A Fuzzy Modeling Approach for Risk-Based Access Control in eHealth Cloud

A number of recent studies have adopted risk assessment in access control for healthcare applications, but few of the work is specifically concerned with the risk assessment in the presence of uncertainties, such as uncertain values of risk factors, and consequences of imprecision. This paper presents a fuzzy modeling-based approach that accounts for uncertainty analysis when evaluating the risk. Three inputs -- data sensitivity, action severity, and risk history -- are modeled with fuzzy set and used to calculate the level of risk associated with healthcare information access in a cloud environment. Experiments were conducted and demonstrated that the approach can generate accurate and realistic outcomes in assessing current security risk and predicting the scope and impact of different risk factors. This would lead to a great change of access control from being active to being proactive to security breach, and enhance the security level of eHealth cloud applications.