Dynamic Programming Approach in Conflict Resolution Algorithm of Access Control Module in Medical Information Systems
- 86 Downloads
Organization assets and resources are administered to be accessed by some members and not by others. The high sensitivity of assets (e.g. patients’ health record and sensitive medical devices) in medical centers, requires the managers to pay special attention to deploy reliable authorization models. A reliable authorization model must be able to resolve the contingent conflicts that can occur due to different authorization assignments to subjects (e.g. technicians). Resolving conflicts is quite a challenge due to the existence of sophisticated inheritance hierarchies that might cause an exponential number of conflicts (in terms of the number of subjects in the organization hierarchy) and the diversity of ways to combine resolution policies. The need to an approach that can handle as much contingent conflicts and resolution policies as possible and work in an appropriate time emerges here. An existing work has presented an exponential algorithm for resolving all conflicts in accordance to all existing policies. This paper develops a dynamic programming (DP) algorithm with a polynomial time complexity for the same conditions. The two approaches were compared by doing three different experiments with both algorithms and comparing the results. The experiments show that the average time decreased to 1/10 on small SDAGs with maximum number of edges. The improvement for large sparse SDAGs is more significant (3/1000). The average time of determining the authorization of a subject over 500 objects is just 52.56 s.
KeywordsMedical information system Health information system Conflict resolution Access control Authorization Security policies Conflict detection
We thank Dr. Amirhossein Chinaei for introducing the topic of the research and his valuable contribution on the review of the work in its early stages. We also thank Colgate University Faculty Research Council for financially supporting the work.
- 2.Xiao, Q., Wang, Z., Tan, K. L.: LORA: link obfuscation by randomization in graphs. In: VLDB Workshop, Seattle (2011)Google Scholar
- 3.Banerjee, M.K.R., Wu, L., Barker, K.: Quantifying privacy violations. In: VLDB Workshop, Seattle (2011)Google Scholar
- 4.Deng, M., Nalin, M., Petkovi, M., Baroni, I., Abitabile, M.: Towards trustworthy health platform cloud. In: 9th VLDB Workshop, Istanbul (2012)Google Scholar
- 9.Chinaei, A.H., Zhang, H.: Hybrid authorizations and conflict resolution. In: 3rd VLDB Workshop on Secure Data Management (SDM 2006), Seoul (2006)Google Scholar
- 11.Chinaei, A.H., Chinaei, H.R., Tompa, F.: A unified conflict resolution algorithm. In: 4th VLDB Workshop, SDM 2007, Vienna (2007)Google Scholar
- 12.Moses, T.: eXtensible access control markup language version 2.0. OASIS Standard (2005)Google Scholar
- 13.Zhang, H., Zhang, N., Salem, K., Zhuo, D.: Compact access control labeling for efficient secure XML Query evaluation. In: 2nd International Workshop on XML Schema and Data Management (2005)Google Scholar
- 14.Mignet, L., Barbosa, D., Veltri, P.: The XML web: a first study. In: WWW 2003 Proceedings of the 12th International Conference on World Wide Web (2003)Google Scholar
- 15.Koch, M., Mancini, L.V., Parisi-Presicce, F.: Conflict detection and resolution in access control specifications. In: 5th International Conference on Foundations of Software Science and Computation Structures (2002)Google Scholar
- 17.Yahiaoui, M., Zinedine, A., Harti, M.: Deconflicting policies in attribute-based access control systems. In: IEEE 5th International Congress on Information Science and Technology (CiSt), Marrakech (2018)Google Scholar
- 19.Axiomatics. https://www.axiomatics.com/. Accessed 15 June 2019