Programming a view-based active access-control system for healthcare environments

Abstract

Modern healthcare information systems need active security mechanisms that are capable of controlling access to medical data, according to the current need-to-know requirements of users. An access-control model that fits the above requirements is the already known C-TMAC (Context-based Team Access Control) model, which incorporates active security features and provides tight and just-in-time management of user permissions. In this paper, an implementation approach of an access control system that is based on the C-TMAC model is proposed. To further enforce fine-grained access control, we adopt view-based protection that permits the use of flexible granularities to define the objects to be protected. For this purpose, a simple case in a healthcare environment is assumed and a detailed description of setting up the corresponding access rules in a view-based fashion is presented. An implementation paradigm of the access control process that takes place on the presence of a user request is demonstrated.