Abstract
Organization assets and resources are administered to be accessed by some members and not by others. The high sensitivity of assets (e.g. patients’ health record and sensitive medical devices) in medical centers, requires the managers to pay special attention to deploy reliable authorization models. A reliable authorization model must be able to resolve the contingent conflicts that can occur due to different authorization assignments to subjects (e.g. technicians). Resolving conflicts is quite a challenge due to the existence of sophisticated inheritance hierarchies that might cause an exponential number of conflicts (in terms of the number of subjects in the organization hierarchy) and the diversity of ways to combine resolution policies. The need to an approach that can handle as much contingent conflicts and resolution policies as possible and work in an appropriate time emerges here. An existing work has presented an exponential algorithm for resolving all conflicts in accordance to all existing policies. This paper develops a dynamic programming (DP) algorithm with a polynomial time complexity for the same conditions. The two approaches were compared by doing three different experiments with both algorithms and comparing the results. The experiments show that the average time decreased to 1/10 on small SDAGs with maximum number of edges. The improvement for large sparse SDAGs is more significant (3/1000). The average time of determining the authorization of a subject over 500 objects is just 52.56 s.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Smith, E., Eloff, J.: Security in health-care information systems—current trends. Int. J. Med. Inf. 54(1), 39–54 (1999)
Xiao, Q., Wang, Z., Tan, K. L.: LORA: link obfuscation by randomization in graphs. In: VLDB Workshop, Seattle (2011)
Banerjee, M.K.R., Wu, L., Barker, K.: Quantifying privacy violations. In: VLDB Workshop, Seattle (2011)
Deng, M., Nalin, M., Petkovi, M., Baroni, I., Abitabile, M.: Towards trustworthy health platform cloud. In: 9th VLDB Workshop, Istanbul (2012)
Westin, A.: Social and political dimensions of privacy. J. Soc. Issues 59(2), 431–453 (2003)
Leitner, M., Rinderle-Ma, S.: A systematic review on security in process-aware information systems – constitution, challenges, and future directions. Inf. Softw. Technol. 56(3), 273–293 (2014)
Jajodia, S., Samarati, P., Sapino, M.L.: Flexible support for multiple access control. ACM Trans. Database Syst. 26(2), 214–260 (2001)
Bertino, E., Jajodia, S., Samarati, P.: A flexible authorization for relational data management systems. ACM Trans. Inf. Syst. 17(2), 101–140 (1999)
Chinaei, A.H., Zhang, H.: Hybrid authorizations and conflict resolution. In: 3rd VLDB Workshop on Secure Data Management (SDM 2006), Seoul (2006)
Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Commun. ACM 19(8), 461–471 (1976)
Chinaei, A.H., Chinaei, H.R., Tompa, F.: A unified conflict resolution algorithm. In: 4th VLDB Workshop, SDM 2007, Vienna (2007)
Moses, T.: eXtensible access control markup language version 2.0. OASIS Standard (2005)
Zhang, H., Zhang, N., Salem, K., Zhuo, D.: Compact access control labeling for efficient secure XML Query evaluation. In: 2nd International Workshop on XML Schema and Data Management (2005)
Mignet, L., Barbosa, D., Veltri, P.: The XML web: a first study. In: WWW 2003 Proceedings of the 12th International Conference on World Wide Web (2003)
Koch, M., Mancini, L.V., Parisi-Presicce, F.: Conflict detection and resolution in access control specifications. In: 5th International Conference on Foundations of Software Science and Computation Structures (2002)
Calvillo, J., Roman, I., Roa, L.M.: Empowering citizens with access control mechanisms to their personal health resources. Int. J. Med. Inf. 82(1), 58–72 (2013)
Yahiaoui, M., Zinedine, A., Harti, M.: Deconflicting policies in attribute-based access control systems. In: IEEE 5th International Congress on Information Science and Technology (CiSt), Marrakech (2018)
Hu, V.C., Chandramouli, R., Ferraiolo, D.F.: Attribute-Based Access Control. Artech House Inc., Norwood (2003)
Axiomatics. https://www.axiomatics.com/. Accessed 15 June 2019
Shaikh, R.A., Adi, K., Logrippo, L.: A data classification method for inconsistency and incompleteness detection in access control policy sets. Int. J. Inf. Secur. 16(1), 91–113 (2017)
Habiba, M., Islam, R., Ali, A.B.M.S., Islam, Z.: A new approach to access control in cloud. Arab. J. Sci. Eng. 41(3), 1015–1030 (2016)
Luo, Y., Xia, C., Lv, L., Wei, Z., Li, Y.: Modeling, conflict detection, and verification of a new virtualization role-based access control framework. Secur. Commun. Netw. 8(10), 1904–1925 (2014)
Acknowledgment
We thank Dr. Amirhossein Chinaei for introducing the topic of the research and his valuable contribution on the review of the work in its early stages. We also thank Colgate University Faculty Research Council for financially supporting the work.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Samadian, H., Tuiyot, D., Valera, J. (2020). Dynamic Programming Approach in Conflict Resolution Algorithm of Access Control Module in Medical Information Systems. In: Arai, K., Kapoor, S., Bhatia, R. (eds) Advances in Information and Communication. FICC 2020. Advances in Intelligent Systems and Computing, vol 1129. Springer, Cham. https://doi.org/10.1007/978-3-030-39445-5_49
Download citation
DOI: https://doi.org/10.1007/978-3-030-39445-5_49
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-39444-8
Online ISBN: 978-3-030-39445-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)