FRAMH: A Federated Learning Risk-Based Authorization Middleware for Healthcare

【Author】 Mazzocca, Carlo; Romandini, Nicolo; Colajanni, Michele; Montanari, Rebecca

【Source】IEEE TRANSACTIONS ON COMPUTATIONAL SOCIAL SYSTEMS

【影响因子】4.747

【Abstract】Modern healthcare systems operate in highly dynamic environments requiring adaptable access control mechanisms. Access to sensitive data and medical equipment should be granted or denied according to the current health situation of the patient. To handle the need for adaptable access control of healthcare scenarios, we propose a novel model that allows dynamic access control decisions based on the context characterizing the source, type of access request, patient, and estimated risk corresponding to the conditions of the patient. Estimating patient status risk requires analyzing vital physiological data whose availability is growing, thanks to the widespread diffusion of the Internet of Medical Things (IoMT) devices. Inferring the patient health status risk through machine learning (ML) techniques is possible, but to achieve better accuracy, the training phase requires the aggregation of vast amounts of data from different sources. This aggregation could be difficult or even impossible due to organization regulations and privacy laws. To address these issues, this article proposes a novel federated learning risk-based authorization middleware for healthcare (FRAMH) that supports risk-based access control to deal with changing and unforeseen medical situations. Our solution infers the risk of health status through a federated learning (FL) approach enriched with blockchain to avoid the weaknesses of centralized servers. The implemented prototype and a large set of experimental results demonstrate the advantages of FL in estimating the risk in healthcare scenarios. Through this approach, even a medical institution with a limited dataset can achieve a satisfying risk estimation and efficient access control enforcement.

【Keywords】Medical services; Blockchains; Data models; Servers; Authorization; Adaptation models; Training; Access control; authorization; federated learning (FL); healthcare; risk-based access control

【发表时间】

【收录时间】2022-11-04

【文献类型】理论模型

【主题类别】

区块链技术-协同技术-联邦学习