Title :
Supporting parameterised roles with object-based access control
Author_Institution :
New England Univ., Armidale, NSW, Australia
Abstract :
The per-method access control lists of standard Internet technologies allow only simple forms of access control to be expressed and enforced. They also fail to enforce a strict need-to-know view of persistent data. Real applications require more flexible security constraints including parameter restrictions, logging of accesses and state-dependent access constraints. In particular, the concept of parameterised roles, central to a fine-grained specification of access rules and compliance with privacy laws, should be supported in a natural way. In this paper, we demonstrate how an object-based approach using the mechanism of bracket capabilities can be used to enforce various kinds of access constraints including discretionary, mandatory and parameterised role-based access control. We give examples from a health information system incorporating secure patient access and secure access by appropriate medical and administrative personnel.
Keywords :
authorisation; data privacy; distributed object management; medical information systems; middleware; Internet technology; access logging; access rules; administrative personnel; bracket capability; discretionary access control; fine-grained specification; flexible security constraints; health information system; mandatory access control; medical personnel; object-based access control; parameter restrictions; parameterised role-based access control; parameterised roles; per-method access control; privacy laws; secure patient access; state-dependent access constraints; Access control; Cryptography; Data security; Internet; Middleware; Object oriented modeling; Power system modeling; Privacy; Protection; Relational databases;
Conference_Titel :
System Sciences, 2003. Proceedings of the 36th Annual Hawaii International Conference on
Print_ISBN :
0-7695-1874-5
DOI :
10.1109/HICSS.2003.1174463
