Abstract
The motivation for this work derives from a study undertaken with a view to providing ubiquitous access to Electronic Health Records (EHRs) held within the National Health Service in England. Any implementation must guarantee confidentiality. In October 1999 the Cambridge Computer Laboratory’s Opera group joined a consortium within the Eastern Regional Health Authority to propose an experimental architecture which included role-based access control (RBAC). Specifying a policy for role-based access has two aspects: first, the conditions for entering each role must be established; secondly, the access privileges associated with each role must be defined. Access control policy must implement public policy and its expression must be transparent to computer non-specialists. We have therefore designed and implemented a pseudo-natural language framework sufficient for both of these purposes. Policy statements are translated into first-order logic, with side conditions which are evaluated by consulting a context-dependent database, and subsequently into access control procedures.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bacon, J., Moody, K., Bates, J., Hayton, R., Ma, C., McNeil, A., Seidel, O., and Spiteri, M.: Generic Support for Asynchronous, Secure Distributed Applications. IEEE Computer Vol. 33(3) (March 2000) 68–76
Denley, I., and Weston Smith, S.: Privacy in clinical information systems in secondary care. British Medical Journal 318 (May 1999) 1328–1331
Fuchs, N.E., Schwertel, U., and Schwitter, R.: Attempto Controlled English-Not Just Another Logic Specification Language. Lecture Notes in Computer Science, Vol. 1559. Springer Verlag, Berlin, Heidelberg and New York.(1999) 1–20
Fuchs, N.E., Schwertel, U., and Torge, S.: Controlled Natural Language Can Replace First-Order Logic. Proceedings 14th IEEE International Conference on Automated Software Engineering, IEEE Computer Society Press, (1999) 295–298
Hayton, R., Bacon, J. and Moody, K.: OASIS: Access Control in an Open, Distributed Environment. Proceedings IEEE Symposium on Security and Privacy. IEEE CS Press, Los Alamitos, Calif. (1998) 3–14
Hine, J.H., Yao, W., Bacon, J. and Moody, K.: An Architecture for Distributed OASIS Services Proceedings Middleware 2000, Lecture Notes in Computer Science, Vol. 1795. Springer-Verlag, Berlin, Heidelberg and New York. (2000) 107–123.
Jones, A.J.I., and Sergot, M.J.: On the Characterisation of Law and Computer Systems:The Normative Systems Perspective In Deontic Logic in Computer Science: Normative System Specification Meyer, J.-J.Ch., and Wieringa, R.J.(eds), John Wiley and Sons (1993)
Kamp, H., and Reyle, U.: From Discourse to Logic: Introduction toModeltheoretic Semantics. In Natural Language, Formal Logic and Discourse Representation Theory, Vol.1 and 2, Kluwer (1993)
Lloyd, M.: Conversion of NHS Access Control Policy to Formal Logic. MPhil in Computer Speech and Language Processing, University of Cambridge, (2000)
Lupu, E. and Sloman, M.: Conflicts in Policy-Based Distributed Systems Management. IEEE Transactions on Software Engineering Vol. 25(6)-Special Issue on Inconsistency Management, (Nov/Dec 1999) 852–869
Ma, C., and Bacon, J.: COBEA: A CORBA-based Event Architecture. In Proceedings of the 4th Conference on Object-Oriented Technologies and Systems (COOTS-98), USENIX Association, Berkeley, (April 1998) 117–132
Simon, R. and Zurko, M.: Separation of duty in role-based environments. In Proceedings of the 10th IEEE Computer Security Foundations Workshop, Rockport, Mass., (June 1997) IEEE CS Press, Los Alamitos, Calif. 183–194.
UK Government White Paper, “The New NHS: Modern, Dependable”, December 1997 see http://www.doh.gov.uk/nnhsind.htm
UK Government White Paper, “Information for Health”, September 1998, see http://www.doh.gov.uk/nhsexipu/strategy/index.htm
UK Government White Paper, “The NHS Plan — A Plan for Investment, A Plan for Reform”, July 2000, see http://www.nhs.uk/nationalplan/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bacon, J., Lloyd, M., Moody, K. (2001). Translating Role-Based Access Control Policy within Context. In: Sloman, M., Lupu, E.C., Lobo, J. (eds) Policies for Distributed Systems and Networks. POLICY 2001. Lecture Notes in Computer Science, vol 1995. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44569-2_7
Download citation
DOI: https://doi.org/10.1007/3-540-44569-2_7
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41610-4
Online ISBN: 978-3-540-44569-2
eBook Packages: Springer Book Archive