Books and journals Case studies Expert Briefings Open Access
Advanced search

Search results

1 – 10 of 694
To view the access options for this content please click here
Article
Publication date: 14 June 2020

A Clark-Wilson and ANSI role-based access control model

Tamir Tsegaye and Stephen Flowerday

An electronic health record (EHR) enables clinicians to access and share patient information electronically and has the ultimate goal of improving the delivery of…

HTML
PDF (1006 KB)

Abstract

Purpose

An electronic health record (EHR) enables clinicians to access and share patient information electronically and has the ultimate goal of improving the delivery of healthcare. However, this can create security and privacy risks to patient information. This paper aims to present a model for securing the EHR based on role-based access control (RBAC), attribute-based access control (ABAC) and the Clark-Wilson model.

Design/methodology/approach

A systematic literature review was conducted which resulted in the collection of secondary data that was used as the content analysis sample. Using the MAXQDA software program, the secondary data was analysed quantitatively using content analysis, resulting in 2,856 tags, which informed the discussion. An expert review was conducted to evaluate the proposed model using an evaluation framework.

Findings

The study found that a combination of RBAC, ABAC and the Clark-Wilson model may be used to secure the EHR. While RBAC is applicable to healthcare, as roles are linked to an organisation’s structure, its lack of dynamic authorisation is addressed by ABAC. Additionally, key concepts of the Clark-Wilson model such as well-formed transactions, authentication, separation of duties and auditing can be used to secure the EHR.

Originality/value

Although previous studies have been based on a combination of RBAC and ABAC, this study also uses key concepts of the Clark-Wilson model for securing the EHR. Countries implementing the EHR can use the model proposed by this study to help secure the EHR while also providing EHR access in a medical emergency.

Details

Information & Computer Security, vol. 28 no. 3
Type: Research Article
DOI: https://doi.org/10.1108/ICS-08-2019-0100
ISSN: 2056-4961

Keywords

  • Access control
  • Role-based access control
  • Attribute-based access control
  • Clark-Wilson
  • Security
  • Privacy
  • Electronic health record

To view the access options for this content please click here
Article
Publication date: 1 December 2003

An XML‐based administration method on role‐based access control in the enterprise environment

Cungang Yang and Chang N. Zhang

Proposes an object‐oriented role‐based access control (ORBAC) model to efficiently represent the real world. Though ORBAC is a good model, administration of ORBAC…

HTML
PDF (525 KB)

Abstract

Proposes an object‐oriented role‐based access control (ORBAC) model to efficiently represent the real world. Though ORBAC is a good model, administration of ORBAC, including creating and maintaining an access control security policy, still remains a challenging problem. Presents a practical method that can be employed in an enterprise environment to manage security policies using eXtensible Markup Language (XML). Based on ORBAC security policy expressed in XML, a role assignment algorithm is presented. The computation complexity of the algorithms is O(N) where n is the number of position roles in a user’s assigned position role scope.

Details

Information Management & Computer Security, vol. 11 no. 5
Type: Research Article
DOI: https://doi.org/10.1108/09685220310500162
ISSN: 0968-5227

Keywords

  • Object‐oriented methods
  • Modelling
  • Extensible mark‐up language

To view the access options for this content please click here
Article
Publication date: 1 December 2002

Information flow analysis on role‐based access control model

Chang N. Zhang and Cungang Yang

Information flow analysis is a necessary step to determine the information security for a given system. In this paper, we introduce an object oriented role‐based access…

HTML
PDF (473 KB)

Abstract

Information flow analysis is a necessary step to determine the information security for a given system. In this paper, we introduce an object oriented role‐based access control model (ORBAC) and illustrate that the confinement problem may occur on the ORBAC based system. In order to deal with the problem, a technique called information flow analysis is proposed. Moreover, under the principle of mandatory access control (MAC) security policy, a role set assignment method is developed and proved to solve the confinement problem on ORBAC.

Details

Information Management & Computer Security, vol. 10 no. 5
Type: Research Article
DOI: https://doi.org/10.1108/09685220210446579
ISSN: 0968-5227

Keywords

  • Information systems
  • Access control
  • Security
  • Object‐oriented computing

To view the access options for this content please click here
Article
Publication date: 28 September 2012

Flexible access control framework for MARC records

Goran Sladić, Branko Milosavljević, Dušan Surla and Zora Konjović

The goal of this paper is to propose a data access control framework that is used for editing MARC‐based bibliographic databases. In cases where the bibliographic record…

HTML
PDF (754 KB)

Abstract

Purpose

The goal of this paper is to propose a data access control framework that is used for editing MARC‐based bibliographic databases. In cases where the bibliographic record editing activities carried out in libraries are complex and involve many people with different skills and expertise, a way of managing the workflow and data quality is needed. Enforcing access control can contribute to these goals.

