Evolution of access control models for protection of  patient details: a survey

Sinha, Geetanjali; K.C, Prabhu Shankar; Jain, Shaurya

doi:10.14419/ijet.v7i2.8.10520

Cited by 2 publications

(1 citation statement)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…First, some studies focus on controlling subjects (users, etc.) such as Discretionary Access Control (DAC) and Role-Based Access Control (RBAC) (Bertino, 2003;Ferraiolo and Kuhn, 1992;Kuhn et al, 2010;Sandhu et al, 1996;2000;United Nations, 2004), while some are about the expansion of such methods (Bertino et al, 2005;Kalinin et al, 2018;Sinha et al, 2018;Zhao and Chen, 2013) Second, techniques such as masking (Mansfield-Devine, 2014), digital watermarking (Kumar, 2019), image fusion (Gupta and Kumar, 2019) and encryption (Davida et al, 1981;Elovici et al, 2004) are aiming at strengthening the security of objects such as data. Third, those that consider both subjects and objects include Mandatory Access Control (MAC).…”

Section: Introductionmentioning

confidence: 99%

A Design of MAC Model Based on the Separation of Duties and Data Coloring: DSDC-MAC

Lee¹,

Kim²,

Kim³

et al. 2020

Journal of Computer Science

View full text Add to dashboard Cite

Among the access control methods for database security, there is Mandatory Access Control (MAC) model in which the security level is set to both the subject and the object to enhance the security control. Legacy MAC models have focused only on one thing, either confidentiality or integrity. Thus, it can cause collisions between security policies in supporting confidentiality and integrity simultaneously. In addition, they do not provide a granular security class policy of subjects and objects in terms of subjects' roles or tasks. In this paper, we present the security policy of Bell_LaPadula Model (BLP) model and Biba model as one complemented policy. In addition, Duties Separation and Data Coloring (DSDC)-MAC model applying new data coloring security method is proposed to enable granular access control from the viewpoint of Segregation of Duty (SoD). The case study demonstrated that the proposed modeling work maintains the practicality through the design of Human Resources management System. The proposed model in this study is suitable for organizations like military forces or intelligence agencies where confidential information should be carefully handled. Furthermore, this model is expected to protect systems against malicious insiders and improve the confidentiality and integrity of data.

show abstract