In many health care information systems medical images are an important part of the multimedia medical patient record. Most of the work on multimedia medical images security until now has focused on cryptographic approaches. While valuable, cryptography is not enough to control access to medical images. Therefore additional protection approaches should be applied at a higher level. Role-based access control (RBAC) is a good candidate to provide access control in a multimedia medical image database system. Roles accurately describe which types of people need to access to certain types of objects. However, in a multimedia medical image database system, specifications of image access rights are often content and context-dependent as well as time-dependent. Unfortunately, RBAC cannot be used to handle the above requirements. In this paper we describe an extended role-based access control model by considering, in the specification of the Role-Permission relationship phase, the constraints which must be satisfied in order for the holders of the permission to use those permissions. The use of constraints allows role-based access control to be tailored to specify very fine-grained, flexible, content, context and time-based access control policies. The proposed access control model preserves the advantages of scaleable security administration that RBAC-style models offer and yet offers the flexibility to specify complex access restrictions based on the semantic content of the images, the attributes of the user accessing the image, the relationship between the user and the patient whose images are to be accessed and the time. The description of an access control algorithm and a system architecture for a secure medical image DBMS are also presented.
[1]
H K Huang,et al.
Design methods and architectural issues of integrated medical image data base systems.
,
1996,
Computerized medical imaging and graphics : the official journal of the Computerized Medical Imaging Society.
[2]
Ravi S. Sandhu,et al.
Role-Based Access Control Models
,
1996,
Computer.
[3]
A. Tchounikine.
Creation and content-based retrieval in a radiological documentary record
,
1997,
Proceedings of the Third Basque International Workshop on Information Technology - BIWIT'97 - Data Management Systems.
[4]
Pietro Iglio,et al.
Role templates for content-based access control
,
1997,
RBAC '97.
[5]
Roshan K. Thomas,et al.
Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments
,
1997,
RBAC '97.
[6]
Eduardo B. Fernández,et al.
An abstract authorization system for the Internet
,
1998,
Proceedings Ninth International Workshop on Database and Expert Systems Applications (Cat. No.98EX130).
[7]
Emil C. Lupu,et al.
Reconciling role based management and role based access control
,
1997,
RBAC '97.
[8]
Edward J. Delp,et al.
Overview of image security techniques with applications in multimedia systems
,
1998,
Other Conferences.