Development of a system framework for implementation of an enhanced role-based access control model to support collaborative processes

We previously developed an enhanced Role-Based Access Control (RBAC) model to support information access management in the context of team collaboration and workflow. We report in this paper a generic system framework to implement the enhanced RBAC with three functional layers: (1) encoding of access control policies; (2) interpretation of the encoded policies; and (3) application of policies to specific cases and scenarios for information access management. Based on this system framework, we have successfully applied the enhanced RBAC model to the New York State HIV Clinical Education Initiative (CEI) for coordination of clinical education programs. An evaluation has shown that the enhanced RBAC can be effectively used for information access management in collaborative processes. Future work includes extension of this system framework to support the continuous development of the enhanced RBAC and deployment of it to other domain applications for clinical education, biomedical research, and patient care.

[1]  Andrés Marín López,et al.  TrustAC: Trust-Based Access Control for Pervasive Devices , 2005, SPC.

[2]  C. Candler,et al.  MedEdPORTAL: educational scholarship for teaching. , 2008, The Journal of continuing education in the health professions.

[3]  Jean Bacon,et al.  A model of OASIS role-based access control and its support for active security , 2001, TSEC.

[4]  Indrakshi Ray,et al.  An aspect-based approach to modeling access control concerns , 2004, Inf. Softw. Technol..

[5]  Eiji Kamioka,et al.  Access Control for Security and Privacy in Ubiquitous Computing Environments , 2005, IEICE Trans. Commun..

[6]  Wonil Kim,et al.  uT-RBAC: Ubiquitous Role-Based Access Control Model , 2006, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[7]  Benjamin N. Grosof,et al.  Supporting Rule System Interoperability on the Semantic Web with SWRL , 2005, SEMWEB.

[8]  Philip W. L. Fong,et al.  Relationship-based access control policies and their policy languages , 2011, SACMAT '11.

[9]  D. Lindberg,et al.  Rising Expectations: Access to Biomedical Information , 2008, Yearbook of Medical Informatics.

[10]  Yen-Cheng Chen,et al.  ABACS: An Attribute-Based Access Control System for Emergency Services over Vehicular Ad Hoc Networks , 2011, IEEE Journal on Selected Areas in Communications.

[11]  Ernest Friedman Hill,et al.  Jess in Action: Java Rule-Based Systems , 2003 .

[12]  Joyce A. Mitchell,et al.  The BioMediator System as a Data Integration Tool to Answer Diverse Biologic Queries , 2004, MedInfo.

[13]  Sushil Jajodia,et al.  Access control for smarter healthcare using policy spaces , 2010, Comput. Secur..

[14]  Jochen Maas,et al.  An integrated early formulation strategy--from hit evaluation to preclinical candidate profiling. , 2007, European journal of pharmaceutics and biopharmaceutics : official journal of Arbeitsgemeinschaft fur Pharmazeutische Verfahrenstechnik e.V.

[15]  Butler W. Lampson,et al.  Dynamic protection structures , 1899, AFIPS '69 (Fall).

[16]  Savas Parastatidis,et al.  Task-Based Access Control for Virtual Organizations , 2004, FIDJI.

[17]  Roshan K. Thomas,et al.  Flexible team-based access control using contexts , 2001, SACMAT '01.

[18]  Amir Hannan,et al.  Providing patients online access to their primary care computerised medical records: a case study of sharing and caring. , 2010, Informatics in primary care.

[19]  Yong Se Kim,et al.  A Teaching Strategies Engine Using Translation from SWRL to Jess , 2006, Intelligent Tutoring Systems.

[20]  Elisa Bertino,et al.  An access control model supporting periodicity constraints and temporal reasoning , 1998, TODS.

[21]  Edward H. Shortliffe,et al.  Evaluation Methods in Biomedical Informatics , 2000 .

[22]  Nikolaos I. Spanoudakis,et al.  Engineering JADE Agents with the Gaia Methodology , 2002, Agent Technologies, Infrastructures, Tools, and Applications for E-Services.

[23]  Jaehong Park,et al.  The UCONABC usage control model , 2004, TSEC.

[24]  Chen-Tan Lin,et al.  Review Paper: The Effects of Promoting Patient Access to Medical Records: A Review , 2003, J. Am. Medical Informatics Assoc..

[25]  Ana Silva,et al.  Why facilitate patient access to medical records. , 2007, Studies in health technology and informatics.