Design/methodology/approach

The proposed solution for data access control enforcement is based on the well‐studied standard role‐based access control (RBAC) model. The bibliographic data, for the purpose of this system, is represented using the XML language. The software architecture of the access control system is modelled using the Unified Modelling Language (UML).

Findings

The access control framework presented in this paper represents a successful application of concepts of role‐based access control to bibliographic databases. The use of XML language for bibliographic data representation provides the means to integrate this solution into many different library information systems, facilitates data exchange and simplifies the software implementation because of the abundance of available XML tools. The solution presented is not dependent on any particular XML schema for bibliographic records and may be used in different library environments. Its flexibility stems from the fact that access control rules can be defined at different levels of granularity and for different XML schemas.

Research limitations/implications

This access control framework is designed to handle XML documents. Library systems that utilise bibliographic databases in other formats not easily convertible to XML would hardly integrate the framework into their environment.

Practical implications

The use of an access control enforcement framework in a bibliographic database can significantly improve the quality of data in organisations where record editing is performed by a large number of people with different skills. The examples of access control enforcement presented in this paper are extracted from the actual workflow for editing bibliographic records in the Belgrade City Library, the largest public city library in Serbia. The software implementation of the proposed framework and its integration in the BISIS library information system prove the practical usability of the framework. BISIS is currently deployed in over 40 university, public, and specialized libraries in Serbia.

Originality/value

A proposal for enforcing access control in bibliographic databases is given, and a software implementation and its integration in a library information system are presented. The proposed framework can be used in library information systems that use MARC‐based cataloguing.

Details

The Electronic Library, vol. 30 no. 5
Type: Research Article
DOI: https://doi.org/10.1108/02640471211275684
ISSN: 0264-0473

Keywords

  • Access control
  • Bibliographic databases
  • RBAC
  • XML
  • MARC
  • Bibliographic systems
  • Bibliographic standards

To view the access options for this content please click here
Article
Publication date: 1 July 2003

A framework for separation of duties in an SAP R/3 environment

Adam Little and Peter J. Best

The majority of medium‐to‐large international organizations have adopted enterprise resource planning systems (ERPs) of which SAP R/3 is the current market leader. This…

HTML
PDF (99 KB)

Abstract

The majority of medium‐to‐large international organizations have adopted enterprise resource planning systems (ERPs) of which SAP R/3 is the current market leader. This paper proposes a framework for the separation of duties in SAP R/3. Separation of duties is viewed as a critical component of an organization’s internal control structure aimed primarily at reducing opportunities for fraudulent activities. R/3 assigns profiles consisting of authorizations to users. Accordingly, R/3 facilitates the implementation of “role‐based access control”, where these profiles may be designed consistent with organizational roles and assigned to users performing these roles. This paper proposes a framework for adequate separation of duties using a role‐based approach in the financial accounting (FI) module of the R/3 system. Case studies were undertaken to refine the framework and to explore its application in a practical environment. This empirical research provided support for the adequacy of the proposed framework.

Details

Managerial Auditing Journal, vol. 18 no. 5
Type: Research Article
DOI: https://doi.org/10.1108/02686900310476882
ISSN: 0268-6902

Keywords

  • Enterprise resource planning
  • Financial accounting
  • Access control
  • Fraud
  • Security

To view the access options for this content please click here
Article
Publication date: 20 November 2009

Schema‐level access control policies for XML documents

Tomasz Müldner, Gregory Leighton and Jan Krzysztof Miziołek

The purpose of this paper is to consider the secure publishing of XML documents, where a single copy of an XML document is disseminated and a stated role‐based access…

HTML
PDF (755 KB)

Abstract

Purpose

The purpose of this paper is to consider the secure publishing of XML documents, where a single copy of an XML document is disseminated and a stated role‐based access control policy (RBACP) is enforced via selective encryption. It describes a more efficient solution over previously proposed approaches, in which both policy specification and key generation are performed once, at the schema‐level. In lieu of the commonly used super‐encryption technique, in which nodes residing in the intersection of multiple roles are encrypted with multiple keys, it describes a new approach called multi‐encryption that guarantees each node is encrypted at most once.

