Integrating Policy-Driven Role Based Access Control with the Common Data Security Architecture
نویسنده
چکیده
This paper shows how Policy-Driven Role-Based Access Control (PDRBAC) techniques can be used to extend the Common Data Security Architecture (CDSA). The extensions provide constraint-based access control and are implemented using a flexible policy description language and a new trust policy enforcement mechanism. The expressiveness of the policy description language is demonstrated by examples and the integration of the policy enforcement mechanism with CDSA is described.
منابع مشابه
Attribute-based Access Control for Cloud-based Electronic Health Record (EHR) Systems
Electronic health record (EHR) system facilitates integrating patients' medical information and improves service productivity. However, user access to patient data in a privacy-preserving manner is still challenging problem. Many studies concerned with security and privacy in EHR systems. Rezaeibagha and Mu [1] have proposed a hybrid architecture for privacy-preserving accessing patient records...
متن کاملThe application of security policy to role-based access control and the common data security architecture
In this paper, the approaches to introducing security policy into Role-Based Access Control (RBAC) and the Common Data Security Architecture (CDSA) are proposed. We apply security policy to a role’s privileges in RBAC. The extended CDSA supports user-definable trust policy enforcement. Furthermore, a policy description language is discussed.
متن کاملEnforcing RBAC Policies over Data Stored on Untrusted Server (Extended Version)
One of the security issues in data outsourcing is the enforcement of the data owner’s access control policies. This includes some challenges. The first challenge is preserving confidentiality of data and policies. One of the existing solutions is encrypting data before outsourcing which brings new challenges; namely, the number of keys required to access authorized resources, efficient policy u...
متن کاملA combination of semantic and attribute-based access control model for virtual organizations
A Virtual Organization (VO) consists of some real organizations with common interests, which aims to provide inter organizational associations to reach some common goals by sharing their resources with each other. Providing security mechanisms, and especially a suitable access control mechanism, which enforces the defined security policy is a necessary requirement in VOs. Since VO is a complex ...
متن کاملAccess and Mobility Policy Control at the Network Edge
The fifth generation (5G) system architecture is defined as service-based and the core network functions are described as sets of services accessible through application programming interfaces (API). One of the components of 5G is Multi-access Edge Computing (MEC) which provides the open access to radio network functions through API. Using the mobile edge API third party analytics applications ...
متن کامل