Role based access control for a medical database

Proceedings of the 11th IASTED International Conference on Software Engineering and Applications, SEA 2007

Volumn , Issue , 2007, Pages 226-233

  Slevin, Lindi A ^a   Macfie, Alex ^a  

^a UNIVERSITY OF WESTMINSTER   (United Kingdom)

Author keywords

Authorization; Medical database; NHS; RBAC

Indexed keywords

APPLICATION PROGRAMS; DATABASE SYSTEMS; HOSPITAL DATA PROCESSING; MEDICAL COMPUTING; SOFTWARE ENGINEERING;

AUTHORIZATION; MEDICAL DATABASE; NATIONAL HEALTH SERVICES; NATIONAL PROGRAM; RBAC; ROLE-BASED ACCESS CONTROL; SECURITY MECHANISM; UNITED KINGDOM;

ACCESS CONTROL;

EID: 77957580896     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (60)

1. T. Adams, M. Budden, C. Hoare, and H. Sanderson, "Lessons from the Central Hampshire Electronic Health Record Pilot Project: Issues of Data Protection and Consent, " BMJ, vol. 328, pp. 871-874, Apr. 2004.
2. T. Huston, "Security Issues for implementation of E-Medical Records, " Communications of ACM, vol. 44, no. 9, pp. 89-94, Sept. 2001.
3. R. Lederman, "Managing Hospital Databases: Can Large Hospitals Really Protect Patient Data, " Health Informatics Journal, vol. 11, no. 3, pp. 201-210, Sept. 2005.
4. R. Sandhu, E. Coyne, H. Feinstein, and C. Youman, "Role Based Access Control Models, " IEEE Computer, vol. 29, no 2, pp. 38-47, Feb. 1996.
5. National Program for Information Technology, Available: http://www.connectingforhealth.nhs.uk/delivery/
6. RBAC for accessing the NHS Care Record Service, Available: http://www.cpa.org.uk/sap/glossary/glossary.html
7. I. Mavridis, and G. Pangalos, "Determining User Authorizations in Distributed Database Systems, " in Advances in Informatics 2001 Proc. PCI Conf.
8. R. Sandhu, and P. Samarati, "Authentication, Access Control and Audit, " ACM Computing Surveys, vol. 28, no. 1, pp. 241-243, Mar. 1996.
9. D. E. Denning, and J. Schlörer, "Inference Controls for Statistical Databases, " IEEE Computer journal, vol. 16, no. 7, pp. 69-82, 1983.
10. R. Elmasri and S. B. Navathe, Fundamentals of Database Systems, 3rd Edition, Addison-Wesley, 2000.
11. T. F. Lunt, "A Survey of Intrusion Detection Techniques, " Computers and Security, vol. 12, no. 4, pp. 405-418, 1993.
12. S. Castano, M. Fugini, G. Martella, and P. Samarati, Database Security, Addison-Wesley, 1995.
13. Department of Defense, "Trusted Computer Security Evaluation Criteria, " National Computer Security Center, Fort Meade, MD Technical Report DoD 5200.28-STD, 1985.
14. R. H. Campbell, Z. Liu, M. D. Mickunas, P. Naldurg, and S. Yi, "Seraphim: Building Dynamic Interoperable Security Architecture For Active Networks", in 2000 Proc. IEEE OPENARCH Conf., pp. 55-64.
15. K. Clark, "Negation as Failure", in Logic and Databases, H. Gallaire and J. Minker, Eds. New York: Plenum Press, 1978, pp. 293-322.
16. D. Ferraiolo, D. Kuhn, and R. Chandramouli, Role-Based Access Control, Artech House, 2003.
17. A. Kern, and C. Walhorn, "Rule Support for Role Based Access Control, " in 2005 Proc. ACM SACMAT Conf., pp. 130-138.
18. R. Sandhu, V. Bhamidipati, R. Coyne, S. Ganta, and C. Youman, "The ARBAC97 Model for Role-Based Administration of Roles: Preliminary Description and Outline, " IEEE Computer, vol. 29, no. 2, pp. 38-47, 1997.
