A Flexible Access Control Model for Multimedia Medical Image Security

  • Sofia Tzelepi
  • George Pangalos
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2195)


Most of the work on multimedia medical images security until now has focused on cryptographic approaches. While valuable, cryptography is not enough to control access to images. Therefore additional protection approaches should be applied at a higher level. Rolebased access control (RBAC) is a good candidate to provide access control in a multimedia medical image DBMS. However, in a multimedia medical image DBMS, specifications of image access rights are often based on the semantic content of the images, the attributes of the user accessing the image, the relationship between the user and the patient whose images are to be accessed and the time. Unfortunately, RBAC cannot be used to handle the above requirements. In this paper we describe an extended RBAC model by using constraints in the specific ation of the Role-Permission relationship. The proposed access control model preserves the advantages of scaleable security administration that RBAC-style models offer and yet offers the flexibility to specify very fine-grained, flexible, content, context and time-based access control policies.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    R. B. Wolfang and E. J. Delp, “Overview of image security techniques with applications in multimedia systems”, SPIE Conf. on Multimedia Networks: Security, Displays, Terminals and Gateways, Vol. 3228, November 2–5, 1997, Dallas, Texas, pp:297–3308.Google Scholar
  2. 2.
    E. B. Fernandez and K. R. Nair, “An Abstract Authorization System for the Internet”, in Proc. of the 9th International Workshop on Database and Expert Systems Applic., 1998.Google Scholar
  3. 3.
    R. K. Thomas, “Team-based access control (TMAC): A primitive for applying role-based access controls in collaborative environments”, ACM RBAC‘97, 1997.Google Scholar
  4. 4.
    L. Giuri and P. Iglio, “Role templates for content-based access control”, in Proc. of the Second ACM RBAC Workshop, November 1997.Google Scholar
  5. 5.
    E. C. Lupu and M. Sloman, “Reconciling role-based management and role-based access control”, in Proc. of the Second ACM RBAC Workshop, November 1997.Google Scholar
  6. 6.
    S. T. C. Wong and H. K. Huang, “Design methods and architectural issues of integrated medical image data based systems”, Computerized Medical Imaging and Graphics, Vol 20, No 4, pp. 285–299, 1996.CrossRefGoogle Scholar
  7. 7.
    A. Tchounikine, “Creation and content-based retrieval in a radiological documentary record”, in Proc. of the 3rd Basque International Workshop on Information Technology, 1997.Google Scholar
  8. 8.
    R. Sandhu, E. J. Coynee, H. L. Feinsteinn, and C. E. Youman, “Role-based access control models”, IEEE Computer, 29(2), February, 1996.Google Scholar
  9. 9.
    Rational Software Corporation, Object Constraint Language Specification, Version 1.1, Available at, September 1997.

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Sofia Tzelepi
    • 1
  • George Pangalos
    • 1
  1. 1.Informatics Laboratory, Computers Division, General Department, Faculty of TechnologyAristotelian UniversityThessalonikiGreece

Personalised recommendations