Role-Based Access Control Requirements Model with Purpose Extension

Faranak FarzadEric YuPatrick C. K. Hung

Role-Based Access Control (RBAC) is increasingly used for ensuring security and privacy in complex organizations such as healthcare institutions. In RBAC, access permissions are granted to an individual based on her defined roles. Much work has been done on the specification of RBAC models for enforcing access control; however, in order to arrive at appropriate choices of access control for particular roles and individuals in an organization, we need models at the requirements level to support elicitation and analysis. Crook et al. [3] have provided a requirements level model for RBAC, defining access to an information asset based on role, responsibility, operation, and context. We extend the Crook model to include a purpose hierarchy in order to meet the needs of privacy requirements. Access to health records is used as the example domain.

Caso o link acima esteja inválido, faça uma busca pelo texto completo na Web: Buscar na Web

Biblioteca Digital Brasileira de Computação - Contato:
     Mantida por: