Situation, Team and Role based Access Control

Problem statement: An emergency system of sharing and exchanging user’s personal information is demanded in medical treatment and disaster situations. Approach: In such a system, personal information access control depending on user situations is greatly necessary. However, it is complicated to manage personal information access control directly, because the existing access control methods only support regular access control, not for an emergency case. Results: In this study, we propose a new access control model, called STRAC, which stands for Situation, Team and Role based Access Control. The STRAC enables access control of user personal information with consideration of context changes. Conclusion/Recommendations: In our proposed model, a concept of situations is introduced. Moreover, the proposed model is based on a concept of TMAC, which is an extension of a conventional RBAC model.

[1]  Anand R. Tripathi,et al.  Context-aware role-based access control in pervasive computing systems , 2008, SACMAT '08.

[2]  Elisa Bertino,et al.  TRBAC , 2001, ACM Trans. Inf. Syst. Secur..

[3]  Mustaque Ahamad,et al.  Generalized Role-Based Access Control for Securing Future Applications , 2000 .

[4]  Roshan K. Thomas,et al.  Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments , 1997, RBAC '97.

[5]  Tai-Myung Chung,et al.  Context-Role Based Access Control for Context-Aware Application , 2006, HPCC.

[6]  Kyoji Kawagoe,et al.  STRAC: Personal Information Access Control for Emergency Systems , 2010, 2010 6th World Congress on Services.

[7]  D. Richard Kuhn,et al.  Role-Based Access Control ( RBAC ) : Features and Motivations , 2014 .

[8]  Elisa Bertino,et al.  A generalized temporal role-based access control model , 2005, IEEE Transactions on Knowledge and Data Engineering.

[9]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[10]  Dov Dori,et al.  Situation-Based Access Control: Privacy management via modeling of patient data access scenarios , 2008, J. Biomed. Informatics.

[11]  Mustaque Ahamad,et al.  Generalized role-based access control , 2001, Proceedings 21st International Conference on Distributed Computing Systems.

[12]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[13]  Roshan K. Thomas,et al.  Flexible team-based access control using contexts , 2001, SACMAT '01.

[14]  David R. Kuhn,et al.  Role-Based Access Control (RBAC): Features and Motivations | NIST , 1995 .

[15]  Sérgio Shiguemi Furuie,et al.  A contextual role-based access control authorization model for electronic patient record , 2003, IEEE Transactions on Information Technology in Biomedicine.

[16]  Jim X. Chen,et al.  A model for team-based access control (TMAC 2004) , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[17]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.