ArticlePublisher preview available

Ontology‐based data access control model supported with grid computing for improving security in healthcare data

Authors:
G. M. Kiran
G. M. Kiran
G. M. Kiran
  • This person is not on ResearchGate, or hasn't claimed this research yet.
Nalini N. at Nitte Meenakshi Institute of Technology, Bangalore, India.
Nalini N.
  • Nitte Meenakshi Institute of Technology, Bangalore, India.
Read publisher preview
Download citation
To read the full-text of this research, you can request a copy directly from the authors.

Abstract and Figures

Ontology is broadly applied in various fields for creating trust‐based data access control models. In the case of the medical field, utilizing ontology is highly recommended for securing the medical report and patient information. Here, ontology is integrated with the grid computing system for achieving better authentication and security in the healthcare system. Various ontology based data access control models are designed by different authors for achieving enhanced user authorization and security. Security is still found to be a major issue in the existing techniques. To overcome this issue, the proposed work developed a medical ontology with three tier secure access control. The proposed method is processed in three layers. In the first layer, job scheduling for user is achieved. Job scheduling is carried out by scheduler using a deadline priority based scheduling algorithm. Users are scheduled with a different job based on their priority level such as low, medium, and high. In the second layer, role based policy is developed for finding and eliminating the accessing of unauthorized users. The third layer is used for securing medical database. Medical database is secured from various through encrypting the data using XOR cryptography algorithm. The proposed architecture is validated using some of the metrics such as turnaround time, tardiness, actual time delay, and throughput. The turnaround time, tardiness, and actual‐time delay attains for the proposed architecture are 64.60, 4.90, and 1.52 seconds, respectively. Then, the throughput value reaches for 25 bits length of encryption is 0.88 Mbps. The simulation analysis reveals that the proposed architecture reduces the waiting time of users and improves medical data security.
Figures - available from: Transactions on Emerging Telecommunications Technologies
This content is subject to copyright. Terms and conditions apply.
A preview of this full-text is provided by Wiley.
Learn more
Content available from Transactions on Emerging Telecommunications Technologies
This content is subject to copyright. Terms and conditions apply.
Received: 24 December 2021 Revised: 7 March 2022 Accepted: 13 June 2022
DOI: 10.1002/ett.4589
RESEARCH ARTICLE
Ontology-based data access control model supported with
grid computing for improving security in healthcare data
G. M. Kiran1N. Nalini2
1Computer Science and Engineering,
Shridevi Institute of Engineering and
Technology, Tumakuru, Karnataka, India
2Computer Science and Engineering,
NITTE Meenakshi Institute of
Technology, Bengaluru, Karnataka, India
Correspondence
G. M. Kiran, Shridevi Institute of
Engineering and Technology, Tumakuru,
Karnataka 572106, India.
Email: Kirangm900@gmail.com
Abstract
Ontology is broadly applied in various fields for creating trust-based data access
control models. In the case of the medical field, utilizing ontology is highly
recommended for securing the medical report and patient information. Here,
ontology is integrated with the grid computing system for achieving better
authentication and security in the healthcare system. Various ontology based
data access control models are designed by different authors for achieving
enhanced user authorization and security. Security is still found to be a major
issue in the existing techniques. To overcome this issue, the proposed work
developedamedicalontologywiththreetiersecureaccesscontrol.The proposed
method is processed in three layers. In the first layer, job scheduling for user
is achieved. Job scheduling is carried out by scheduler using a deadline prior-
ity based scheduling algorithm. Users are scheduled with a different job based
on their priority level such as low, medium, and high. In the second layer, role
based policy is developed for finding and eliminating the accessing of unau-
thorized users. The third layer is used for securing medical database. Medical
database is secured from various through encrypting the data using XOR cryp-
tography algorithm. The proposed architecture is validated using some of the
metrics such as turnaround time, tardiness, actual time delay, and throughput.
The turnaround time, tardiness, and actual-time delay attains for the proposed
architecture are 64.60, 4.90, and 1.52seconds, respectively. Then, the through-
put value reaches for 25 bits length of encryption is 0.88Mbps. The simulation
analysis reveals that the proposed architecture reduces the waiting time of users
and improves medical data security.
