Implications of loosened Role-based Access Control session control implementation for the enforcement of Dynamic Mutually Exclusive Roles properties on Health Information Systems

Role-based Access Control (RBAC) session control is used in the authorization vetting of controlled objects within the system to check if a user intended action is permitted by the associated roles that he/she possesses. The session control is also used to enforce Separation of Duty (SoD) via the Dy...

Descripción completa

Guardado en:
Detalles Bibliográficos
Autores principales: Marcelo Antonio de Carvalho Junior, Paulo Bandiera-Paiva
Formato: article
Lenguaje:EN
Publicado: Elsevier 2021
Materias:
Acceso en línea:https://doaj.org/article/7af0d38ed85544aaaf4f2332fe91981b
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
id oai:doaj.org-article:7af0d38ed85544aaaf4f2332fe91981b
record_format dspace
spelling oai:doaj.org-article:7af0d38ed85544aaaf4f2332fe91981b2021-11-04T04:32:59ZImplications of loosened Role-based Access Control session control implementation for the enforcement of Dynamic Mutually Exclusive Roles properties on Health Information Systems2352-914810.1016/j.imu.2021.100780https://doaj.org/article/7af0d38ed85544aaaf4f2332fe91981b2021-01-01T00:00:00Zhttp://www.sciencedirect.com/science/article/pii/S2352914821002513https://doaj.org/toc/2352-9148Role-based Access Control (RBAC) session control is used in the authorization vetting of controlled objects within the system to check if a user intended action is permitted by the associated roles that he/she possesses. The session control is also used to enforce Separation of Duty (SoD) via the Dynamic Mutually Exclusive Roles (DMER), limiting the roles that can be associated with a particular user during a session due to its conflicted permission nature. The RBAC requirements that dictate session controls functions preventing conflicted roles to be assigned to users can be poorly implemented because of possible interpretation of the RBAC standard. This loosened interpretation is here discussed by assessing RBAC function textual description and objectives and by formally stating the different interpretations using Z notation and Colored Petri Nets (CPN) to effectively demonstrate the resulting functionality and its reflexes on system use. Three different aspects of security properties are discussed comparing the interpretations and impacts on the RBAC functionality: a) the implications of user's authorization characterization on system's session, b) the actual DMER conflict detection capability, and c) possible collusion scenarios considering RBAC administrator capabilities. Two different interpretations of the RBAC session-control function are formally defined in full, to leverage investigation of its inner functionalities and expected behaviour on the system. The assessment of the functionalities is presented in order to highlight ambiguities that could lead to less secure implementations so as to provide for a more robust RBAC description that can cope with more rigid and predictable behaviour on Health Information Systems (HIS). Outcomes from poorly session-control implementation on a system include the inability to fulfil healthcare corporate security policy or even allowing illegal actions to take place due to the absence of expected restrictions and constraints imposed on user's interactions.Marcelo Antonio de Carvalho JuniorPaulo Bandiera-PaivaElsevierarticleAccess controlFormal descriptionSystem security assessmentComputer applications to medicine. Medical informaticsR858-859.7ENInformatics in Medicine Unlocked, Vol 27, Iss , Pp 100780- (2021)
institution DOAJ
collection DOAJ
language EN
topic Access control
Formal description
System security assessment
Computer applications to medicine. Medical informatics
R858-859.7
spellingShingle Access control
Formal description
System security assessment
Computer applications to medicine. Medical informatics
R858-859.7
Marcelo Antonio de Carvalho Junior
Paulo Bandiera-Paiva
Implications of loosened Role-based Access Control session control implementation for the enforcement of Dynamic Mutually Exclusive Roles properties on Health Information Systems
description Role-based Access Control (RBAC) session control is used in the authorization vetting of controlled objects within the system to check if a user intended action is permitted by the associated roles that he/she possesses. The session control is also used to enforce Separation of Duty (SoD) via the Dynamic Mutually Exclusive Roles (DMER), limiting the roles that can be associated with a particular user during a session due to its conflicted permission nature. The RBAC requirements that dictate session controls functions preventing conflicted roles to be assigned to users can be poorly implemented because of possible interpretation of the RBAC standard. This loosened interpretation is here discussed by assessing RBAC function textual description and objectives and by formally stating the different interpretations using Z notation and Colored Petri Nets (CPN) to effectively demonstrate the resulting functionality and its reflexes on system use. Three different aspects of security properties are discussed comparing the interpretations and impacts on the RBAC functionality: a) the implications of user's authorization characterization on system's session, b) the actual DMER conflict detection capability, and c) possible collusion scenarios considering RBAC administrator capabilities. Two different interpretations of the RBAC session-control function are formally defined in full, to leverage investigation of its inner functionalities and expected behaviour on the system. The assessment of the functionalities is presented in order to highlight ambiguities that could lead to less secure implementations so as to provide for a more robust RBAC description that can cope with more rigid and predictable behaviour on Health Information Systems (HIS). Outcomes from poorly session-control implementation on a system include the inability to fulfil healthcare corporate security policy or even allowing illegal actions to take place due to the absence of expected restrictions and constraints imposed on user's interactions.
format article
author Marcelo Antonio de Carvalho Junior
Paulo Bandiera-Paiva
author_facet Marcelo Antonio de Carvalho Junior
Paulo Bandiera-Paiva
author_sort Marcelo Antonio de Carvalho Junior
title Implications of loosened Role-based Access Control session control implementation for the enforcement of Dynamic Mutually Exclusive Roles properties on Health Information Systems
title_short Implications of loosened Role-based Access Control session control implementation for the enforcement of Dynamic Mutually Exclusive Roles properties on Health Information Systems
title_full Implications of loosened Role-based Access Control session control implementation for the enforcement of Dynamic Mutually Exclusive Roles properties on Health Information Systems
title_fullStr Implications of loosened Role-based Access Control session control implementation for the enforcement of Dynamic Mutually Exclusive Roles properties on Health Information Systems
title_full_unstemmed Implications of loosened Role-based Access Control session control implementation for the enforcement of Dynamic Mutually Exclusive Roles properties on Health Information Systems
title_sort implications of loosened role-based access control session control implementation for the enforcement of dynamic mutually exclusive roles properties on health information systems
publisher Elsevier
publishDate 2021
url https://doaj.org/article/7af0d38ed85544aaaf4f2332fe91981b
work_keys_str_mv AT marceloantoniodecarvalhojunior implicationsofloosenedrolebasedaccesscontrolsessioncontrolimplementationfortheenforcementofdynamicmutuallyexclusiverolespropertiesonhealthinformationsystems
AT paulobandierapaiva implicationsofloosenedrolebasedaccesscontrolsessioncontrolimplementationfortheenforcementofdynamicmutuallyexclusiverolespropertiesonhealthinformationsystems
_version_ 1718445282521251840