Access control in collaborative systems

Tolone, William J.; Ahn, Gail-Joon; Pai, Tanusree; Hong, Soon-Sam

doi:10.1145/1057977.1057979

Cited by 271 publications

(139 citation statements)

References 33 publications

Supporting

Mentioning

132

Contrasting

Unclassified

Order By: Relevance

“…Our work shares the common goal of protecting patients' medical records with the help of RBAC. In terms of access control and collaboration [21], a set of eight criteria critical in an collaborative environment are presented. We have begun to evaluate the degree that our COD extensions address these criteria.…”

Section: Background and Related Workmentioning

confidence: 99%

“…A patient's medical record differs from data stored in a database in that no data is ever deleted; the record continues to grow over time and can be distributed across multiple EMRs and PHRs. The key is to maintain a complete medical record, and to provide models of collaboration for providers as a patient moves among providers or locations [21].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Emerging Trends in Health Care Delivery: Towards Collaborative Security for NIST RBAC

Berhe

Demurjian

Agresta

2009

Data and Applications Security XXIII

View full text Add to dashboard Cite

Abstract. In the next 10 years there will be rapid adoption of health information technology -electronic medical records by providers and personal health records by patients -linked via health information exchange. There is an emergent need to provide secure access to information spread across multiple repositories for health care providers (e.g., physicians, nurses, home health aides, etc.) who collaborate with one another across cyberspace to deliver patient care. Are available security models capable of supporting collaborative access where providers are simultaneously modifying a patient's medical record? To address this question, this paper details collaborative security extensions to NIST RBAC.

show abstract

Section: Background and Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Emerging Trends in Health Care Delivery: Towards Collaborative Security for NIST RBAC

Berhe

Demurjian

Agresta

2009

Data and Applications Security XXIII

View full text Add to dashboard Cite

show abstract

“…A survey on access control for collaborative systems can be found in [16]. We only recall some representative approaches and their shortcomings.…”

Section: Related Workmentioning

confidence: 99%

“…One of the most challenging problem in DCE is balancing the computing goals of collaboration and access control to shared information [16]. Indeed interaction in collaborative editors is aimed at making shared document available to all who need it, whereas access control seeks to ensure this availability only to users with proper authorization.…”

Section: Introductionmentioning

confidence: 99%

A Flexible Access Control Model for Distributed Collaborative Editors

Imine

Cherif

Rusinowitch

2009

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Distributed Collaborative Editors (DCE) provide computer support for modifying simultaneously shared documents, such as articles, wiki pages and programming source code, by dispersed users. Controlling access in such systems is still a challenging problem, as they need dynamic access changes and low latency access to shared documents. In this paper, we propose a flexible access control model where the shared document and its authorization policy are replicated at the local memory of each user. To deal with latency and dynamic access changes, we use an optimistic access control technique in such a way that enforcement of authorizations is retroactive. We show that naive coordination between updates of both copies can create security holes on the shared document, by permitting illegal modifications or rejecting legal modifications. Finally, we present a prototype for managing authorizations in collaborative editing work which may be deployed easily on P2P networks.

show abstract

“…Based on such a formalization it should be possible to specify changes and their operational semantics. For this purpose, first of all, we introduce a meta model for defining organizational structures, which is comparable to the meta models current access control models are based on (e.g., [6,15,16]). In this paper we restrict our considerations to the basic entity types organizational unit, role and actor (cf.…”

Section: Framework For Creating and Evolving Organizational Modelsmentioning

confidence: 99%

A Formal Framework for Adaptive Access Control Models

Rinderle

Reichert

Journal on Data Semantics IX

View full text Add to dashboard Cite

Abstract. For several reasons enterprises are frequently subject to organizational change. Respective adaptations may concern business processes, but also other components of an enterprise architecture. In particular, changes of organizational structures often become necessary. The information about organizational entities and their relationships is maintained in organizational models. Therefore the quick and correct adaptation of these models is fundamental to adequately cope with organizational changes. However, model changes alone are not sufficient to guarantee consistency. Since organizational models also provide the basis for defining access rules (e.g., actor assignments in workflow management systems or access rules in document-centered applications) this information has to be adapted accordingly (e.g., to avoid dangling references or non-resolvable actor assignments). Current approaches do not adequately address this problem, which often leads to security gaps and delayed change implementation.In this paper we introduce a formal framework for the controlled evolution of organizational models and related access rules. Firstly, we introduce a set of operators with well-defined semantics for defining and changing organizational models. Secondly, we show how to define access rules based on such models. In this context we also define a notion of correctness for access rules. Thirdly, we present a formal framework for the (semi-automated) adaptation of access rules when the underlying organizational model is changed by exploiting the semantics of the applied changes. Altogether the presented approach provides an important contribution for realizing adaptive access control frameworks.

show abstract

Access control in collaborative systems

Cited by 271 publications

References 33 publications

Emerging Trends in Health Care Delivery: Towards Collaborative Security for NIST RBAC

Emerging Trends in Health Care Delivery: Towards Collaborative Security for NIST RBAC

A Flexible Access Control Model for Distributed Collaborative Editors

A Formal Framework for Adaptive Access Control Models

Contact Info

Product

Resources

About