Article

A context-related authorization and access control method based on RBAC:

Authors:

Marc Wilikens,

Simone Feriti,

Alberto Sanna,

Marcelo MaseraAuthors Info & Claims

SACMAT '02: Proceedings of the seventh ACM symposium on Access control models and technologies

Pages 117 - 124

https://doi.org/10.1145/507711.507730

Published: 03 June 2002 Publication History

Get Access

Abstract

This paper describes an application of authorization and access control based on the Role Based Access Control (RBAC) method and integrated in a comprehensive trust infrastructure of a health care application. The method is applied to a health care business process that involves multiple actors accessing data and resources needed for performing clinical and logistics tasks in the application. The notion of trust constituency is introduced as a concept for describing the context of authorisation. In addition, the applied RBAC covers time constraints, hierarchies and multi-level authorization rules for coping with the multi-actor nature and the complexity of the application domain. The DRIVE RBAC model clearly distinguishes between static role assignment to users and dynamic allocation of roles at session time. The paper, while focusing on the authorization and access control approach, also describes how the RBAC functions have been integrated in a trust infrastructure including smart cards.

References

[1]

Baker, Dixie. "PCASSO: A model for Safe Use of the Internet in healthcare". Journal of American Health Information Management Association (AHIMA), March 2000.

Google Scholar

[2]

Bertino E., Bonatti P., Ferrari E. "TRBAC: A Temporal Role-based Access Control Model". ACM Transactions on Information and System Security, 4(3), 2001.

Digital Library

Google Scholar

[3]

Clauss S., Kohntopp M. "Identity management and its support of multilateral security". In Computer Networks 37 (2001) 205--219, Elsevier Science B.V.

Digital Library

Google Scholar

[4]

Common Criteria for Information Technology Security Evaluation. CC version 2.1, August 1999. (aligned with ISO 15408:1999). Common Criteria project Sponsoring Organisations.

Google Scholar

[5]

Ferraiolo, Cugini, Kuhn "Role Based Access Control: Features and Motivations". Computer Security Applications Conference, 1995.

Google Scholar

[6]

Ferraiolo D. F., Sandhu R., Gavrila S., Kuhn D. R., Chandramouli R.: "A proposed standard for Role-Based Access Control" December 18, 2000.

Digital Library

Google Scholar

[7]

Health Informatics: Public Key Infrastructure: Part 1: Framework and overview. ISO/TC 215 N188, Draft Technical Specification ISO/DTS 17090-1.

Google Scholar

[8]

ISO TC 215/WG2: Healthcare Informatics - Trusted End-to-End Information flows. Technical report, 1 November 2000.

Google Scholar

[9]

Jones S., Wilikens M., Morris P., Masera M. "Trust requirements in e-Business", Communications of the ACM (Association for Computing), Vol. 43, No 12, December 2000.

Digital Library

Google Scholar

[10]

Mavridis I., Georgiadis C., Pangalis G., Khair M.: "Access Control based on Atrribute Certificates for Medical Intranet Applications". Journal of Medical Internet Research (JMIR) 2001:3(1):e9.

Google Scholar

[11]

OASIS: Organization for the Advancement of Structured Information Standards. eXtensible Access Control Markup Language (XACML). See

Google Scholar

[12]

Sandhu R, Coyne E.J., Feinstein H.L., Youman C.E. Role-based access control models. IEEE Computer, 29 (2), February 1996.

Digital Library

Google Scholar

Cited By

View all

Jiang RXin YChen ZZhang Y(2022)A medical big data access control model based on fuzzy trust prediction and regression analysisApplied Soft Computing10.1016/j.asoc.2022.108423(108423)Online publication date: Jan-2022
https://doi.org/10.1016/j.asoc.2022.108423
Jiang RXin YCheng HWu W(2021)T-RBAC Model Based on Two-Dimensional Dynamic Trust Evaluation under Medical Big DataWireless Communications & Mobile Computing10.1155/2021/99572142021Online publication date: 1-Jan-2021
https://dl.acm.org/doi/10.1155/2021/9957214
Khan MSakamura K(2016)The Context-Security Nexus in Ubiquitous ComputingLeadership and Personnel Management10.4018/978-1-4666-9624-2.ch030(660-679)Online publication date: 2016
https://doi.org/10.4018/978-1-4666-9624-2.ch030
Show More Cited By

Index Terms

A context-related authorization and access control method based on RBAC:
1. Applied computing
  1. Life and medical sciences
    1. Health care information systems

Recommendations

Parametric RBAC Maintenance via Max-SAT
SACMAT '18: Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies

