Supporting Parameterised Roles with Object-based Access Control

Title
Supporting Parameterised Roles with Object-based Access Control
Publication Date
2003
Author(s)
Evered, Mark Peter
Editor
Editor(s): R H Sprague Jr
Type of document
Conference Publication
Language
en
Entity Type
Publication
Publisher
Institute of Electrical and Electronics Engineers (IEEE)
Place of publication
Los Alamitos, United States of America
DOI
10.1109/HICSS.2003.1174463
UNE publication id
une:4599
Abstract
The per-method access control lists of standard internet technologies allow only simple forms of access control to be expressed and enforced. They also fail to enforce a strict need-to-know view of persistent data. Real applications require more flexible security constraints including parameter restrictions, logging of accesses and state-dependent access constraints. In particular, the concept of parameterised roles, central to a fine-grained specification of access rules and compliance with privacy laws, should be supported in a natural way. In this paper we demonstrate how an object-based approach using the mechanism of bracket capabilities can be used to enforce various kinds of access constraints including discretionary, mandatory and parameterised role-based access control. We give examples from a health information system incorporating secure patient access and secure access by appropriate medical and administrative personnel.
Link
Citation
Proceedings of the 36th Annual Hawaii International Conference on System Sciences, p. 1-9
ISBN
0769518745
Start page
1
End page
9

Files:

NameSizeformatDescriptionLink