition. Publisher: Artech House, 2007, pp. 418
  10. Sandhu R., Coyne E., Feinstein H., Youman C. Role-Based Access Control Models. IEEE Computer 1996, Volume 29, No 2, pp. 38-47.
  11. Kuhn D., Coyne E., Weil, T. Adding Attributes to Role-Based Access Control. IEEE Computer 2010, Volume 43, No 6, pp. 79-81.
  12. Hu V., Ferraiolo D., Kuhn R., Schnitzer A., Sandlin K., Miller R., Karen S. Guide to Attribute Based Access Control (ABAC) Definitions and Considerations. In: NIST Special Publication 2014, 800-162, SIN’13.
  13. de Carvalho Junior M., Bandiera-Paiva P. Health Information System Role-Based Access Control Current Security Trends and Challenges. J Healthc Eng. 2018 doi: 10.1155/2018/6510249. PMID: 29670743; PMCID: PMC5836325.
  14. Raju N., Quazi F. Blockchain Applications in Electronic Health Records (EHRs). International Journal of Global Innovations and Solutions (IJGIS) 2024, pp. 2 – 15, http://dx.doi.org/10.21428/e90189c8.5043b7de
  15. Solidity documentation. Available online: https://docs.soliditylang.org/en/latest/ (accessed on 26.03.2025)
  16. Truffle documentation. Available online: https://archive.trufflesuite.com/docs/ (accessed on 26.03.2025)
  17. The source code of this paper: Authorization in Electronic Healthcare Systems. Available online: https://github.com/MGP-Ucict/smart-contracts-hrabac (accessed on 26.03.2025)
access control, authorization, blockchain, electronic health records, hybrid role and attribute based access control, smart contracts

How to Cite

AUTHORIZATION IN ELECTRONIC HEALTHCARE SYSTEMS. (2025). Scientific Journal "Bulletin of the K. Zhubanov Aktobe Regional University", 80(2), 56-63. https://doi.org/10.70239/

Categories



Author


Journal policy


Downloads