Comparing and Integrating Break-the-Glass and Delegation in Role-based Access Control for Healthcare

Interdisciplinary Research Group in Socio-technical Cybersecurity

Comparing and Integrating Break-the-Glass and Delegation in Role-based Access Control for Healthcare

Ana Ferreira, Gabriele Lenzini
Abstract:
In healthcare security, Role-based Access Control (RBAC) should be flexible and include capabilities such as Break-the-Glass and Delegation. The former is useful in emergencies to overcome otherwise a denial of access, the latter to transfer rights temporarily, for example, to substitute doctors. Current research studies these policies separately, but it is unclear whether they are different and independent capabilities. Motivated to look into this matter, we present a formal characterization of Break-the-Glass and Delegation in the RBAC model and we inquire on how these two policies relate. After giving arguments in favour of keeping them apart as different policies, we propose an RBAC model that includes them.
Authors:
Ana Ferreira, Gabriele Lenzini
Publication date:
2016
Published in:
2nd International Conference on Information Systems Security and Privacy 2016
Reference:
Ferreira, A., & Lenzini, G. (2016). Comparing and Integrating Break-the-Glass and Delegation in Role-based Access Control for Healthcare. In ICISSP (pp. 63-73).

Get in touch with us

SnT – Interdisciplinary Centre for Security, Reliability and Trust
29, Avenue J.F Kennedy L-1855 Luxembourg
info-irisc-lab@uni.lu