Design/methodology/approach

This paper describes two alternative algorithms for key generation and single‐pass algorithms for multi‐encrypting and decrypting a document. The solution typically results in a smaller number of keys being distributed to each user.

Findings

The paper proves the correctness of the presented algorithms, and provides experimental results indicating the superiority of multi‐encryption over super‐encryption, in terms of encryption and decryption time requirements. It also demonstrates the scalability of the approach as the size of the input document and complexity of the schema‐level RBACP are increased.

Research limitations/implications

An extension of this work involves designing and implementing re‐usability of keyrings when a schema or ACP is modified. In addition, more flexible solutions for handling cycles in schema graphs are possible. The current solution encounters difficulty when schema graphs are particularly deep and broad.

Practical implications

The experimental results indicate that the proposed approach is scalable, and is applicable to scenarios in which XML documents conforming to a common schema are to be securely published.

Originality/value

This paper contributes to the efficient implementation of secure XML publication systems.

Details

International Journal of Web Information Systems, vol. 5 no. 4
Type: Research Article
DOI: https://doi.org/10.1108/17440080911006216
ISSN: 1744-0084

Keywords

  • Data security
  • Extensible Markup Language

To view the access options for this content please click here
Article
Publication date: 1 August 2006

GridShib and PERMIS integration

D.W. Chadwick, A. Novikov and A. Otenko

The paper aims to describe the results of a recent GridShibPERMIS project whose purpose was to provide policy‐driven role‐based access control decision‐making to grid…

HTML
PDF (383 KB)

Abstract

Purpose

The paper aims to describe the results of a recent GridShibPERMIS project whose purpose was to provide policy‐driven role‐based access control decision‐making to grid jobs, in which the user's attributes are provided by an external Shibboleth Identity Provider (IdP).

Design/methodology/approach

This was achieved by integrating the identity‐federation and attribute‐assignment functions of Shibboleth and the policy‐based enforcement functions of PERMIS with the Grid job management functions of Globus Toolkit v4.

Findings

Combining the three technologies proved to be relatively easy due to the Policy Information Point (PIP) and Policy Decision Point (PDP) Java interfaces recently introduced into Globus Toolkit v4.

Practical implications

However, a number of limitations in the current Grid‐Shib implementation were revealed, namely: the lack of support for pseudonymous access to grid resources; scalability problems because only one issuer scope domain is supported and because name mappings have to be provided for each grid user; and the inability to collect a user's attributes from multiple IdPs for use in authorisation decision‐making.

Originality/value

This paper provides an overview of and describes the benefits of the three technologies (GT4, Shibboleth and PERMIS), shows how they may be combined to good effect via GT4's java interfaces, describes the limitations of the current GridShib implementation and suggests possible solutions and additional research that are needed in the future in order to address the current shortcomings.

Details

Campus-Wide Information Systems, vol. 23 no. 4
Type: Research Article
DOI: https://doi.org/10.1108/10650740610704153
ISSN: 1065-0741

Keywords

  • Decision making
  • Computer software
  • Control

To view the access options for this content please click here
Article
Publication date: 1 August 2001

A framework for access control in workflow systems

Reinhardt A. Botha and Jan H.P. Eloff

Workflow systems are often associated with business process re‐engineering (BPR). This paper argues that the functional access control requirements in workflow systems are…

HTML
PDF (567 KB)

Abstract

Workflow systems are often associated with business process re‐engineering (BPR). This paper argues that the functional access control requirements in workflow systems are rooted in the scope of a BPR project. A framework for access control in workflow systems is developed. The framework suggests that existing role‐based access control mechanisms can be used as a foundation in workflow systems. The framework separates the administration‐time and the run‐time aspects. Key areas that must be investigated to meet the functional requirements imposed by workflow systems on access control services are identified.

Details

Information Management & Computer Security, vol. 9 no. 3
Type: Research Article
DOI: https://doi.org/10.1108/09685220110394848
ISSN: 0968-5227

Keywords

  • Access control
  • BPR
  • Computer software

To view the access options for this content please click here
Article
Publication date: 17 October 2008

Modeling of RBAC‐based access control of virtual enterprise

Dejun Chen, Zude Zhou, Yingzhe Ma and D.T. Pham

The purpose of this paper is to create a model of role‐based access control (RBAC) based access control for virtual enterprise (VE).

