A framework for multiple authorization types in a healthcare application system

Chandramouli, Ramaswamy

doi:10.1109/acsac.2001.991530

Cited by 32 publications

(23 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…[3,6,14]. However, the practical implications of implementing access policies based on individual consumer consent are not directly addressed.…”

Section: Rbac In Health Carementioning

confidence: 99%

“…It is particularly well suited to environments where access rights are based on competency or recognition of a professional qualification. Since this describes key aspects of the health care environment, it is hardly surprising that role-based approaches have found considerable support in health care settings [1,3,6].…”

Section: An Overview Of Role Based Access Controlmentioning

confidence: 99%

“…In practice, it is becoming far more challenging to ensure that all confidential health information disclosures have been consented to, particularly as health service providers adopt electronic systems based on internet technologies to facilitate This research was funded and supported by the Commonwealth of Australia -Department of Health and Ageing. 3 In practice there are a number of important exceptions to the requirement for express consent, e.g., consent can be implied by circumstances or deemed unnecessary by legislation. For more information on consent requirements in health care see [4,5].…”

Section: Introductionmentioning

confidence: 99%

“…This means that the clinician must have the consent of the consumer to share information about the consumer with a third party 3 . In practice, it is becoming far more challenging to ensure that all confidential health information disclosures have been consented to, particularly as health service providers adopt electronic systems based on internet technologies to facilitate This research was funded and supported by the Commonwealth of Australia -Department of Health and Ageing.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

A Novel Use of RBAC to Protect Privacy in Distributed Health Care Information Systems

Reid

Cheong

Henricksen

et al. 2003

Information Security and Privacy

View full text Add to dashboard Cite

Abstract. This paper examines the access control requirements of distributed health care information networks. Since the electronic sharing of an individual's personal health information requires their informed consent, health care information networks need an access control framework that can capture and enforce individual access policies tailored to the specific circumstances of each consumer. Role Based Access Control (RBAC) is examined as a candidate access control framework. While it is well suited to the task in many regards, we identify a number of shortcomings, particularly in the range of access policy expression types that it can support. For efficiency and comprehensibility, access policies that grant access to a broad range of entities whilst explicitly denying it to subgroups of those entities need to be supported in health information networks. We argue that RBAC does not support policies of this type with sufficient flexibility and propose a novel adaptation of RBAC principles to address this shortcoming. We also describe a prototype distributed medical information system that embodies the improved RBAC model.

show abstract

“…[3,6,14]. However, the practical implications of implementing access policies based on individual consumer consent are not directly addressed.…”

Section: Rbac In Health Carementioning

confidence: 99%

Section: An Overview Of Role Based Access Controlmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Novel Use of RBAC to Protect Privacy in Distributed Health Care Information Systems

Reid

Cheong

Henricksen

et al. 2003

Information Security and Privacy

View full text Add to dashboard Cite

show abstract

“…Since then there are many extended proposals for modeling fine-grained access control. We have role-templates [10], domain-type enforcement [2], content-based [20], team-based [9], and instance-level [11], just to name a few. Basically, they all attempt to base access control constraints on some more detailed relationships among the user, the function requested, and the data to be accessed, as we did here.…”

Section: Related Workmentioning

confidence: 99%

A Practical Aspect Framework for Enforcing Fine-Grained Access Control in Web Applications

Chen

Huang

2005

Information Security Practice and Experience

View full text Add to dashboard Cite

Abstract. Access control is a system-wide concern that has both a generic nature and an application dependent characteristic. It is generic as many functions must be protected with restricted access, yet the rule to grant a request is highly dependent on the application state. Hence it is common to see the code for implementing access control scattered over the system and tangled with the functional code, making the system difficult to maintain. This paper addresses this issue for Web applications by presenting a practical access control framework based on aspect-oriented programming (AOP). Our approach accommodates a wide range of access control requirements of different granularity. AOP supports the modular implementation of access control while still enables the code to get a hold of the application state. Moreover, framework technology offers a balanced view between reuse and customization. As a result, our framework is able to enforce fine-grained access control for Web applications in a highly adaptable manner.

show abstract

Towards Attribute-Centric Access Control: an ABAC versus RBAC argument

Fatima

Ghazi

Shibli

et al. 2016

Security Comm. Networks

View full text Add to dashboard Cite

Recent developments in attribute-based access control have fueled the conventional debate regarding the pros and cons of Attributes-based access control (ABAC) versus Role-based access control (RBAC). However, existing arguments have been primarily focused on the complexity analysis of the two models instead of their comprehensive need analysis. On the contrary, the success and evolution of RBAC as a de-facto access control model is based on the thorough need analysis of using roles as a primary decision factor for controlling access. Analogously, we need to consider the application areas for comparing the use of role-based and attribute-based approach. In this regard, our work aims to bridge the gap between the RBAC and the ABAC proponents by convincing the RBAC supporters of the effectiveness of ABAC. We identify various inherent traits of RBAC which have eventually become its limitations in addressing future access control needs for providing flexible, fine-grained, multifactor, and anonymous authorization in dynamically changing and context sensitive environments. These limitations are usually addressed either through extended RBAC models or ABAC model. We analyze the two approaches with respect to their effectiveness in overcoming the identified limitations and draw the conclusion that the attribute-centric approach is the ultimate future of access control.

show abstract

A framework for multiple authorization types in a healthcare application system

Cited by 32 publications

References 6 publications

A Novel Use of RBAC to Protect Privacy in Distributed Health Care Information Systems

A Novel Use of RBAC to Protect Privacy in Distributed Health Care Information Systems

A Practical Aspect Framework for Enforcing Fine-Grained Access Control in Web Applications

Towards Attribute-Centric Access Control: an ABAC versus RBAC argument

Contact Info

Product

Resources

About