eMEDAC: Role-based Access Control Supporting Discretionary and Mandatory Features
نویسندگان
چکیده
In this paper, we present an enhanced use of RBAC features in articulating a security policy for access control in medical database systems. The main advantage of this implementation is that it supports both MAC and DAC features at the same time; a feature that has been proved to be necessary in healthcare environments. The eMEDAC security policy that results from the above implementation provides an enhanced redefinition of a number of mechanisms of the already known MEDAC security policy. The concept of hyper node hierarchies is proposed for deriving totally ordered security levels while preserving the role hierarchy levels required satisfying particular administration needs. Finally, a demonstration example is given based on the pilot implementation of the proposed security policy in a major Greek hospital. The advantages offered are related to the efficiency of access control, the flexibility and decentralisation of administration, and the storage savings.
منابع مشابه
Con guring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies
Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general enough to simulate the traditional methods. In this paper we provide systematic constructions for various common forms of both of the tradition...
متن کاملDiscretionary and Mandatory Controls for Role-Based Administration
Role-based access control is an important way of limiting the access users have to computing resources. While the basic concepts of role-based access control are now well understood, there is no consensus on the best approach to managing role-based systems. In this paper, we introduce a new model for role-based administration, using the notions of discretionary and mandatory controls. Our model...
متن کاملEnhancing UML to Model Custom Security Aspects
Despite its widespread usage, the Unified Modeling Language (UML) specification still lacks formal, explicit, support for access control. This paper proposes an approach to model security as a separate concern by augmenting UML with separate and new diagrams for role-based, discretionary, and mandatory access controls; collectively, these diagrams provide visual access-control aspects. Individu...
متن کاملABAM: An Attribute-Based Access Matrix Model
In traditional access control models like mandatory access control (MAC), discretionary access control (DAC), and role-based access control (RBAC), authorization decisions are determined according to the identities of subjects and objects, which are authenticated by a system completely. Recent access control practices, such as digital rights management (DRM), trust management, and usage control...
متن کاملRole-Based Access Control
While Mandatory Access Controls (MAC) are appropriate for multilevel secure military applications, Discretionary Access Controls (DAC) are often perceived as meeting the security processing needs of industry and civilian government. This paper argues that reliance on DAC as the principal method of access control is unfounded and inappropriate for many commercial and civilian government organiza...
متن کامل