1INTRODUCTION
Ontology is the formal definition of conceptualization, which defines co-concepts, taxonomy, relationship to
human-readable text, and formal, machine-readable theories.1It provides systematic definitions and axioms of control-
linginterpretationsof terms. An ontology allows for a varietyofstructuralandnonstructuraltypes, such as generalization,
aggregation, inheritance, and instantiation. Ontology is a collection of concepts and their interrelationships collectively
providing a concise overview of an application domain. The uses of ontology are a semantic description of vocabulary for
complex processes, and that requires a careful study of specific knowledge.2,3 An ontology is distributed as well as shared
for utilization, and tools of ontology are provided interoperability. The user application is programmed to improve the
Trans Emerging Tel Tech. 2022;33:e4589. wileyonlinelibrary.com/journal/ett © 2022 John Wiley & Sons, Ltd. 1of19
https://doi.org/10.1002/ett.4589
... Thus there is an ever-increasing for the design and development of methods, techniques, frameworks, and digital tools to efficiently support knowledge extraction from raw data and knowledge management. A common use case of Ontologies in the framework of big data sets involves the Automated Ontology creation based on the utilization of a plethora of sources (e.g., structured, semistructured, unstructured) (Sen & Mukherjee, 2023), Question Answering Systems (Wen, Zhu, & Zhang, 2022), Ontology-Based Information Extraction systems (Opasjumruskit, Böning, Schindler, & Peters, 2022), Ontology-Based Data Access (Kiran & Nalini, 2022), and mining techniques (Konys, 2015). Ontology-based approaches provide a practical framework to address the semantic challenges presented by big data sets. ...
Industry 5.0: perspectives, concepts, and technologies
Chapter
  • Jun 2024
This chapter is structured as follows. In Section 3.2 the definitions and the structure of Industry 5.0 are discussed. Then, in Section 3.3, the technological background is presented in accordance with the technological evolution from Industry 4.0 onward. Consequently, in Section 3.4, the challenges toward the transition from the ongoing Industry 4.0 to Industry 5.0 and subsequently to Society 5.0 are discussed. Finally, in Section 3.5, conclusions are drawn, and the authors provide future research directions.
View
Design and implementation of fuzzy priority deadline job scheduling algorithm in heterogeneous grid computing
Article
Full-text available
  • Jun 2021
In heterogeneous distributed computing system, huge amount of attention is attracted by task scheduling process in recent days. Scheduling of task is an important problem, where, overall completion of task is completed within a shortest achievable time by scheduling dissimilar task to target processors. This research work concentrates on designing and implementing a fuzzy priority deadline based task scheduling algorithm (FPDSA) having a fuzzy deadline limitation to competent job execution. This proposed FPDSA algorithm is compared with conventional task scheduling techniques like,Improvised Deadline Scheduling Algorithm (IDSA), Earliest Deadline First (EDF) and Prioritized Based Deadline Scheduling Algorithm with respect to Average Actual Execution (AAE) and amount of Non-Delayedand Delayed Jobs. For 4000 tasks, proposed algorithm achieves 7.45%, 27.94% and 30.84% less AAE than IDSA, EDF, and PDSA and for same number of tasks, computational results by proposed FPDSA for non-delayed tasks are 0.32%, 2.17%, and 1.70% higher than IDSA, EDF, and PDSA. This enhances proposed FPDSA’s performance when compared to present scheduling algorithms and illustratesFPDSA is more appropriate scheduling technique forgrid system.
View
Electric Security Data Integration Framework based on Ontology Reasoning
Article
Full-text available
  • Jan 2018
Compared with ordinary information systems, power information systems are characterized by high complexity, strong real-time performance, high dynamics, and high-security requirements. The security-related data is varied. It is helpful to integrate the different types of data from multiple resources to support the further analysis such as abnormal detection or damage prediction. Considering the data complexity, this paper proposes a framework to automatically integrate security-related data in an electric system using ontology reasoning. In this paper, we try to determine the relationship between the ontology or between the local ontology and the global ontology through certain reasoning rules to help establish the data structure automatically. The experiment results demonstrate the effectiveness of the proposed method.
