Task-role-based Access Control Model in Smart Health-care System

As the development of computer science and smart health-care technology, there is a trend for patients to enjoy medical care at home. Taking enormous users in the Smart Health-care System into consideration, access control is an important issue. Traditional access control models, discretionary access control, mandatory access control, and role-based access control, do not properly reflect the characteristics of Smart Health-care System. This paper proposes an advanced access control model for the medical health-care environment, task-role-based access control model, which overcomes the disadvantages of traditional access control models. The task-role-based access control (T-RBAC) model introduces a task concept, dividing tasks into four categories. It also supports supervision role hierarchy. T-RBAC is a proper access control model for Smart Health-care System, and it improves the management of access rights. This paper also proposes an implementation of T-RBAC, a binary two-key-lock pair access control scheme using prime factorization.


INTRODUCTION
A small family Smart Health-care System is needed for patients who need medical care.According to this system, patients, doctors, nurses and guardians of the patients can share the health-care information.Doctors and nurses are able to diagnose the status of patients by reading the files in the small health-care system.In the system, patients can authorize others to be guardians with full authorities.The guardians can view some of the information through the limited permission in the system.The patients can also ask for medical help through the system.The system has a high request for the limited permissions for users.Neither can the users visit the non-authorized information, nor cannot visit the authorized information.Access control plays an important role in the health-care environment, because of various kinds of users.Access control is the main method for the implementations of data confidentiality and integrity.
Users in the Smart Health-care System visit the records a lot, and the records are private, not available for non-authorized users.However, the traditional access control models fail to meet the needs of the health-care system, because they focus directly on the management of users' access right.
There are three main traditional access control models: discretionary access control (DAC), mandatory access control (MAC), and role-based access control (RBAC) [1][2][3].The supervisor in DAC has the highest permission for access control, deciding who can or cannot visit the information.Once the users in the health-care system leave, it needs the supervisor to reset every detail of the user.When it happens to massive subjects, the changes of organizations are com-plex.It will need a lot of human resources, and it cannot realize the dynamic access control.MAC cannot deal with the level of access control properly between reality and the health-care environment, and it overemphasizes the confidentiality [4][5].RBAC does not support the concept of task, not taking active access control into considerations.
The purpose of this paper is to propose a suitable access control model, T-RBAC [6][7], for the health-care environment.Task and role are main aspects of the proposed model, and they have various characteristics related to access control.It comes out that the proposed model meets the requirements of access control in the health-care environment.
The remaining parts of this paper are organized as follows.Section 2 introduces the factors related to access control in the health-care system.Section 3 introduces the Task-role-based access control model.Section 4 proposes a mathematical implementation of T-RBAC, a binary two-key-lock pair access control scheme using prime factorization.

FACTORS RELATED TO ACCESS CONTROL IN THE HEALTH-CARE SYSTEM
To build an access control model for the health-care system, the basic factors of the system are needed to be figured out.In the system, users want to visit some specific information, and the final goal of access control is to decide whether an access request is valid or not.There are several factors that are related to the system, and the main ones are: users, organization, medical positions, medical roles, tasks, medical processes, and medical rules.The details will be dis- User: Users are the subjects of access control.They can be patients, guardians, nurses, and doctors in the health-care system.
Historic records: Historic records are the objects of access control.They can be files, tables in the database.
Organization: An organization is a group of people work together to achieve some common goals.Doctors and nurses can form an organization to supervise the conditions of patients.
Medical position and Medical role: Medical position and Medical role are similar but not the same.Medical position emphasizes management of different users, and Medical role emphasizes the work activities.They are used to authorize the access right of users.
Task: Task is the basic aspect of health-care work or health-care activity.Checking patients status, making reports, diagnosing, are the examples of task.The permissions of access control are assigned to tasks, and tasks are assigned to roles.At last, roles are assigned to users.A user can have one or several roles.
Medical process: A medical process is a set of tasks that are connected to achieve a certain aim.In the health-care system, a medical process can be described: the portable health-care equipment on the patients causes an alarm, and the doctors receive the signal, checking the files of the patients, diagnosing the situation, taking measures to solve the health-care issue.According to medical process, the tasks in the health-care system can be divided into two main aspects: active access control and passive access control.Tasks related to a health-care process are the examples of active access control.The nurses monitor the condition of patients is the case of passive access control.
Medical rule: A medical rule is a formal regulation, which regulates the way an organization conducts its activity.Separation of Duty is an example of medical rule.