HTML
PDF (77 KB)

Abstract

Purpose

The purpose of this paper is to create a model of role‐based access control (RBAC) based access control for virtual enterprise (VE).

Design/methodology/approach

An access control model for security and management of VE is presented by integrating generic structure of VE and applying the principles of RBAC. In addition, the application of the model to a supply chain‐oriented VE illustrates that a general access control scheme can ensure the running of VE.

Findings

A theory base of access control for the realization of the VE is found.

Originality/value

The paper presents a very useful new model of access control for VE. This paper is aimed at researchers and engineers.

Details

Kybernetes, vol. 37 no. 9/10
Type: Research Article
DOI: https://doi.org/10.1108/03684920810907517
ISSN: 0368-492X

Keywords

  • Control technology
  • Modelling
  • Virtual orgnizations

To view the access options for this content please click here
Article
Publication date: 10 June 2014

Towards a flexible framework to support a generalized extension of XACML for spatio-temporal RBAC model with reasoning ability

Tran Khanh Dang, Tuyen Thi Kim Le, Anh Tuan Dang and Ha Duc Son Van

The paper aims to propose a flexible framework to support X-STROWL model. Extensible access control markup language (XACML) is an international standard used for access…

HTML
PDF (350 KB)

Abstract

Purpose

The paper aims to propose a flexible framework to support X-STROWL model. Extensible access control markup language (XACML) is an international standard used for access control in distributed systems. However, XACML and its existing extensions are not sufficient to fulfill sophisticated security requirements (e.g. access control based on user’s roles, context-aware authorizations and the ability of reasoning). Remarkably, X-STROWL, a generalized extension of XACML for spatiotemporal role-based access control (RBAC) model with reasoning ability, is a comprehensive model that overcomes these shortcomings. It mainly focuses on the architecture design as well as the implementation and evaluation of proposed framework and the comparison with others.

Design/methodology/approach

Based on the concept of X-STROWL model, the paper reviewed a large amount of open sources implementing XACML with defined criteria and chose the most suitable framework to be extended for the implementation. The paper also presented a case study used to evaluate the research result.

Findings

Holistic enterprise-ready application security framework – architecture framework (HERAS-AF) is chosen as the most suitable framework to be extended to implement X-STROWL model. Extending HERAS-AF to support spatiotemporal aspect and other contextual conditions as well as the way to integrate security in the access request, together with ability of reasoning for hierarchical roles, are striking features that make the proposed framework able to meet more sophisticated security requirements in comparison with others.

Research limitations/implications

Due to the research content, the performance of proposed framework is not the focused issue of this work.

Originality/value

The proposed framework is a crucial contribution of our research to provide a holistic, extensible and intelligent authorization decision engine.

Details

International Journal of Web Information Systems, vol. 10 no. 2
Type: Research Article
DOI: https://doi.org/10.1108/IJWIS-12-2013-0037
ISSN: 1744-0084

Keywords

  • Access control model
  • GIS database
  • HERAS-AF
  • Security engineering
  • X-STROWL
  • XACML
  • Spatiotemporal data

Access
Only content I have access to
Only Open Access
Year
  • Last month (8)
  • Last 3 months (17)
  • Last 6 months (29)
  • Last 12 months (59)
  • All dates (694)
Content type
  • Article (548)
  • Book part (116)
  • Earlycite article (24)
  • Case study (6)
1 – 10 of 694
Emerald Publishing
  • Opens in new window
  • Opens in new window
  • Opens in new window
  • Opens in new window
© 2021 Emerald Publishing Limited

Services

  • Authors Opens in new window
  • Editors Opens in new window
  • Librarians Opens in new window
  • Researchers Opens in new window
  • Reviewers Opens in new window

About

  • About Emerald Opens in new window
  • Working for Emerald Opens in new window
  • Contact us Opens in new window
  • Publication sitemap

Policies and information

  • Privacy notice
  • Site policies
  • Modern Slavery Act Opens in new window
  • Chair of Trustees governance statement Opens in new window
  • COVID-19 policy Opens in new window
Manage cookies

We’re listening — tell us what you think

  • Something didn’t work…

    Report bugs here

  • All feedback is valuable

    Please share your general feedback

  • Member of Emerald Engage?

    You can join in the discussion by joining the community or logging in here.
    You can also find out more about Emerald Engage.

Join us on our journey

  • Platform update page

    Visit emeraldpublishing.com/platformupdate to discover the latest news and updates

  • Questions & More Information

    Answers to the most commonly asked questions here