View
An Ontology-Based Approach to Dynamic Contextual Role for Pervasive Access Control
Conference Paper
Full-text available
  • May 2018
In role-based access control, roles are mostly organized in static hierarchies and users are authorized to play such roles in order to exercise the organizational functions. However, some of these roles cannot be organized in the same way in static hierarchies as the authorizations granted to such roles are strictly related to the dynamically changing contextual conditions (e.g., health profile information). Users need to satisfy these conditions in order to exercise the functions of such dynamic contextual roles. While several research works have been done in dynamic activation of static roles, no extensive research has been undertaken in the area of dynamic specification of contextual roles. This article makes a significant research contribution to the dynamic contextual role modeling and activation. We introduce both formal and ontology-based approaches in order to model the dynamic contextual roles and specify the context-aware access control policies by activating such dynamic roles at runtime. These contextual roles are equally important because of the demands of large-scale (pervasive) environments to control context-sensitive access to resources at different granularity levels with low processing overheads. We develop a software prototype to demonstrate the feasibility of our proposal and provide a walkthrough of the whole mechanism. Experimental results demonstrate the satisfactory performance of our proposed approach compared to our previous approach.
View
Towards an Ontology of Security Assessment: A Core Model Proposal
Chapter
Full-text available
  • Apr 2018
SecAOnto (Security Assessment Ontology) aims at formalizing the knowledge on “Security Assessment”. A conceptual formalization of this area is needed, given that there is an overlap of the “Information Security” and “Systems Assessment” areas, concepts are ambiguous, terminology is confounding, and important concepts are not defined. Nineteen papers on ontology, out of 80 papers of interest, have been selected to be discussed. Most of them are proposals of ontologies on information security; here we propose an ontology to deal specifically with security assessment aspects and particularities. SecAOnto is OWL-based, is publicly available and is devised to be used as a common and extensible model for security assessment. Its foundation comes from glossaries, vocabularies, taxonomies, ontologies, and market’s guidelines. The initial version of the ontology, its core model, as well as an application are presented. Our proposal is meant to be useful for security researchers who wish to formalize knowledge in their systems, methods and techniques.
View
PaaSport Semantic Model: An Ontology for a Platform-as-a-Service Semantically Interoperable Marketplace
Article
Full-text available
  • Dec 2017
  • DATA KNOWL ENG
PaaS is a Cloud computing service that provides a computing platform to develop, run, and manage applications without the complexity of infrastructure maintenance. SMEs are reluctant to enter the growing PaaS market due to the possibility of being locked in to a certain platform, mostly provided by the market's giants. The PaaSport Marketplace aims to avoid the provider lock-in problem by allowing Platform provider SMEs to roll out semantically interoperable PaaS offerings and Software SMEs to deploy or migrate their applications on the best-matching offering, through a thin, non-intrusive Cloud broker. In this paper, we present the PaaSport semantic model, namely an OWL ontology, extension of the DUL ontology. The ontology is used for semantically representing a) PaaS offering capabilities and b) requirements of applications to be deployed. The ontology has been designed to optimally support a semantic matchmaking and ranking algorithm that recommends the best-matching PaaS offering to the application developer. The DUL ontology offers seamless extensibility, since both PaaS Characteristics and parameters are defined as classes; therefore, extending the ontology with new characteristics and parameters requires the addition of new specialized subclasses of the already existing classes, which is less complicated than adding ontology properties. The PaaSport ontology is evaluated through verification tools, competency questions, human experts, application tasks and query performance tests.
View
The Deep Features and Attention Mechanism-Based Method to Dish Healthcare Under Social IoT Systems: An Empirical Study With a Hand-Deep Local-Global Net
Article
  • Aug 2021
Many mobile apps of social Internet of Things (sIOT) systems can help us record and share daily events, such as health and sport events. In fact, healthy diet recognition is an important and challenging problem in dish health assessment. Via the collection and monitoring of data pertaining to our daily diet, we can work in collaborative ways to achieve dish image annotation based on sIOT systems to enhance deep features. To this end, this article proposes a deep feature and attention mechanism-based method for dish health assessment, which aims to apply a hand-deep local-global net (HDLGN) for dish image recognition. Then, food taste is used as health guidance for people who want to lose weight or follow doctors' advice. First, the local attention mechanism is introduced to identify key areas of the dish image. Second, ingredient and handcrafted color features are extracted to learn deep features. Subsequently, we combine local and global attention mechanisms to return the dish taste as the recognition result. Finally, experiments show that our proposed method can effectively improve the accuracy of taste recognition.