TASK-ROLE-BASED ACCESS CONTROL MODEL
The proposed access control model, T-RBAC, is based on the RBAC model, taking the concept of task into consideration.T-RBAC model is used in the health-care environment to fulfill the management of access control.T-RBAC is an improved access control model, and it achieves the aim of access control through tasks.It also supports dynamic real-time security management.Task is the minimum unit of health-care activities.In the RBAC model (see Figure 1), the permissions are assigned to roles, and roles are assigned to users.In T-RBAC model (see Figure 2), the permissions are assigned to tasks, and tasks are assigned to roles.Users achieve the permissions of access control through roles.Medical tasks are the core elements in the proposed health-care system, and they keep the health-care system running.Taking the main factors in the health-care environment into consideration, T-RBAC model performs well.It improves the management of access control.

Classification of tasks based on the health-care environment
Tasks in the Smart Health-care System can be divided into four main categories: inheritable tasks, non-inheritable tasks, passive tasks and active tasks.
Figure 3 shows the related factors for task classification in the system.The concepts of inheritable or non-inheritable tasks are based on the structure of medical organization.The concept of role hierarchy is introduced in this model, and it has the connection with medical positions.In the medical organization, the doctor is in a higher position than nurses, but it does not mean doctors can inherit full access rights from nurses.T-RBAC emphasizes partial inheritable access right from lower medical positions.Inheritable tasks mean the higher position can inherit from lower position.Non-inheritable tasks mean the opposite way.
As discussed in section 2, passive or active tasks are distinguished from whether it belongs to a working process or not.If a task belongs to a medical process, it is active access control.The specific task categories are shown in Figure 4.

Non-inheritable Inheritable
Passive access Active access

Figure 3. Classification of tasks
Class A: The access permission of this task cannot be inherited to higher medical positions.The task does not belong to a medical process, either.Figure 5 shows a case of task A. In this case, doctors do not inherit access right from nurses, and the medical group can only visit some historic information stored in the database passively.Class B: The access permission of task B can be inherited to higher medical positions.The task does not belong to a medical process.(Figure 6).Doctors extend part of access rights from nurses, but they still perform tasks passively.

Organization
Class D: The access permission of task D can be extended to higher medical positions.The task belongs to a medical process (Figure 7).During task D, medical staffs check patient status actively, and they approve medical method to give patients medical assist.

Introduction of T-RBAC model
Figure 8 shows an overview of Task-role-based access control model [8].
As shown above, there are three main traditional access control models, DAC, MAC, and RBAC.They are not appropriate for the Smart Health-care System, and the proposed T-RBAC has the advantages as follows: support task concept, access rights through tasks, partial inheritance from lower positions, support active access control, and so on.
From Figure 8, it shows how T-RBAC model works.Tasks are the most important issue in the Smart Health-care System.Almost all main activities are related to tasks.The permissions are assigned to tasks through permission-task assignment.Tasks are divided into four categories.There are three characteristics about active access control: Activation condition, Time constraint and Cardinality.Activation condition means the tasks belong to working process can be activated.Time constraint means the available time after tasks are activated.Cardinality means the maximal number of tasks activated at the same time.
Task-role assignment deals with the permissions between tasks and roles.S-RH means supervision role hierarchy, and it emphasizes the supervision between higher positions with lower positions, in case of the abuse of access control.User gets their access right through user-role assignment, and the user can access the characters of roles through sessions.Constraint means regulations and rules for the system, such as, separation of duty.It means the separation of responsibility and authority.

