Fine-Granularity Access Control in 3-Tier Laboratory Information Systems

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Xueli Li Articles by Nomair A. Naeem Articles by Bettina Kemme

9th International Database Engineering & Application Symposium (IDEAS'05)

Montreal, Canada

July 25-July 27

ISBN: 0-7695-2404-4

	ASCII Text	x
	Xueli Li, Nomair A. Naeem, Bettina Kemme, "Fine-Granularity Access Control in 3-Tier Laboratory Information Systems," Database Engineering and Applications Symposium, International, pp. 391-397, 9th International Database Engineering & Application Symposium (IDEAS'05), 2005.

	BibTex	x
	@article{ 10.1109/IDEAS.2005.30, author = {Xueli Li and Nomair A. Naeem and Bettina Kemme}, title = {Fine-Granularity Access Control in 3-Tier Laboratory Information Systems}, journal ={Database Engineering and Applications Symposium, International}, volume = {0}, year = {2005}, issn = {1098-8068}, pages = {391-397}, doi = {http://doi.ieeecomputersociety.org/10.1109/IDEAS.2005.30}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Database Engineering and Applications Symposium, International TI - Fine-Granularity Access Control in 3-Tier Laboratory Information Systems SN - 1098-8068 SP391 EP397 A1 - Xueli Li, A1 - Nomair A. Naeem, A1 - Bettina Kemme, PY - 2005 KW - null VL - 0 JA - Database Engineering and Applications Symposium, International ER -

Xueli Li, National Research Council of Canada

Nomair A. Naeem, McGill University

Bettina Kemme, McGill University

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/IDEAS.2005.30

Laboratory information systems (LIMS) are used in life science research to manage complex experiments. Since LIMS systems are often shared by different research groups, powerful access control is needed to allow different access rights to different records of the same table. Traditional access control models that define a permission as the right of a user/role to perform a specific operation on a specific object cannot handle the enormous amount of objects and user/roles. In this paper we propose an enhancement to role-based access control by introducing conditions that can be added to the traditional concept of permissions in order to keep the number of permissions small. Furthermore, we present an implementation of our access control model at the application programming level. Although access control is performed for every single database access, our solution completely separates access control from the application logic by using aspect-oriented programming. With this, access control can be integrated into a legacy 3-tier information system without changing the application programs.

Citation:

Xueli Li, Nomair A. Naeem, Bettina Kemme, "Fine-Granularity Access Control in 3-Tier Laboratory Information Systems," ideas, pp.391-397, 9th International Database Engineering & Application Symposium (IDEAS'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.