[26]  Henrik Eriksson,et al.  Using JessTab to Integrate Protégé and Jess , 2003, IEEE Intell. Syst..

[27]  Marcela D. Rodríguez,et al.  Location-aware access to hospital information and services , 2004, IEEE Transactions on Information Technology in Biomedicine.

[28]  Jorge Lobo,et al.  Fine-grained integration of access control policies , 2011, Comput. Secur..

[29]  Le Xuan Hung,et al.  An enhancement of the Role-Based Access Control model to facilitate information access management in context of team collaboration and workflow , 2012, J. Biomed. Informatics.

[30]  Timothy W. Finin,et al.  SweetJess: Translating DAMLRuleML to JESS , 2002, RuleML.

[31]  Milan Petkovic,et al.  Emergency Access to Protected Health Records , 2009, MIE.

[32]  A Geissbuhler,et al.  Access to Health Information: a Key for Better Health in the Knowledge Society , 2008, Yearbook of Medical Informatics.

[33]  Rasool Jalili,et al.  GTHBAC: A Generalized Temporal History Based Access Control Model , 2010, Telecommun. Syst..

[34]  David W. McDonald,et al.  Asynchronous communication among clinical researchers: A study for systems design , 2005, Int. J. Medical Informatics.

[35]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[36]  K Postema,et al.  A review of salient elements defining team collaboration in paediatric rehabilitation , 2007, Clinical rehabilitation.

[37]  Jorge Lobo,et al.  Privacy-Aware Role-Based Access Control , 2007, IEEE Security & Privacy.

[38]  Elisa Bertino,et al.  Towards privacy preserving access control in the cloud , 2011, 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom).

[39]  Elisa Bertino,et al.  Supporting RBAC with XACML+OWL , 2009, SACMAT '09.

[40]  Mark J Halsted,et al.  Improving patient care: the use of a digital teaching file to enhance clinicians' access to the intellectual capital of interdepartmental conferences. , 2004, AJR. American journal of roentgenology.

[41]  M Nyssen,et al.  MedSkills: a Learning Environment for Evidence-based Medical Skills , 2010, Methods of Information in Medicine.

[42]  Jean Bacon,et al.  A model of OASIS role-based access control and its support for active security , 2002, ACM Trans. Inf. Syst. Secur..

[43]  Duminda Wijesekera,et al.  Status-Based Access Control , 2008, TSEC.

[44]  Elisa Bertino,et al.  Data security in location-aware applications: an approach based on RBAC , 2007, Int. J. Inf. Comput. Secur..

[45]  Patricia Paderewski,et al.  An architecture for access control management in collaborative enterprise systems based on organization models , 2007, Sci. Comput. Program..

[46]  Sérgio Shiguemi Furuie,et al.  A contextual role-based access control authorization model for electronic patient record , 2003, IEEE Transactions on Information Technology in Biomedicine.

[47]  Heejo Lee,et al.  Activity-oriented access control to ubiquitous hospital information and services , 2010, Inf. Sci..

[48]  Antoine Geissbühler,et al.  Comprehensive management of the access to the electronic patient record: Towards trans-institutional networks , 2007, Int. J. Medical Informatics.

[49]  Dov Dori,et al.  Situation-Based Access Control: Privacy management via modeling of patient data access scenarios , 2008, J. Biomed. Informatics.

[50]  Charles P. Friedman,et al.  Evaluation Methods in Biomedical Informatics (Health Informatics) , 2005 .

[51]  Raghuraj Rao,et al.  MetDAT: a modular and workflow-based free online pipeline for mass spectrometry data processing, analysis and interpretation , 2010, Bioinform..

[52]  Fan Hong,et al.  A Context-Aware Role-Based Access Control Model for Web Services , 2005, ICEBE.

[53]  William C. Regli,et al.  DAMLJessKB: A Tool for Reasoning with the Semantic Web , 2003, IEEE Intell. Syst..

[54]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[55]  Timon C. Du,et al.  Access control in collaborative commerce , 2007, Decis. Support Syst..

[56]  Elisa Bertino,et al.  TRBAC , 2001, ACM Trans. Inf. Syst. Secur..

[57]  Xinwen Zhang,et al.  xDAuth: a scalable and lightweight framework for cross domain access control and delegation , 2011, SACMAT '11.

[58]  Rakesh Bobba,et al.  Attribute-Based Messaging: Access Control and Confidentiality , 2010, TSEC.