I-RBAC: Isolation enabled role-based access control

Access control is a means by which the ability to access the system is explicitly enabled or restricted in some way. Access control system enables an authority to control access to areas and resources in a given physical facility or computer-based information system. In Role-based Access Control (RBAC) model, access to resources is based on the role of the user in an organization. Previous RBAC models have encountered various problems in meeting the growing and diverse security needs of the organizations. Hence, we propose Isolation Enabled Role-based Access Control (I-RBAC) model. The basic idea of our model is to incorporate the isolation concepts into the NIST (National Institute of Standards and Technology) RBAC model such that it can be applied in a broader domain. In I-RBAC, the operation on an object by the role is executed inside isolation environment if the role or the operation is predefined to be isolated. Typical roles include inexperienced personnel (such as intern doctors) and delegatee. At the end of each session a security check for accumulated modifications will notify the user about the consistency of the environments. Evaluation of the implementation of the prototype on a Health Care System demonstrates the effectiveness of I-RBAC model. The key idea is to ensure system availability at all times for all the roles, while simultaneously ensuring the system integrity and security. Another main advantage is that, it would be a cost-effective alternative to building a separate RBAC system to enable otherwise disallowed accesses, such as the training roles.