Convergence Security Journal (융합보안논문지)

Korea convergence Security Association (한국융합보안학회)
권호 표지

Study on The RBAC Protocol of Medical Information System

의료정보시스템의 RBAC 프로토콜 연구

  • 임경숙 (송원대학교/간호학과) ;
  • 김점구 (남서울대학교/컴퓨터학과)
  • Received : 2016.11.24
  • Accepted : 2016.12.09
  • Published : 2016.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

In general RBAC(Role-Based-Access Control) model, senior role has junior role's permissions by virtue of role hierarchy. But although the opposite case is needed partially in medical institutions, such case cannot be performed in medical information systems. This is because inheritances of permissions in role hierarchies are static. In order to tackle this problem, this paper defined a dynamic role assignment, thereby proposed the way for the junior temporarily to be able to perform the permissions of the senior, and showed the applications of medical information systems.

일반적인 RBAC 모델에 존재하는 역할 간의 계층 관계에 의하여 상위 역할은 하위 역할의 권한을 수행 할 수 있지만 의료기관과 같은 경우 반대의 경우도 일부 필요하나 이 같은 경우가 의료정보시스템에서는 허가 되지 않는다. 본 논문에서는 이러한 문제를 해결하기 위하여 동적 역할 할당을 정의 하였으며, 이를 통하여 하위 역할이 일시적으로 상위 역할이 가지는 권한을 수행할 수 있는 방법을 제안하였고, 의료정보시스템에 적용 사례를 보였다.

Keywords

References

  1. E. C. Lupu, D. A. Marriott, M. S. Sloman, and N. Yialelis, "A Policy Based Role Framework for Access Control", First ACM/NIST Role Based Access Control Workshop, Dec, 1995
  2. Department of Defence(USA), Department of Defence Trusted Computer System Evaluation Criteria, DoD 5200-78-STD, DoD, 1985
  3. L. Giuri, "Role-Based Access Control in Java", 3rd ACM Role-Based Access Control Workshop, 1998.
  4. E. C. Lupu, M. S. Sloman, "A Policy Based Role Object Model", Proceeding of IEEE EDOC'97, Oct, 1997.
  5. N. Yialelis, M. S. Sloman, "A Security Framework Supporting Domain Based Access Control in Distributed Systems", ISOC Symposium on Network and Distributed System Security(SNDSS96), Feb 1996
  6. David F. Ferraiolo and Richard Kuhn, "Role-based access control," Proceedings of the 15th NIST-NSA National computer security conference, 1992
  7. Ravi S. sandhu, Edward J.Coyne, Hal L. Feinstein and Charles E. Youman, "Role_-Based Access Control Models," IEEE computer, Volume 29, number 2, Feb 1996
  8. David F. Ferraiolo, J. Cugini and Richard Kuhn, "Role-Based Access Control: Features and Motivations," National Institute of standards and technology, 1995
  9. J. Barkley, "RBAC in Health Care", 1995 http://hissa.ncsl.nist.gov/rbav/
  10. C. Goh, A. Baldwin, "Towards a more Complete Model of Role", 3rd ACM Role-Based Access Control Workshop, 1998.
  11. Min-Hoo Kim, "The Medical Information status and Legislation", Journal of Sungkyunkwan University Law, Vol. 17, No. 2, pp.110, 2006.12.
  12. Young-Ju Jeun, "The Medical Information and Privacy Protection", Journal of Korean Law Association, Vol. 23, pp.525, 2006.8.
  13. Young-Ju Jeun, "Legal Issues in The Medical Information", Chosun University Law, Vol. 14, No. 1, pp.126, 2007.
  14. Bu-Gyun Jeong, "Issues on The Patient's Information Protection", Journal of Korean Association of Medical Law, Vol. 9, No. 2, pp.355, 2008.
  15. Yong-Yeub Jeong, "A Styudy on Legal Protection, Inspection and Delivery of the Copies of Health & Medical Data", Journal of Korean Association of Medical Law, Vol. 13, No. 1, pp.373, 2012.
  16. Kyu-Won Jung, "Medical Professional's Rights and Duties Manage Medical Information", HanYang University Law, Vol. 28, No. 1, pp36, 2011.
  17. Bu-Gyun Jeong, "Issues on the Patient's Information Protection", Journal of Korean Association of Medical Law, Vol. 9, No. 2, pp.355, 2008.
  18. Yun-Cheal Backeong, "America of Privacy Protection and HIPPA", Journal of America constitutinal Law Association, Vol. 19, No.1, pp.85-94, 2008.