19. D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kyhn, and R. Chandramouli, "Proposed NIST Standard for Role-Based Access Control, " ACM Trans. on Information Systems Security, 4(3) pp. 224-274 Aug. 2001.
20. M. P. Gallaher, A. C. O'Connor, and B. Kropp, "The Economic Impact of RBAC, " National Institute of Standards and Technology, Gaithersburg, MD TRI Project Number 07007.012, 2002.
21. E. C. Lupu, D. A. Marriott, M. S. Sloman, and N. Yialelis, "A Policy Based Role Framework for Access Control, " in 1996 Proc. ACM SACMAT Workshop on RBAC, article no. 11.
22. S. Barker, "Secure Deductive Databases", in 2001 Proc. Symposium on PADL, pp. 123-137.
23. T. Swift, and D. S. Warren, "XSB Performance Measurement, " SUNY at Stony Brook, New York, NY Technical Report, 1993.
24. R. K. Thomas, "Team-Based Access Control: A Primitive for Applying Role-Based Access Controls in Collaborative Environments, " in 1997 Proc. ACM Workshop on Role-Based Access Control, pp. 13-19.
25. R. K. Thomas, R. S. Sandhu, "Task-Based Authorization Control: A Family of models for Active and Enterprise Oriented Authorization Management, " in 1997 Proc. IFIP WG11.3 Workshop on DB Security.
26. L. Zhang, G. J. Ahn, B. T. Chu, "A Role Based Delegation Framework for Healthcare Information Systems, " in 2002 Proc. ACM SACMAT, pp. 125-134.
27. T. Przymusinski, "On the Declarative Semantics of Deductive Databases and Logic Programming, " in Foundations of Deductive Databases and Logic Programming, J. Minker, Ed. Morgan- Kaufmann, 1988, pp. 193-216.
28. S. Barker, "Protecting Deductive Databases from Unauthorized Retrievals, " in 2000 Proc. IFIP TC11 WG11.3 Working Group Conference on Database Security, pp.185-196.
29. G. Pangalos, "Design and Implementation of Secure Medical Database Systems, " Journal of Medical Informatics, vol. 20, no. 3, pp. 265-277, 1995.
30. I. Mavridis, G. Pangalos, and M. Khair, "EMEDAC: Role-Based Access Control Supporting Discretionary and Mandatory Features, " in 1999 Proc. IFIP TC11 WG11.3 Working Conference on Database Security.
31. S. Barker, and P. Stuckey, "Flexible Access Control Policy Specification with Constraint Logic Programming, " ACM Transactions on Information and Systems Security, vol. 6, no. 4, pp. 501-546, Nov. 2003.
32. D. E. Bell, and L. J. LaPadula, "Secure Computer System: Unified Exposition and MULTICS Interpretation, " MITRE Corp., Bedford, MA Technical Report ESD-TR-75-306, 1975.
33. V. Tolone, G. J. Ahn, and T. Pai, "Access Control in Collaborative Systems, " ACM Computing Survey, vol. 37, no. 1, pp. 29-41, Mar. 2005.
34. D. Ferraiolo, F. Barkley, and R. Kuhn, "A Role-Based Access Control Model and Reference Implementation Within a Corporate Intranet, " ACM Transactions on Information and Systems Security, vol. 2, no. 1, pp. 24-64, Feb. 1999.
35. R. Bhatti, A. Ghafoor, and E. Bertino, "X-GTRBAC: An XML-Based Policy Specification Framework and Architecture for Enterprise-Wide Access Control, " ACM Transactions on Information and System Security, vol. 8, no. 2, pp. 187-227, May 2005.
36. R. Adaikkalavan, and S. Chakravarthy, "SmartGate: A Smart Push- Pull Approach to Support Role Based Security in Web Gateways, " in 2005 Proc. SAC, pp. 1727-1731.
37. M. Strembeck and G. Neumann, "An Integrated Approach to Engineer and Enforce Context Constraints in RBAC Environments, " ACM Transactions on Information and System Security, vol. 7(3) pp. 392-427, Aug. 2004.
