By Topic

An access control model and its use in representing mental health application access policy

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Varadharajan, V. ; Univ. of Western Sydney, Kingswood, NSW, Australia ; Calvelli, C.

The paper considers an access control model and proposes extensions to it to deal with authentication and revocation. The model is then applied to represent access control policy in a mental health system. In the first part of the paper, extensions to the schematic protection model (SPM) are presented. The authentication and revocation extensions are independent of one another in the sense that each one affects a different part of the decision algorithm. The extensions comprise a modification of the syntax to be able to represent the new concepts and, more importantly, a modification of the decision algorithm for the safety problem to take these changes into account. We introduce the concept of conditional tickets and use it to provide authentication. Apart from this, we have found this concept to be useful in modeling systems. Hence we have separated this (syntactical) issue from the definition of the new algorithm. The second part considers the access policy for a mental health application. We have used the extensions of SPM to model part of this access policy. Even with our extensions, SPM still remains a monotonic model, where rights can be removed only in very special cases, and this makes it impossible to represent all the aspects of the problem. Other than to serve as an example for the extensions we propose, the paper also helps to separate aspects of this access control policy which are inherently monotonic from parts which are defined in a non-monotonic way, but can still be represented in a monotonic model

Published in:

Knowledge and Data Engineering, IEEE Transactions on  (Volume:8 ,  Issue: 1 )