Sciweavers

WER
2007
Springer

Role-Based Access Control Requirements Model with Purpose Extension

14 years 6 months ago
Role-Based Access Control Requirements Model with Purpose Extension
Role-Based Access Control (RBAC) is increasingly used for ensuring security and privacy in complex organizations such as healthcare institutions. In RBAC, access permissions are granted to an individual based on her defined roles. Much work has been done on the specification of RBAC models for enforcing access control; however, in order to arrive at appropriate choices of access control for particular roles and individuals in an organization, we need models at the requirements level to support elicitation and analysis. Crook et al. [3] have provided a requirements level model for RBAC, defining access to an information asset based on role, responsibility, operation, and context. We extend the Crook model to include a purpose hierarchy in order to meet the needs of privacy requirements. Access to health records is used as the example domain.
Faranak Farzad, Eric Yu, Patrick C. K. Hung
Added 09 Jun 2010
Updated 09 Jun 2010
Type Conference
Year 2007
Where WER
Authors Faranak Farzad, Eric Yu, Patrick C. K. Hung
Comments (0)