38. K. Taylor, J. Murty, "Implementing Role Based Access Control for Federated Information Systems on the Web, " in 2003 Proc. AISW, pp. 87-95.
39. J. Bacon, K. Moodu, W. Yao, "A Model of OASIS Role-Based Access Control and its Support for Active Security, " ACM Transaction on Information System Security, vol. 5, no. 4, pp. 492- 540, Nov. 2002.
40. L. R. Simpson, "Ensuring Patient Data Privacy, Confidentiality and Security, " Nursing Management, vol. 25, no. 7, pp. 18-20, July 1994.
41. Data Protection Act, Available: http://www.opsi.gov.uk/acts/acts1998/19980029.htm
42. G. Wiederhold, M. Biello, V. Sarathy, X. Qian, "Protecting Collaboration, " in 1996 Proc. NISS Conf., pp. 561-569.
43. R. Anderson, "A Security Policy Model for Clinical Information Systems, " in 1996 Proc. IEEE Symposium on Security and Privacy, pp. 30-45.
44. J. Longstaff, M. Lockyer, J. Nicholas, "A Model of Accountability, Confidentiality and Override for Healthcare and Other Applications, " in 2000 Proc. ACM Workshop on RBAC, pp. 71-76.
45. G. Potamias, M. Tsiknakis, D. Katehakis, E. Karabela, V. Moustakis, S. Orphanoudakis, "Role-based Access to Patient Clinical Data: The InterCare Approach in the Region of Crete, " in 2000 Proc. MIE and GMDS, pp. 1074-1079.
46. J. Poole, J. Barkley, K. Brady, A. Cincotta, W. Salamon, "Distributed Communications methods and Role-Based Access Control for use in Healthcare Applications, " in 1995 Proc. CHIN Summit.
47. I. Mavridis, C. Georgiadis, G. Pangalos, M. and Khair, "Access Control Based on Attribute Certificates for Medical Intranet Applications, " Journal of Medical Internet Research, vol. 3, no. 1, e9, Mar. 2001.
48. J. Moffett, E. C. and Lupu, "The Uses of Role Hierarchies in Access Control, " in 1999 Proc. ACM Workshop on RBAC, pp. 153-160.
49. M. Wilikens, S. Feriti, A. Sanna, M. Masera, 2002, "A Context Based Authorization and Access Control Method Based on RBAC: A Case Study from Heath Care Domain, " in 2002 Proc. ACM SACMAT, pp. 117-124.
50. K. Sohr, M. Drouineaud, G. J. Ahn, "Formal Specification of Role Based Security Policies for Clinical Information Systems, " in 2005 Proc. SAC, pp. 332-339.
51. The XSB Programmer's Manual Version 2.7.1 S. Debray, D. S. Warren, and J. Xu 2005 Dept of Computer Science, Stony Brook, NY, USA
52. ORACLE, Available: http://www.oracle.com/database/index.html
53. SAP, Available: http://www.sap.com/index.epx
54. Sun Java System Identity Manager, Available: http://www.sun.com/software/products/identity-mgr/
55. K. Sagonas, T. Swift, and D. S. Warren "XSB as an Efficient Deductive Database Engine, " in 1994 Proc. Int'l Conference on Management of Data, pp442-453.
56. W. Chen, T. Swift, and D. S. Warren, "Efficient Implementation of General Logical Queries, " Journal of Logic Programming, to be published.
57. J2EE, Available: http://java.sun.com/javaee/index.jsp
58. K. Beznosov, "Future Directions of Access Control Models, rchitectures and Technologies, " in 2005 Proc. ACM SACMAT, pp. 8.
59. S. Oh and S. Park, "Enterprise model as a Basis of Administration on Role-based Access Control, " in 2001 Proc. SACMAT, pp. 150-158.
60. J. J. Longstaff, M. A. Lockyer, J. Nicholas, "The Tees Confidentiality Model: An Authorization Model for Identities and Roles, " in 2003 Proc. ACM SACMAT, pp. 125-133.