| Author(s) |
Evered, Mark Peter
|
| Publication Date |
2003
|
| Abstract |
The per-method access control lists of standard internet technologies allow only simple forms of access control to be expressed and enforced. They also fail to enforce a strict need-to-know view of persistent data. Real applications require more flexible security constraints including parameter restrictions, logging of accesses and state-dependent access constraints. In particular, the concept of parameterised roles, central to a fine-grained specification of access rules and compliance with privacy laws, should be supported in a natural way. In this paper we demonstrate how an object-based approach using the mechanism of bracket capabilities can be used to enforce various kinds of access constraints including discretionary, mandatory and parameterised role-based access control. We give examples from a health information system incorporating secure patient access and secure access by appropriate medical and administrative personnel.
|
| Citation |
Proceedings of the 36th Annual Hawaii International Conference on System Sciences, p. 1-9
|
| ISBN |
0769518745
|
| Link | |
| Language |
en
|
| Publisher |
Institute of Electrical and Electronics Engineers (IEEE)
|
| Title |
Supporting Parameterised Roles with Object-based Access Control
|
| Type of document |
Conference Publication
|
| Entity Type |
Publication
|
| Name | Size | format | Description | Link |
|---|