View
A STAMP-based ontology approach to support safety and security analyses
Article
  • Aug 2019
Considerations of safety and security in the early stage of system life cycle are essential to collect and prioritize operation needs, determine feasibility of the desired system, and identify technology gaps. Experts from many disciplines are needed to perform the safety and security analyses, ensuring that a system has the necessary attributes. Safety assessment is usually conducted in the concept stage. On the order hand, security assessment is performed in design stage usually when an initial architecture along with the logical and physical components are defined. Systems-Theoretic Process Analysis (STPA) is a new hazard analysis technique based on systems thinking and is built on top of a new causality model of accident, which stands for Systems-Theoretic Accident Model and Processes (STAMP), grounded in systems theory. STPA for Security (STPA-Sec) is an extension of STPA that proposes to include security concerns into the analysis. STPA-Sec helps identifying some hazardous control actions, causal scenarios, and casual factors; however, no emphasis is placed on security threat scenarios. In this paper we propose an ontology-based technique that extends STPA-Sec to improve identification of causal scenarios and associated casual factors, specifically those related to security. We propose an approach that assists safety and security experts conducting safety and security analyses using STPA-Sec with a supporting ontology. First, we present an ontology representing the safety and security knowledge through STPA-Sec process, and provide a tool that implements the proposed ontology. We then propose a process to capture safety and security knowledge into the proposed ontology to identify causal scenarios. We perform a preliminary evaluation of the ontology and the process using an aeronautic case study. The results show that the ontology-based approach helps systems engineers to identify more security scenarios compared to the case where they use only STPA-Sec. Furthermore, some hazardous control actions are not addressed if the systems engineer uses the basic STPA-Sec.
View
Achieving security-by-design through ontology-driven attribute-based access control in cloud environments
Article
  • Oct 2018
  • FUTURE GENER COMP SY
The constantly increasing number of cyberattacks worldwide raise significant security concerns that generally deter small, medium and large enterprises from adopting the cloud paradigm and benefitting from the numerous advantages that it offers. One way to alleviate these concerns is to devise suitable policies that infuse adequate access controls into cloud services. However, the dynamicity inherent in cloud environments, coupled with the heterogeneous nature of cloud services, hinders the formulation of effective and interoperable access control policies that are suitable for the underlying domain of application. To this end, this work proposes an approach to the semantic representation of access control policies and, in particular, to the semantic representation of the context expressions incorporated in such policies. More specifically, the proposed approach enables stakeholders to accurately define the structure of their policies, in terms of relevant knowledge artefacts, and thus infuse into these policies their particular security and business requirements. This clearly leads to more effective policies, whilst it enables semantic reasoning about the abidance of policies by the prescribed structure. In order to alleviate the scalability concerns associated with semantic reasoning, the proposed approach introduces a reference implementation that extends XACML 3.0 with an expert system fused with reasoning capabilities through the incorporation of suitable meta-rules.
View
View
Interoperable, dynamic and privacy-preserving access control for cloud data storage when integrating heterogeneous organizations
Article
  • Feb 2018
Cloud computing is extensively used as an integration means in varies application domains, spanning from the healthcare to the manufacturing, aiming at achieving an easy-to-access and elastic data storage and exchange among heterogeneous and geographically sparse organizations. This cloud-based integration poses crucial security issues related to the data protection from unauthorized access to the outsourced data, which calls for a proper access control solution. However, the heterogeneity among the organizations exacerbates this problem, demanding an interoperable authorization scheme, where multiple access control models must co-exist. The current literature is rich of academic solutions and standards to have an interoperable exchange of security policies and definition of authorization rules, but lacks an effective support to let different access control models to fully coexist. Moreover, the possibility of stealing authentication credentials and authorization claims paves the way to conducting masquerading attacks that cannot be treated by traditional static authorization solutions, but more dynamic approaches are needed. Last but not least, the continuous interaction of users with the cloud over the time has the vulnerability of exposing personal information to malicious adversaries and to let them trace the user activities. In this work, we propose to solve these three issues by having an ontology-based access control solution, to encompass trust within the authorization process and to use pseudonyms to preserve the user privacy.
View