| As an important technique of security, access control has found its way in operating system, database, network etc. Generally, access control includes Discretionary Access Control (DAC), Mandatory Access Control (MAC) and Role-Based Access Control (RBAC).This paper mainly focused on the RBAC model. Based on RBAC model, I proposed an improved one, named I-RBAC model. Adopting a flexible way of authorization including role authorization and user authorization, the I-RBAC model can avoid simple role authorization as used in traditional RBAC, and can effectively prevent role increasing dramatically due to individual users possessing special privileges. Further, the I-RBAC model improved the flexibility of the system because it can adjust user's permission dynamically. In the paper, I described the authorization in the form of policy, through the way of using logic to study it, and proposed the notion of static policy and dynamic policy. At the same time, I carried out role authorization through static policy, while implemented user authorization through dynamic policy. During the research, I found that in the static policy, conflicts did not exist, while in the process of authorization dynamically for users, conflicts may occur. Moreover, I researched the conflict types, and proposed two principles to avoid conflicts. Based on the two principles, I proposed an algorithm about conflict detection and avoidance.In the comprehensive hospital information system, due to confidentiality and sensitivity of the data in the electronic medical record (EMR), valid authorization and secure access control mechanisms must be carried out. As presented in the paper, the I-RBAC model has been put into practice in EMR system to standardize user's access control, which can satisfy the requirements of access control for EMR system. After verification, the application of the I-RBAC model can ensure the security of the patient's privacy data, and can adapt to the dynamic changes of application environment. |
PDF Full Text Request