Extending Attribute Based Access Control to Facilitate Trust in eHealth and Other Applications

Jim Longstaff

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

We describe a new model for Attribute Based Access Control (ABAC) which handles negative permissions and overrides in a single permissions processing mechanism. The model lends itself to the generation of explanations and permissions review, which can be used to foster end-user trust and confidence in the authorization system. We illustrate using a scenario in which a patient, with the assistance of an information specialist, develops consent directives for her medical records while receiving explanations and demonstrations. The model extends the approaches of ABAC and parameterized Role Based Access Control (RBAC) in that users, operations, and protected objects have properties, which we call classifiers. The simplest form of classifier is an attribute, as defined for ABAC; additional information is also handled by classifiers. Classifier values themselves are hierarchically-structured. A permission consists of a set of classifier values, and permissions review/determining an individual's risk exposure is carried out by database querying. The model has general applicability to areas where tightly-controlled sharing of data and applications, with well-defined overrides, is required.

Original languageEnglish
Title of host publicationCyber Security and Privacy - Trust in the Digital World and Cyber Security and Privacy EU Forum 2013, Revised Selected Papers
PublisherSpringer Verlag
Pages127-137
Number of pages11
ISBN (Print)9783642412042
DOIs
Publication statusPublished - 1 Jan 2013
EventTrust in the Digital World and Cyber Security and Privacy EU Forum, CSP EU Forum 2013 - Brussels, Belgium
Duration: 18 Apr 201319 Apr 2013

Publication series

NameCommunications in Computer and Information Science
Volume182 CCIS
ISSN (Print)1865-0929

Conference

ConferenceTrust in the Digital World and Cyber Security and Privacy EU Forum, CSP EU Forum 2013
Country/TerritoryBelgium
CityBrussels
Period18/04/1319/04/13

Fingerprint

Dive into the research topics of 'Extending Attribute Based Access Control to Facilitate Trust in eHealth and Other Applications'. Together they form a unique fingerprint.

Cite this