In the past decade, many organizations have adopted a Role-Based Access Control model (RBAC) to reduce their administration costs and increase security. The migration to RBAC requires a role engineering phase aimed at generating "good" initial roles ...
Role-Based Access Control for Grid Database Services Using the Community Authorization Service

In this paper, we propose a role-based access control (RBAC) method for Grid database services in Open Grid Services Architecture-Data Access and Integration (OGSA-DAI). OGSA-DAI is an efficient Grid-enabled middleware implementation of interfaces and ...
Configuring role-based access control to enforce mandatory and discretionary access control policies

Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

SACMAT '02: Proceedings of the seventh ACM symposium on Access control models and technologies

June 2002

170 pages

ISBN:1581134967

DOI:10.1145/507711

General Chair:
Ravi Sandhu
George Mason University and SingleSignOn.Net
,
Program Chair:
Elisa Bertino
University of Milano, Italy

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 June 2002

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

SACMAT02

Sponsor:

SIGSAC

SACMAT02: 7th ACM Symposium on Access Control Models and Technologies

June 3 - 4, 2002

California, Monterey, USA

Acceptance Rates

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

40
Total Citations
View Citations
2,087
Total Downloads

Downloads (Last 12 months)19
Downloads (Last 6 weeks)2

Reflects downloads up to 11 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Jiang RXin YChen ZZhang Y(2022)A medical big data access control model based on fuzzy trust prediction and regression analysisApplied Soft Computing10.1016/j.asoc.2022.108423(108423)Online publication date: Jan-2022
https://doi.org/10.1016/j.asoc.2022.108423
Jiang RXin YCheng HWu W(2021)T-RBAC Model Based on Two-Dimensional Dynamic Trust Evaluation under Medical Big DataWireless Communications & Mobile Computing10.1155/2021/99572142021Online publication date: 1-Jan-2021
https://dl.acm.org/doi/10.1155/2021/9957214
Khan MSakamura K(2016)The Context-Security Nexus in Ubiquitous ComputingLeadership and Personnel Management10.4018/978-1-4666-9624-2.ch030(660-679)Online publication date: 2016
https://doi.org/10.4018/978-1-4666-9624-2.ch030
Sabri KObeid N(2016)A temporal defeasible logic for handling access control policiesApplied Intelligence10.1007/s10489-015-0692-844:1(30-42)Online publication date: 1-Jan-2016
https://dl.acm.org/doi/10.1007/s10489-015-0692-8
Ren WRen YWu MLee C(2015)A Robust and Flexible Access Control Scheme for Cloud-IoT Paradigm with Application to Remote Mobile Medical MonitoringProceedings of the 2015 Third International Conference on Robot, Vision and Signal Processing (RVSP)10.1109/RVSP.2015.38(130-133)Online publication date: 18-Nov-2015
https://dl.acm.org/doi/10.1109/RVSP.2015.38
Yuliana MPratiarso ASudarsono A(2015)Proof of attributes based CL signature Scheme on e-health applications2015 International Conference on Science in Information Technology (ICSITech)10.1109/ICSITech.2015.7407813(253-258)Online publication date: Oct-2015
https://doi.org/10.1109/ICSITech.2015.7407813
Bai YDai LLi J(2014)Issues and Challenges in Securing eHealth SystemsInternational Journal of E-Health and Medical Communications10.4018/ijehmc.20140101015:1(1-19)Online publication date: 1-Jan-2014
https://dl.acm.org/doi/10.4018/ijehmc.2014010101
Khan MSakamura K(2014)The Context-Security Nexus in Ubiquitous ComputingInternational Journal of Adaptive, Resilient and Autonomic Systems10.4018/ijaras.20140701045:3(61-81)Online publication date: 1-Jul-2014
https://dl.acm.org/doi/10.4018/ijaras.2014070104
Bai YDai LChung SDevaraj D(2014)Access control for cloud-based eHealth social networkingSecurity and Communication Networks10.1002/sec.7597:3(574-587)Online publication date: 1-Mar-2014
https://dl.acm.org/doi/10.1002/sec.759
Chun SKwon JLee H(2013)Social Credential-Based Role Recommendation and Patient Privacy Control in Medical EmergencyMethods, Models, and Computation for Medical Informatics10.4018/978-1-4666-2653-9.ch013(215-237)Online publication date: 2013
https://doi.org/10.4018/978-1-4666-2653-9.ch013
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Parametric RBAC Maintenance via Max-SAT

Role-Based Access Control for Grid Database Services Using the Community Authorization Service

Configuring role-based access control to enforce mandatory and discretionary access control policies