A flexible content and context-based access control model for multimedia medical image database systems

Quantified Score

Visualization

Abstract

In many health care information systems medical images are an important part of the multimedia medical patient record. Most of the work on multimedia medical images security until now has focused on cryptographic approaches. While valuable, cryptography is not enough to control access to medical images. Therefore additional protection approaches should be applied at a higher level. Role-based access control (RBAC) is a good candidate to provide access control in a multimedia medical image database system. Roles accurately describe which types of people need to access to certain types of objects. However, in a multimedia medical image database system, specifications of image access rights are often content and context-dependent as well as time-dependent. Unfortunately, RBAC cannot be used to handle the above requirements. In this paper we describe an extended role-based access control model by considering, in the specification of the Role-Permission relationship phase, the constraints which must be satisfied in order for the holders of the permission to use those permissions. The use of constraints allows role-based access control to be tailored to specify very fine-grained, flexible, content, context and time-based access control policies. The proposed access control model preserves the advantages of scaleable security administration that RBAC-style models offer and yet offers the flexibility to specify complex access restrictions based on the semantic content of the images, the attributes of the user accessing the image, the relationship between the user and the patient whose images are to be accessed and the time. The description of an access control algorithm and a system architecture for a secure medical image DBMS are also presented.