Journal of the Korea Academia-Industrial cooperation Society (한국산학기술학회논문지)

The Korea Academia-Industrial cooperation Society (한국산학기술학회)
권호 표지
DOI QR코드

DOI QR Code

Implementation of Role Based Access Control Model for U-healthcare

유비쿼터스 헬스케어를 위한 역할 기반 접근제어 모델의 구현

  • Lee, You-Ri (Managed Security Research Team, Electronics and Telecommunications Research Institute) ;
  • Park, Dong-Gue (Dept. of Information and Communication Engineering, SoonChunHyang University)
  • 이유리 (한국전자통신연구원 보안관제기술연구팀) ;
  • 박동규 (순천향대학교 정보통신공학과)
  • Published : 2009.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

When unapproved users access to healthcare system and use medical information for other malicious purposes, it could severely threaten important information related to patients' life, because in ubiquitous environment healthcare service makes patient's various examination results, medical records or most information of a patient into data. Therefore, to solve these problems, we design RBAC(Role Based Access Control) for U-healthcare that can access control with location, time and context-awareness information like status information of user and protect patient's privacy. With implementation of the proposed model, we verify effectiveness of the access control model for healthcare in ubiquitous environment.

유비쿼터스 환경에서의 헬스케어 서비스는 환자의 의무기록 뿐 아니라 각종 검사 자료 등 환자에 대한 대부분의 정보를 데이터화 하게 되므로 인가되지 않은 시용자가 의료 시스템에 접근하여 의료 데이터를 원래의 목적과 다른 목적으로 사용하게 된다면 환자의 생명과 관련된 중요한 정보에 큰 위협을 가져올 수 있다. 따라서 이러한 문제를 해결하기 위해서 사용자의 위치나 시간과 같은 상황정보에 따른 접근제어가 가능하고 사용자의 프라이버시 보호를 가능하게 하는 RBAC for U-healthcare 모델을 설계하고 이를 구현함으로써 유비쿼터스 환경에서의 헬스케어를 위한 접근제어 모델의 유효성을 검증한다.

Keywords

References

  1. R.L.Bashshur, T.G.Reardon, and G.W.Shannon, "Telemedicine : a New Health Care Delivery System" Ann. Rev. Public Health, vol. 21, 2000, pp.613-617. https://doi.org/10.1146/annurev.publhealth.21.1.613
  2. R.S.H. Istepanian, E.Jovanov, and Y.T.Zhang, "Guest Editorial Introduction to the Special Section on M-Health: Beyond Seamless Mobility and Global Wireless Health-Care Connectivity" IEEE Trans. Info. Tech. Biomed., vol.8, no. 4, 2004, pp. 405-414. https://doi.org/10.1109/TITB.2004.840019
  3. 이유리, 박동규, "유비쿼터스 원격 의료 시스템에서의 사용자 프라이버시를 고려한 접근제어 모델", 한국정보보호학회 동계학술대회, pp. 171-175, 2008.
  4. C.P.Pfleeger, "Security in Computing", second edition, Prentice-Hall Inte mational Inc., 1997.
  5. E.G.Amoroso "Fundamentals of Computer Security Technology", PTR Prentice Hall, pp. 253-257, 1994.
  6. Ravi Sandhu, David Ferraiolo, and Richard Kuhn, "The NIST model for role-based access control:Towards a unified standard." In Proceedings of 5th ACM Workshop on Role-Based Access Control, pp.47-63, July, 2000.
  7. Matthew J. Moyer, Mustaque Ahamad, "Generalized Role-based Access Control", In IEEE Conference on Distributed Computing Systems(ICDCS2001),pp.391-398, Mesa, Arizona, USA, April, 2001. https://doi.org/10.1109/ICDSC.2001.918969
  8. Gustaf Neumann, Mark Strembeck., "An Approach to Engineer and Enforce Context Constraints In an RBAC Environment", Symposium on Access Control Models and Technologies(SACMAT 2003), pp. 65-79, June, 2003.
  9. Devdatta Kulkarni, Anand Tripathi, "Context-aware Role Based Access Control in Pervasive Computing Systems", Proc. 13th ACM Symposium on Access Control Models and Technologies (SACMAT 2008), pp.113-122, June, 2008.
  10. Dong Gue Park, You ri Lee, "A Flexible Role Based Delegation Model Using Characteristics of Permissions", Proc. 16th International Conference, DEXA 2005, pp.310-323, August, 2005.
  11. David Ferraiolo, Ravi Sandhu, Serban Gavrila, Richard Kuhn, Ramaswamy Chandramouli, "Proposed NIST standard for role-based access control", ACM TISSEC Vol. 4, No.3, pp.224-274, August, 2001. https://doi.org/10.1145/501978.501980
  12. Qun Ni, Alberti Trombetta, "Privacy-aware Role Based Access Control", Symposium on Access Control Models and Technologies(SACMAT 2007), pp. 41-50, June, 2007.
  13. Qun Ni, Elisa Bertino, Jorge Lobo, "An Obligation Model Bridging Access Control Policies and Privacy Policies", Symposium on Access Control Models and Technologies(SACMAT 2008), pp. 133-142, June, 2008.