The Community for Technology Leaders
2014 47th Hawaii International Conference on System Sciences (2003)
Big Island, Hawaii
Jan. 6, 2003 to Jan. 9, 2003
ISBN: 0-7695-1874-5
pp: 204c
Mark Evered , University of New England
The per-method access control lists of standard internet technologies allow only simple forms of access control to be expressed and enforced. They also fail to enforce a strict need-to-know view of persistent data. Real applications require more flexible security constraints including parameter restrictions, logging of accesses and state-dependent access constraints. In particular, the concept of parameterised roles, central to a fine-grained specification of access rules and compliance with privacy laws, should be supported in a natural way. In this paper we demonstrate how an object-based approach using the mechanism of bracket capabilities can be used to enforce various kinds of access constraints including discretionary, mandatory and parameterised role-based access control. We give examples from a health information system incorporating secure patient access and secure access by appropriate medical and administrative personnel.
Mark Evered, "Supporting Parameterised Roles with Object-based Access Control", 2014 47th Hawaii International Conference on System Sciences, vol. 07, no. , pp. 204c, 2003, doi:10.1109/HICSS.2003.1174463
93 ms
(Ver 3.3 (11022016))