AN APPROACH TO ENFORCE CONTEXT-AWARE ACCESS CONTROL TO PROCESS-BASED HEALTHCARE SYSTEMS BUILD ON A GRID INFRASTRUCTURE
Vassiliki Koufi, Flora Malamateniou, George Vassilacopoulos
2009
Abstract
Healthcare is an increasingly collaborative enterprise involving a broad range of healthcare services provided by a number of geographically distributed and organizationally disparate healthcare providers. Grid technology has emerged as an integration infrastructure for shared and coordinated use of diverse data resources residing in the healthcare settings of a health district. Moreover, healthcare processes can be formed as compositions of web services that use grid database services to provide integrated healthcare information thus improving healthcare quality. Further improvement can be achieved by means of Grid portal applications developed on a wireless and mobile infrastructure as they provide to ubiquitous and pervasive access to healthcare processes at the point of care. In such environments, the ability to provide an effective access control mechanism that meets the requirement of the least privilege principle is essential. Adherence to the least privilege principle requires continuous adjustments of user permissions in order to adapt to the current situation. This paper presents an access control architecture for HDGPortal, a Grid portal application which provides access to workflow-based healthcare processes using wireless Personal Digital Assistants. The proposed architecture utilizes the xoRBAC component, which provides a role-based access control service that enables the enforcement of fine-grained context-dependent access control policies via context constraints. In particular, xoRBAC is integrated in our process-oriented healthcare environment which is build on top of a Grid infrastructure and is accessible through HDGPortal. Thus, the risk of compromising information integrity during task executions is reduced.
References
- Koufi, V., Vassilacopoulos, G., 2008. HDGPortal: A Grid Portal Application for Pervasive Access to ProcessBased Healthcare Systems, In PervasiveHealth'08, 2nd International Conference in Pervasive Computing Technologies in Healthcare.
- Emmerich, W., Butchart, B., Chen, L., Wassermann, B., Price, S., 2006. Grid Service Orchestration Using the Business Process Execution Language (BPEL), Journal of Grid Computing (2006) 3: 283-304.
- Mendling, J, Strembeck, M, Stermsek, G, Neumann, G., 2004. An Approach to Extract RBAC Models for BPEL4WS Processes, Proceedings of the 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises.
- Thomas, J., Paci, F., Bertino, E., Eugster, P., 2007. User Tasks and Access Control over Web Services, Proceedings of the 15th IEEE International Conference on Web Services, 2007.
- Bertino, E., Crampton, J., Paci, F., 2006. Access Control and Authorization Constraints for WS-BPEL, Proceedings of the IEEE International Conference on Web Services, 2006.
- Adamski, M., Kulczewski, M., Kurowski, K., Nabrzyski, J., Hume, A., 2007. Security and Performance Enhancements to OGSA-DAI for Grid Data Virtualization, Concurrency and Computation.: Practice and Experience, 2007.
- Dou, W., Cheung, SC., Chen, G., Cai, S., 2005. Certificate-Driven Grid Workflow Paradigm Based on Service Computing, Lecture Notes in Computer Science (2005) 3795: 155-160.
- Power, D., Slaymaker, M., Politou, E., Simpson, A., 2005. A Secure Wrapper for OGSA-DAI, Lecture Notes in Computer Science (2005) 3470: 485-494.
- IBM Corporation. IBM Websphere Workflow - Getting Started with Buildtime V. 3.6, 2005.
- Java Authentication and Authorization Service, http://java.sun.com/javase/6/docs/technotes/guides/sec urity/jaas/JAASRefGuide.html.
- Neumann, G., Strembeck, M., 2001. Design and Implementation of a Flexible RBAC-Service in n Object-Oriented Scripting Language. Proceedings of CCS'01, November 5-8, 2001, Philadelphia, Pennsylvania, USA.
- Neumann, G., Strembeck, M., 2003. An Approach to Engineer and Enforce Context Constraints in an RBAC Environment, Proceedings of SACMAT'03, June 2-3, 2003, Como, Italy.
- Neumann, G., Strembeck, M., 2003. An Approach to Engineer and Enforce Context Constraints in an RBAC Environment, ACM Transactions on Information and System Security, Vol. 7, No. 3, August 2004, pp 392-427.
- Paci, F., Bertino, E., Crampton, J., 2008. An AccessControl Framework for WS-BPEL, International Journal of Web Services Research, Vol. 5, Issue 3, pp. 20-43.
- Fischer, K.P., Bleimann, U., Fuhrmann, W., Furnell, S.M., 2007, "Security policy enforcement in BPEL-defined collaborative business processes", Proceedings of the 1st International Workshop on Security Technologies for Next Generation Collaborative Business Applications (SECOBAP'07).
- Guth, S., Neumann, G., Strembeck, M., 2003. “Experiences with the Enforcement of Access Rights Extracted from ODRL-based Digital Contracts”. In DRM'03, 3rd ACM Workshop on Digital Rights Management.
Paper Citation
in Harvard Style
Koufi V., Malamateniou F. and Vassilacopoulos G. (2009). AN APPROACH TO ENFORCE CONTEXT-AWARE ACCESS CONTROL TO PROCESS-BASED HEALTHCARE SYSTEMS BUILD ON A GRID INFRASTRUCTURE . In Proceedings of the International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2009) ISBN 978-989-8111-63-0, pages 22-29. DOI: 10.5220/0001539900220029
in Bibtex Style
@conference{healthinf09,
author={Vassiliki Koufi and Flora Malamateniou and George Vassilacopoulos},
title={AN APPROACH TO ENFORCE CONTEXT-AWARE ACCESS CONTROL TO PROCESS-BASED HEALTHCARE SYSTEMS BUILD ON A GRID INFRASTRUCTURE},
booktitle={Proceedings of the International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2009)},
year={2009},
pages={22-29},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001539900220029},
isbn={978-989-8111-63-0},
}
in EndNote Style
TY - CONF
JO - Proceedings of the International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2009)
TI - AN APPROACH TO ENFORCE CONTEXT-AWARE ACCESS CONTROL TO PROCESS-BASED HEALTHCARE SYSTEMS BUILD ON A GRID INFRASTRUCTURE
SN - 978-989-8111-63-0
AU - Koufi V.
AU - Malamateniou F.
AU - Vassilacopoulos G.
PY - 2009
SP - 22
EP - 29
DO - 10.5220/0001539900220029