Abstract
Objective: This article describes unwanted existing role based access-control (RBAC) standard functions over Health Information Systems (HIS) for overall accountability purposes and highlights potential information security policy violation. Methods: RBAC standard study and functions mapping to use-case scenarios is used. Results: Administrative RBAC Core commands are redesign to cope with the need of continuous accountability from HIS users’. Actual function issues, proposed adaptation and inner RBAC reflexes are discussed.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
INCITS 359-2012 Information Technology - Role Based Access Control. ANSI 2012. http://webstore.ansi.org/
ISO 21298:2017 - Health informatics – Functional and structural roles. International Organization for Standardization (2017)
ISO 21091:2013 - Health informatics – Directory services for healthcare providers, subjects of care and other entities. International Organization for Standardization (2017)
Carvalho, M.: Bonds to the subject. In: Proceedings - International Carnahan Conference on Security Technology, Medelin, pp. 1–10 (2014). https://ieeexplore.ieee.org/document/6922035/
Rajkumar, P.V., Sandhu, R.: POSTER: security enhanced administrative role based access control models. Comput. Netw. 112, 1802–1804 (2016). https://doi.org/10.1016/j.comnet.2016.11.007
Baracaldo, N., Joshi, J.: Beyond accountability: using obligations to reduce risk exposure and deter insider attacks. In: Proceedings of the 18th ACM Symposium Access Control Models and Technologies - SACMAT 2013, p. 213 (2013). https://dl.acm.org/citation.cfm?id=2462411\. http://www.scopus.com/inward/record.url?eid=2-s2.0-84883108231&partnerID=tZOtx3y1
Wainer, J., Kumar, A.: A fine-grained, controllable, user-to-user delegation method in RBAC. In: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies, p. 66 (2005). http://portal.acm.org/citation.cfm?id=1063991
Rabin, A., Gudes, E.: Secure protocol of ABAC certificates revocation and delegation. In: Foundations and Practice of Security, FPS 2017. Lecture Notes in Computer Science, vol. 10723 (2017)
Azkia, H., Cuppens-Boulahia, N., Cuppens, F., Coatrieux, G., Oulmakhzoune, S.: Deployment of a posteriori access control using IHE ATNA. Int. J. Inf. Secur. 14(5), 471–483 (2015)
de Carvalho Junior, M.A., Bandiera-Paiva, P.: Acces-control authorization model for health information system (HIS) in Brazil. J. Health Inform. 10(3), 79–82 (2018)
de Carvalho Junior, M.A., Bandiera-Paiva, P.: Evaluating ISO 14441 privacy requirements on role based access control (RBAC) restrict mode via colored petri nets (CPN) modeling. In: Proceedings - International Carnahan Conference on Security Technology (2017)
Acknowledgments
We thank CAPES and its partnership with Sao Paulo Federal University (Unifesp) sponsorship for this project.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
de Carvalho Junior, M.A., Bandiera-Paiva, P. (2019). Unwanted RBAC Functions Over Health Information System (HIS). In: Rocha, Á., Ferrás, C., Paredes, M. (eds) Information Technology and Systems. ICITS 2019. Advances in Intelligent Systems and Computing, vol 918. Springer, Cham. https://doi.org/10.1007/978-3-030-11890-7_67
Download citation
DOI: https://doi.org/10.1007/978-3-030-11890-7_67
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-11889-1
Online ISBN: 978-3-030-11890-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)