Implementation mechanisms of access control
There are four main implementation mechanisms of access control, Access Control Matrix (ACM) [9], Access Control Lists (ACLs), Access Capabilities Lists, and Access Control Security Labels Lists (ACSLLs).Elements a ij in Table 1 mean the specific access rights between the subjects (users) and objects.
Note: W: Write, R: Read, Own: Ownership=full ac- In this paper, a new implementation mechanism, a binary two-key-lock pair access control scheme using prime factorization (TPB-2-KLP), is introduced to the implementation of T-RBAC.TPB-2-KLP uses access control matrix as the implementation method [10][11].
At the very beginning, the introduction of unique factorization theorem: Every integer N ( N>1) can be expressed as the product of some prime numbers, and the formula can be described: N=P In TPB-2-KLP, both subject and object are assigned a key and a lock.Data structure used in this mechanism: table of key-lock belongs to the subject or object, the stack of prime number belongs to the subject (PS) or the object (PO).In the prime stack, smaller prime numbers are stored at the top of stack, and they are prepared to be used as keys of subjects or objects by order (2, 3, 5, 7...).In the table of key-lock, it records the value of keys, lock vectors and time stamps.When the subjects or objectors enter the system, each of them will be assigned a unique time stamp, TS i for subjects and TS j ' for objects.The PS/PO will assign a prime number for subjects/ objects (K i / K j ' ).The value of keys and lock vectors will be added into the key-lock table.The value of time stamp is determined by the time sequence of entering the system.Earlier entrance means smaller value of time stamp.
In Table 1, the element a ij means the access right between subjects with objects.Thus, a ij can be described in binary form (Equation (1)).
(b means the digits when a ij is in binary form, a ij (x) {0, 1} ) The lock vectors of subjects (S i ) and objects (O j ) can be calculated by the formulas below: (L i means the lock vectors of S i , L j ' means the lock vectors of O j , K i means the key value of S i, K j ' means the key value of O j , a ij (x) {0, 1}, m /n means the number of subjects/ objects in the system) The example of TPB-2-KLP is shown as follows: In a given system, S 1 , S 2 , S 3 are the subjects, and O 1 , O 2 , O 3 are the objects.The access control matrix and its binary form are shown in Table 2.The number 1,2,3,4 mean the access right of read, write, execute and full-ownership.The time sequence of entering the system: S 1 , O 1 , S 2 , O 2, O 3, S 3. Time stamps in Table 3 follow the entering sequence of subjects and objects.Table 2 shows the digits of a ij in binary form, so the value of b in Equation ( 2)-( 3) is 3.When S 1 enters the system, the PS assigns the prime number 2 to be Key value of K 1. L 1 is (0,0,0) in Table 3, because there are no objects in the system before S 1 enters.O 1 is the first object that enters the system, so the value of K 1 ' is 2. The value of L 1 ' can be figured out by Equation (3) by using the value of K 1 .At the very moment, m=1 and n=1.
According to the analysis above, the value of K i , TS i , K j ' , TS j ' are shown in Table 3.Using Equations ( 2)-(3), the lock vectors can be calculated in Table 3.In the proposed implementation mechanism, Equations (2) (3) are used to verify the access right of subjects.If TS i < TS j ' , K i , L j ' and Equation (3) are used to test whether the subject has the permission or not.On the contrary, K j ' , L i and Equation ( 2) are functioned.To realize the T-RBAC model, three similar matrices are needed: permission-task matrix, task-role matrix, and role-user matrix.The elements in these matrices mean the right of access control.In the permission-task matrix, permission is the object, and task is the subject.Similarly, in the task-role matrix, task is the object, and role is the subject.In the role-user matrix, role is the object, and user is the subject.These three matrices work in the sequence of role-user matrix, task-role matrix, permission-task matrix.Users get their roles through role-user matrix, and then go on ICETA 2015 checking task-role matrix and permission-task matrix, otherwise the sequence breaks.These three matrices are applied into TPB-2-KLP mechanism for T-RBAC, and the mechanism proves to be effective.

Table 2 .
The access control matrix and its binary form

Table 3 .
Key-lock table of subjects and objects