A model of accountability, confidentiality and override for healthcare and other applications
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Role-based access control on the web
ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
A model for role administration using organization structure
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Improving the granularity of access control for Windows 2000
ACM Transactions on Information and System Security (TISSEC)
Role based access control for a medical database
SEA '07 Proceedings of the 11th IASTED International Conference on Software Engineering and Applications
A web-based framework for collaborative innovation
ISoLA'10 Proceedings of the 4th international conference on Leveraging applications of formal methods, verification, and validation - Volume Part I
Hi-index | 0.00 |
We present a model of authorisation that is more powerful than Role Based Access Control (RBAC), and is suitable for complex web applications in addition to computer systems administration. It achieves its functionality by combining Identity Based Access Control (IBAC) and RBAC in novel ways. A particular feature of the model is a rigorous definition of override, for granting access to data and resources in exceptional circumstances. Despite its power, the model can be implemented by a single algorithm, as an extension to RBAC. The basis of the model is a new concept of permission, which we call Confidentiality Permission. There are five types of confidentiality permission, for granting access rights for identities and roles; also negative confidentiality permissions, for denying access to data and resources, exist. A single concept of Collection is used for structuring roles, identities, resource and resource type, although the RBAC general and limited role hierarchies can be used if desired. Confidentiality permissions may be defined to inherit within collections, thereby providing a mechanism for confidentiality permission assignment; however confidentiality permissions may be assigned in other ways that do not depend on collections. We use a demanding scenario from Electronic Health Records to illustrate the power of the model. We have produced several demonstrators, one of which utilises the model to control data retrieval from commercial GP and Social Services systems.