A Case Study in Access Control Requirements for a Health Information System

We present a detailed examination of the access constraints for a small real-world Health Information System with the aim of achieving minimal access rights for each of the involved principals. We show that, even for such a relatively simple system, the resulting constraints are very complex and cannot be expressed easily or clearly using the static per-method access control lists generally supported by component-based software. We derive general requirements for the expressiveness of access constraints and propose criteria for a more suitable access control mechanism in the context of component-based systems. We describe a two-level mechanism which can fulfil these criteria.

[1]  Gerald Brose A View-Based Access Control Model for CORBA , 1999, Secure Internet Programming.

[2]  James Leslie Keedy,et al.  Software Engineering View of Files , 1982, Aust. Comput. J..

[3]  H SaltzerJerome Protection and the control of information sharing in multics , 1973 .

[4]  Luis-Felipe Cabrera,et al.  CACL: efficient fine-grained protection for objects , 1992, OOPSLA.

[5]  Barbara Liskov,et al.  A language extension for expressing constraints on data access , 1978, CACM.

[6]  Maurice V. Wilkes,et al.  The Cambridge CAP computer and its operating system (Operating and programming systems series) , 1979 .

[7]  Mark Evered,et al.  Software Reuse in an Object Oriented Framework: Distinguishing Types from Implementations and Objects from Attributes , 2000, ICSR.

[8]  Jerome H. Saltzer,et al.  Protection and control of information sharing in multics , 1973, SOSP '73.

[9]  Roy H. Campbell,et al.  The specification of process synchronization by path expressions , 1974, Symposium on Operating Systems.

[10]  Margaret H. Dunham,et al.  A taxonomy of views in OODBS , 1994, CSC '94.

[11]  Mark Evered,et al.  Flexible Enterprise Access Control with Object-oriented View Specification , 2003, ACSW.

[12]  Yi Deng,et al.  A framework for implementing role-based access control using CORBA security service , 1999, RBAC '99.

[13]  Mark Evered,et al.  Opsis: a distributed object architecture based on bracket capabilities , 2002 .

[14]  Konstantin Beznosov,et al.  Enterprise Security with EJB and CORBA , 2001 .

[15]  B. Blakley CORBA Security: An Introduction to Safe Computing with Objects , 1999 .

[16]  Mark Evered Bracket Capabilities for Distributed Systems Security , 2002, ACSC.

[17]  Jerome H. Saltzer,et al.  Protection and the control of information sharing in multics , 1974, CACM.

[18]  Gregor Kiczales,et al.  Aspect-oriented programming , 2001, ESEC/FSE-9.

[19]  Ehud Gudes,et al.  A Model of Methods Access Authorization in Object-oriented Databases , 1993, VLDB.

[20]  Roger M. Needham,et al.  The Cambridge CAP computer and its protection system , 1977, SOSP '77.