Article

A context-related authorization and access control method based on RBAC:

Authors:
Marc Wilikens

Institute for the Protection and Security of the Citizen, Ispra (VA), Italy

Institute for the Protection and Security of the Citizen, Ispra (VA), Italy
View Profile

,
Simone Feriti

Scientific Institute Hospital San, Milan, Italy

Scientific Institute Hospital San, Milan, Italy
View Profile

,
Alberto Sanna

Scientific Institute Hospital San, Milan, Italy

Scientific Institute Hospital San, Milan, Italy
View Profile

,
Marcelo Masera

Institute for the Protection and Security of the Citizen, Ispra (VA), Italy

Institute for the Protection and Security of the Citizen, Ispra (VA), Italy
View Profile

SACMAT '02: Proceedings of the seventh ACM symposium on Access control models and technologiesJune 2002Pages 117–124https://doi.org/10.1145/507711.507730

Published:03 June 2002Publication History

SACMAT '02: Proceedings of the seventh ACM symposium on Access control models and technologies

Pages 117–124

ABSTRACT

This paper describes an application of authorization and access control based on the Role Based Access Control (RBAC) method and integrated in a comprehensive trust infrastructure of a health care application. The method is applied to a health care business process that involves multiple actors accessing data and resources needed for performing clinical and logistics tasks in the application. The notion of trust constituency is introduced as a concept for describing the context of authorisation. In addition, the applied RBAC covers time constraints, hierarchies and multi-level authorization rules for coping with the multi-actor nature and the complexity of the application domain. The DRIVE RBAC model clearly distinguishes between static role assignment to users and dynamic allocation of roles at session time. The paper, while focusing on the authorization and access control approach, also describes how the RBAC functions have been integrated in a trust infrastructure including smart cards.

References

Baker, Dixie. "PCASSO: A model for Safe Use of the Internet in healthcare". Journal of American Health Information Management Association (AHIMA), March 2000.Google Scholar
Bertino E., Bonatti P., Ferrari E. "TRBAC: A Temporal Role-based Access Control Model". ACM Transactions on Information and System Security, 4(3), 2001. Google ScholarDigital Library
Clauss S., Kohntopp M. "Identity management and its support of multilateral security". In Computer Networks 37 (2001) 205--219, Elsevier Science B.V. Google ScholarDigital Library
Common Criteria for Information Technology Security Evaluation. CC version 2.1, August 1999. (aligned with ISO 15408:1999). Common Criteria project Sponsoring Organisations.Google Scholar
Ferraiolo, Cugini, Kuhn "Role Based Access Control: Features and Motivations". Computer Security Applications Conference, 1995.Google Scholar
Ferraiolo D. F., Sandhu R., Gavrila S., Kuhn D. R., Chandramouli R.: "A proposed standard for Role-Based Access Control" December 18, 2000. Google ScholarDigital Library
Health Informatics: Public Key Infrastructure: Part 1: Framework and overview. ISO/TC 215 N188, Draft Technical Specification ISO/DTS 17090-1.Google Scholar
ISO TC 215/WG2: Healthcare Informatics - Trusted End-to-End Information flows. Technical report, 1 November 2000.Google Scholar
Jones S., Wilikens M., Morris P., Masera M. "Trust requirements in e-Business", Communications of the ACM (Association for Computing), Vol. 43, No 12, December 2000. Google ScholarDigital Library
Mavridis I., Georgiadis C., Pangalis G., Khair M.: "Access Control based on Atrribute Certificates for Medical Intranet Applications". Journal of Medical Internet Research (JMIR) 2001:3(1):e9.Google Scholar
OASIS: Organization for the Advancement of Structured Information Standards. eXtensible Access Control Markup Language (XACML). SeeGoogle Scholar
Sandhu R, Coyne E.J., Feinstein H.L., Youman C.E. Role-based access control models. IEEE Computer, 29 (2), February 1996. Google ScholarDigital Library

Index Terms

A context-related authorization and access control method based on RBAC:
1. Applied computing
  1. Life and medical sciences
    1. Health care information systems

Recommendations

Configuring role-based access control to enforce mandatory and discretionary access control policies

Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...
Read More
Parametric RBAC Maintenance via Max-SAT
SACMAT '18: Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies

In the past decade, many organizations have adopted a Role-Based Access Control model (RBAC) to reduce their administration costs and increase security. The migration to RBAC requires a role engineering phase aimed at generating "good" initial roles ...
Read More
Role-Based Access Control for Grid Database Services Using the Community Authorization Service

In this paper, we propose a role-based access control (RBAC) method for Grid database services in Open Grid Services Architecture-Data Access and Integration (OGSA-DAI). OGSA-DAI is an efficient Grid-enabled middleware implementation of interfaces and ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SACMAT '02: Proceedings of the seventh ACM symposium on Access control models and technologies
June 2002
170 pages
ISBN:1581134967
DOI:10.1145/507711
General Chair:
Ravi Sandhu
George Mason University and SingleSignOn.Net
,
Program Chair:
Elisa Bertino
University of Milano, Italy
Copyright © 2002 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 3 June 2002
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
role based access control (RBAC)
secure health care system
trust infrastructure
Qualifiers
- Article
Conference

Acceptance Rates
Overall Acceptance Rate177of597submissions,30%
Upcoming Conference
SACMAT 2024

Sponsor:

sigsac

The 29th ACM Symposium on Access Control Models and Technologies

May 15 - 17, 2024

San Antonio , TX , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 40
  Total Citations
  View Citations
- 2,075
  Total Downloads
- Downloads (Last 12 months)18
- Downloads (Last 6 weeks)2
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

A context-related authorization and access control method based on RBAC:

SACMAT '02: Proceedings of the seventh ACM symposium on Access control models and technologies

ABSTRACT

References

Cited By

Index Terms

Recommendations

Configuring role-based access control to enforce mandatory and discretionary access control policies

Parametric RBAC Maintenance via Max-SAT

Role-Based Access Control for Grid Database Services Using the Community Authorization Service