1 / 22

Distributed Medical Environment Database Access control (DIMEDAC)

In the name of God. Distributed Medical Environment Database Access control (DIMEDAC). By M. Gharib H. Salemi F. Khodadadi. Introduction to DIMEDAC DIMEDAC components Determining user authorization Algorithms Static Dynamic. Out Lines.

annot
Download Presentation

Distributed Medical Environment Database Access control (DIMEDAC)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. In the name of God Distributed Medical Environment Database Access control(DIMEDAC) By M. Gharib H. Salemi F. Khodadadi

  2. Introduction to DIMEDAC • DIMEDAC components • Determining user authorization • Algorithms • Static • Dynamic OutLines

  3. The DIMEDAC security policy provides a Role-based authorization mechanism for accessing data depending on the particular values of the user location. • Protection of the privacy of the patients in distributed medical databases. DIMEDAC

  4. It combines the advantages of both the DAC and MACpolicies. • Protection of global objects from accessing by global subjects is achieved with the use of location control concept. • The access control mechanisms used in DIMEDAC are the hyper node hierarchies DIMEDAC

  5. A Hyper Node Hierarchy (HNH) is a group of hyper nodes. Each hyper node is connected to another hyper node by a branch or a link. • A branch is used to connect a node with its ancestor in the above level. • Links are connections that are used between nodes of the same level. Hyper Node Hierarchies

  6. User Role Hierarchy (URH) • Data Set Hierarchy (DSH) • User Location Hierarchy (ULH) Hyper Node Hierarchies…

  7. Determining UserAuthorizations Three Dimension Access-Matrix (3DAM)

  8. Static algorithm • Dynamic algorithm Algorithms

  9. Insert {UR , UL , DS , ACCESS} • Step 1 : If the specific data set DS has descendants in the DSH, then for each one descendant a new entry is automatically inserted (if there isn’t one already) having the same UR, UL and AM. • Step 2 :If the specific user location UL has descendants in the ULH, then for each one descendant all the above entries are automatically inserted (if there isn’t one already) having the same UR, DS and AM. • Step 3 : If the specific user role UR has ancestors in the URH, then for each one ancestor all the above entries are automatically inserted (if there isn’t one already) having the same UL, DS and AM. Static Algorithm

  10. Insert : {D, C12111, HE, Select} Step 3: {D, S121111, HE, Select} {D, S121111, HEC, Select} {D, S121111, HEL, Select} {D, S121111, HEX, Select} {M, S121111, HE, Select} {M, S121111, HEC, Select} {M, S121111, HEL, Select} {M, S121111, HEX, Select} {D, S121112, HE, Select} {D, S121112, HEC, Select} {D, S121112, HEL, Select} {D, S121112, HEX, Select} {M, S121112, HE, Select} {M, S121112, HEC, Select} {M, S121112, HEL, Select} {M, S121112, HEX, Select} Step 1: {D, C12111, HEC, Select} {D, C12111, HEL, Select} {D, C12111, HEX, Select} Step 2: {M, C12111, HE, Select} {M, C12111, HEC, Select} {M, C12111, HEL, Select} {M, C12111, HEX, Select} Example

  11. Step 1: For every descendant UR' of the user role UR (including the UR itself) a search for all relevant quadruples (having the same UR') in 3DAM is performed. If no quadruples are found then the access request is denied. If in the result set there is an entry {UR', UL', DS', AM'} where UL'=UL, DS'=DS and AM'=AM then the access request is permitted. Otherwise, for each quadruple found the following step is performed. • Step 2: For every ancestor UL'' of the user location UL' (including the UL' itself) of the quadruple found, a search for all relevant quadruples (having the same UR' and UL'') in 3DAM is performed. If no quadruples are found then the access request is denied. If in the result set there is an entry {UR', UL'', DS'', AM''} where DS''=DS and AM''=AM then the access request is permitted. Otherwise, for each quadruple found the following step is performed. Dynamic Algorithm

  12. Step 3: For every ancestor DS''' of the data set DS'' (including the DS'' itself) of the quadruple found, a search for all relevant quadruples (having the same UR', UL'' and DS''') in 3DAM is performed. If no quadruples are found then the access request is denied. If in the result set there is an entry {UR', UL'', DS''', AM'''} where AM'''=AM then the access request is permitted. Otherwise, the access request is denied. Dynamic Algorithm…

  13. Request : { N, D2111 , HEX, Select }

  14. Request : { {N|NO|NH|NT}, D2111 , HEX, Select }

  15. Request : {{N|NO|NH|NT} , {D2111|H211} , HEX, Select }

  16. Request : {{N|NO|NH|NT} , {D2111|H211} , {HEX|HE}, Select }

  17. Mavridis, I., Pangalos, G., Khair, M. and Bozios, L., 1999, Defining Access Control Mechanisms for Privacy Protection in Distributed Medical Databases, Proceedings of IFIP Working Conference on User Identification and Privacy Protection, Sweden. • Mavridis I. And Pangalos G., “Determining User Authorizations in Distributed Database Systems”, in Proceedings of the 8th Conference on Informatics, Volume 1, Nicosia, Cyprus, November 2001, ISBN 960-14-0459-7. References

  18. Thanks ?

More Related