ABSTRACT
In the health care sector, access to medical information is more and more electronically achieved. Therefore, it is very important to define security policies which restrict access to pieces of information in order to guarantee security properties like confidentiality or integrity properties. These security policies are not always free of conflicts, in particular in the presence of exceptional situations.This paper proposes tools for access control, based on the notion of roles, in the possibilistic logic framework. We first show how to formalize basic concepts of security policies. Then we present two approaches for dealing with conflicts based on a stratification of security policy's rules. Finally, an example of health care is presented.
- A. Abou El Kalam, R. El Baida, P. Balbiani, S. Benferhat, F. Cuppens, Y. Deswarte, A. Miège, C. Saurel, and G. Trouessin. Organization based access control. In Policy '03, 2003.Google ScholarCross Ref
- S. Benferhat. Handling Hard Rules and Default Rules in Possibilistic Logic. In IPMU '94, pages 302--310, 1994. Google ScholarDigital Library
- S. Benferhat, C. Cayrol, D. Dubois, J. Lang, and H. Prade. Inconsistency management and prioritized syntax-based entailment. In IJCAI '93, pages 640--645, 1993.Google Scholar
- S. Benferhat, D. Dubois, and H. Prade. Nonmonotonic reasoning, conditional objects and possibility theory. Artificial Intelligence Journal, 1997. Google ScholarDigital Library
- S. Benferhat, S. Dubois, andH. Prade. Representing default rules in possibilistic logic. In KR '92 , pages 673--684, Cambridge, MA, 1992.Google Scholar
- S. Benferhat, S. Kaci, D. Le Berre, and M. Williams. Weakening Conflicting Information for Iterated Revision and Knowledge Integration. In IJCAI '01, pages 109--118, 2001. Google ScholarDigital Library
- E. Bertino, S. Jajodia, and P. Samarati. Supporting Multiple Access Control Policies in Database Systems. In IEEE Symposium on Security and Privacy, Oakland, USA, 1996. Google ScholarDigital Library
- S. Coste-Marquis and P. Marquis. Compiling Stratified Belief Bases. In ECAI2000 , Berlin, 2000.Google Scholar
- A. Darwiche and P. Marquis. Compilation of propositional weighted bases. In NMR '2002, Toulouse, France, 2002.Google Scholar
- G. Dinolt, L. Benzinger, and M. Yatabe. Combining Components and Policies. In Proc. of the Computer Security Foundations Workshop VII, Franconia, USA, 1994.Google ScholarCross Ref
- D. Dubois, J. Lang, and H. Prade. Possibilistic logic. In Handbook of Logic in Artifical Intelligence and Logic Programming , volume 3, pages 439--513. Oxford University Press, 1994. Google ScholarDigital Library
- C. K. Georgiadis, I. Mavridis, G. Pangalos, and R. K. Thomas. Flexible Team-Based Access Control Using Contexts. In SACMAT '01, 2001. Google ScholarDigital Library
- J. Lang. Possibilistic logic:complexity and algorithms . In Algorithms for Uncertainty and Defeasible Reasoning, Rds:Kohlas, Jrg et Moral, Serafin, Eds: Kluwer Academic Publishers , Dordrecht, The Netherlands , V. 5 , Handbook of Defeasible Reasoning and Uncertainty Management Systems (Gabbay D., Smets P. Eds.), pages 179--220, 2001.Google Scholar
- D. Lehmann and M. Magidor. What does a conditional knowledge base entail. In Artificial Intelligence , 1992. Google ScholarDigital Library
- J. D. Moffett and M. S. Sloman. Policy Conflict analysis in Distributed Systems Management. Journal of Organizational Computing, 1994.Google Scholar
- J. Pearl. System Z:A natural ordering of defaults with tractable applications to default reasoning. In TARK '90, 1990. Google ScholarDigital Library
- N. Rescher and R. Manor. On inference from inconsistent premises. In Theory and Decision 1, 1970.Google Scholar
- R. Sandhu. Role-Based Access Control. In Academic Press, editor, Advances in Computers , volume 46, 1998.Google Scholar
- M. Wilikens, S. Feriti, and M. Masera. A context-related authorization access control method based on RBAC :a case study from the healthcare domain. In Sacmat '02 , 2002. Google ScholarDigital Library
Index Terms
- A stratification-based approach for handling conflicts in access control
Recommendations
An ontology-based approach to improve access policy administration of attribute-based access control
Attribute-based access control (ABAC) needs a large number of policies to function by using attributes of visitors, resources, environmental conditions, etc. Efficient policy administration is vital for implementation of ABAC models. In this paper, an ...
Building access control policy model for privacy preserving and testing policy conflicting problems
This paper proposes a purpose-based access control model in distributed computing environment for privacy preserving policies and mechanisms, and describes algorithms for policy conflicting problems. The mechanism enforces access policy to data ...
A propositional policy algebra for access control
Security-sensitive environments protect their information resources against unauthorized use by enforcing access control mechanisms driven by access control policies. Due to the need to compare, contrast, and compose such protected information resources,...
Comments