Utilize este identificador para referenciar este registo: https://hdl.handle.net/10216/21676
Registo completo
Campo DCValorIdioma
dc.creatorFerreira, Ana
dc.creatorChadwick, David
dc.creatorZao, Gansen
dc.creatorFarinha, Pedro
dc.creatorCorreia, Ricardo
dc.creatorChilro, Rui
dc.creatorAntunes, Luís
dc.date.accessioned2023-05-23T23:13:17Z-
dc.date.available2023-05-23T23:13:17Z-
dc.date.issued2009
dc.identifier.othersigarra:47235
dc.identifier.urihttps://hdl.handle.net/10216/21676-
dc.description.abstractAccess control models describe frameworks that dictate how subjects (e.g. users) access resources. In the Role-Based Access Control (RBAC) model access to resources is based on the role the user holds within the organization. RBAC is a rigid model where access control decisions have only two output options: Grant or Deny. Break The Glass (BTG) policies on the other hand are flexible and allow users to break or override the access controls in a controlled and justifiable manner. The main objective of this paper is to integrate BTG within the NEST/ANSI RBAC model in a transparent and secure way so that it can be adopted generically in any domain where unanticipated or emergency situations may occur. The new proposed model, called BTG-RBAC, provides a third decision option BTG, which grants authorized users permission to break the glass rather than be denied access. This can easily be implemented in any application without major changes to either the application code or the RBAC authorization infrastructure, apart from the decision engine. Finally, in order to validate the model, we discuss how the BTG-RBAC model is being introduced within a Portuguese healthcare institution where the legislation requires that genetic information must be accessed by a restricted group of healthcare professionals. These professionals, advised by the ethical committee, have required and asked for the implementation of the BTG concept in order to comply with the said legislation.
dc.language.isoeng
dc.relation.ispartofProceedings - Annual Computer Security Applications Conference, ACSAC
dc.rightsopenAccess
dc.rights.urihttps://creativecommons.org/licenses/by-nc/4.0/
dc.subjectOutras ciências da engenharia e tecnologias
dc.subjectOther engineering and technologies
dc.titleHow to securely break into RBAC: the BTG-RBAC model
dc.typeArtigo em Livro de Atas de Conferência Internacional
dc.contributor.uportoFaculdade de Ciências da Nutrição e Alimentação
dc.contributor.uportoFaculdade de Ciências
dc.contributor.uportoFaculdade de Medicina
dc.identifier.doi10.1109/acsac.2009.12
dc.identifier.authenticusP-007-SJN
dc.subject.fosCiências da engenharia e tecnologias::Outras ciências da engenharia e tecnologias
dc.subject.fosEngineering and technology::Other engineering and technologies
Aparece nas coleções:FCNAUP - Artigo em Livro de Atas de Conferência Internacional
FCUP - Artigo em Livro de Atas de Conferência Internacional
FMUP - Artigo em Livro de Atas de Conferência Internacional

Ficheiros deste registo:
Ficheiro Descrição TamanhoFormato 
47235.pdf630 kBAdobe PDFThumbnail
Ver/Abrir


Este registo está protegido por Licença Creative Commons Creative Commons