Dynamic Programming Approach in Conflict Resolution Algorithm of Access Control Module in Medical Information Systems

  • Hiva SamadianEmail author
  • Desmond Tuiyot
  • Juan Valera
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 1129)


Organization assets and resources are administered to be accessed by some members and not by others. The high sensitivity of assets (e.g. patients’ health record and sensitive medical devices) in medical centers, requires the managers to pay special attention to deploy reliable authorization models. A reliable authorization model must be able to resolve the contingent conflicts that can occur due to different authorization assignments to subjects (e.g. technicians). Resolving conflicts is quite a challenge due to the existence of sophisticated inheritance hierarchies that might cause an exponential number of conflicts (in terms of the number of subjects in the organization hierarchy) and the diversity of ways to combine resolution policies. The need to an approach that can handle as much contingent conflicts and resolution policies as possible and work in an appropriate time emerges here. An existing work has presented an exponential algorithm for resolving all conflicts in accordance to all existing policies. This paper develops a dynamic programming (DP) algorithm with a polynomial time complexity for the same conditions. The two approaches were compared by doing three different experiments with both algorithms and comparing the results. The experiments show that the average time decreased to 1/10 on small SDAGs with maximum number of edges. The improvement for large sparse SDAGs is more significant (3/1000). The average time of determining the authorization of a subject over 500 objects is just 52.56 s.


Medical information system Health information system Conflict resolution Access control Authorization Security policies Conflict detection 



We thank Dr. Amirhossein Chinaei for introducing the topic of the research and his valuable contribution on the review of the work in its early stages. We also thank Colgate University Faculty Research Council for financially supporting the work.


  1. 1.
    Smith, E., Eloff, J.: Security in health-care information systems—current trends. Int. J. Med. Inf. 54(1), 39–54 (1999)CrossRefGoogle Scholar
  2. 2.
    Xiao, Q., Wang, Z., Tan, K. L.: LORA: link obfuscation by randomization in graphs. In: VLDB Workshop, Seattle (2011)Google Scholar
  3. 3.
    Banerjee, M.K.R., Wu, L., Barker, K.: Quantifying privacy violations. In: VLDB Workshop, Seattle (2011)Google Scholar
  4. 4.
    Deng, M., Nalin, M., Petkovi, M., Baroni, I., Abitabile, M.: Towards trustworthy health platform cloud. In: 9th VLDB Workshop, Istanbul (2012)Google Scholar
  5. 5.
    Westin, A.: Social and political dimensions of privacy. J. Soc. Issues 59(2), 431–453 (2003)CrossRefGoogle Scholar
  6. 6.
    Leitner, M., Rinderle-Ma, S.: A systematic review on security in process-aware information systems – constitution, challenges, and future directions. Inf. Softw. Technol. 56(3), 273–293 (2014)CrossRefGoogle Scholar
  7. 7.
    Jajodia, S., Samarati, P., Sapino, M.L.: Flexible support for multiple access control. ACM Trans. Database Syst. 26(2), 214–260 (2001)CrossRefGoogle Scholar
  8. 8.
    Bertino, E., Jajodia, S., Samarati, P.: A flexible authorization for relational data management systems. ACM Trans. Inf. Syst. 17(2), 101–140 (1999)CrossRefGoogle Scholar
  9. 9.
    Chinaei, A.H., Zhang, H.: Hybrid authorizations and conflict resolution. In: 3rd VLDB Workshop on Secure Data Management (SDM 2006), Seoul (2006)Google Scholar
  10. 10.
    Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Commun. ACM 19(8), 461–471 (1976)CrossRefGoogle Scholar
  11. 11.
    Chinaei, A.H., Chinaei, H.R., Tompa, F.: A unified conflict resolution algorithm. In: 4th VLDB Workshop, SDM 2007, Vienna (2007)Google Scholar
  12. 12.
    Moses, T.: eXtensible access control markup language version 2.0. OASIS Standard (2005)Google Scholar
  13. 13.
    Zhang, H., Zhang, N., Salem, K., Zhuo, D.: Compact access control labeling for efficient secure XML Query evaluation. In: 2nd International Workshop on XML Schema and Data Management (2005)Google Scholar
  14. 14.
    Mignet, L., Barbosa, D., Veltri, P.: The XML web: a first study. In: WWW 2003 Proceedings of the 12th International Conference on World Wide Web (2003)Google Scholar
  15. 15.
    Koch, M., Mancini, L.V., Parisi-Presicce, F.: Conflict detection and resolution in access control specifications. In: 5th International Conference on Foundations of Software Science and Computation Structures (2002)Google Scholar
  16. 16.
    Calvillo, J., Roman, I., Roa, L.M.: Empowering citizens with access control mechanisms to their personal health resources. Int. J. Med. Inf. 82(1), 58–72 (2013)CrossRefGoogle Scholar
  17. 17.
    Yahiaoui, M., Zinedine, A., Harti, M.: Deconflicting policies in attribute-based access control systems. In: IEEE 5th International Congress on Information Science and Technology (CiSt), Marrakech (2018)Google Scholar
  18. 18.
    Hu, V.C., Chandramouli, R., Ferraiolo, D.F.: Attribute-Based Access Control. Artech House Inc., Norwood (2003)zbMATHGoogle Scholar
  19. 19.
    Axiomatics. Accessed 15 June 2019
  20. 20.
    Shaikh, R.A., Adi, K., Logrippo, L.: A data classification method for inconsistency and incompleteness detection in access control policy sets. Int. J. Inf. Secur. 16(1), 91–113 (2017)CrossRefGoogle Scholar
  21. 21.
    Habiba, M., Islam, R., Ali, A.B.M.S., Islam, Z.: A new approach to access control in cloud. Arab. J. Sci. Eng. 41(3), 1015–1030 (2016)CrossRefGoogle Scholar
  22. 22.
    Luo, Y., Xia, C., Lv, L., Wei, Z., Li, Y.: Modeling, conflict detection, and verification of a new virtualization role-based access control framework. Secur. Commun. Netw. 8(10), 1904–1925 (2014)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Colgate UniversityHamiltonUSA
  2. 2.Ana G Mendez UniversityGuraboUSA

Personalised recommendations