Distributed Medical Environment Database Access control (DIMEDAC)
description
Transcript of Distributed Medical Environment Database Access control (DIMEDAC)
![Page 1: Distributed Medical Environment Database Access control (DIMEDAC)](https://reader036.fdocuments.in/reader036/viewer/2022062520/568161e3550346895dd1ff22/html5/thumbnails/1.jpg)
Distributed Medical Environment Database
Access control(DIMEDAC)
By
M. Gharib
H. Salemi
F. Khodadadi
In the name of God
![Page 2: Distributed Medical Environment Database Access control (DIMEDAC)](https://reader036.fdocuments.in/reader036/viewer/2022062520/568161e3550346895dd1ff22/html5/thumbnails/2.jpg)
2
OutLines
Introduction to DIMEDAC
DIMEDAC components
Determining user authorization
Algorithms◦Static
◦Dynamic
![Page 3: Distributed Medical Environment Database Access control (DIMEDAC)](https://reader036.fdocuments.in/reader036/viewer/2022062520/568161e3550346895dd1ff22/html5/thumbnails/3.jpg)
3
DIMEDAC The DIMEDAC security policy provides a
Role-based authorization mechanism for accessing data depending on the particular values of the user location.
Protection of the privacy of the patients in distributed medical databases.
![Page 4: Distributed Medical Environment Database Access control (DIMEDAC)](https://reader036.fdocuments.in/reader036/viewer/2022062520/568161e3550346895dd1ff22/html5/thumbnails/4.jpg)
4
DIMEDACIt combines the advantages of both the DAC
and MAC policies.
Protection of global objects from accessing by global subjects is achieved with the use of location control concept.
The access control mechanisms used in DIMEDAC are the hyper node hierarchies
![Page 5: Distributed Medical Environment Database Access control (DIMEDAC)](https://reader036.fdocuments.in/reader036/viewer/2022062520/568161e3550346895dd1ff22/html5/thumbnails/5.jpg)
5
Hyper Node HierarchiesA Hyper Node Hierarchy (HNH) is a
group of hyper nodes. Each hyper node is connected to another hyper node by a branch or a link.
A branch is used to connect a node with its ancestor in the above level.
Links are connections that are used between nodes of the same level.
![Page 6: Distributed Medical Environment Database Access control (DIMEDAC)](https://reader036.fdocuments.in/reader036/viewer/2022062520/568161e3550346895dd1ff22/html5/thumbnails/6.jpg)
6
Hyper Node Hierarchies…User Role Hierarchy (URH)
Data Set Hierarchy (DSH)
User Location Hierarchy (ULH)
![Page 7: Distributed Medical Environment Database Access control (DIMEDAC)](https://reader036.fdocuments.in/reader036/viewer/2022062520/568161e3550346895dd1ff22/html5/thumbnails/7.jpg)
7
![Page 8: Distributed Medical Environment Database Access control (DIMEDAC)](https://reader036.fdocuments.in/reader036/viewer/2022062520/568161e3550346895dd1ff22/html5/thumbnails/8.jpg)
8
Determining User Authorizations
Three Dimension Access-Matrix (3DAM)
![Page 9: Distributed Medical Environment Database Access control (DIMEDAC)](https://reader036.fdocuments.in/reader036/viewer/2022062520/568161e3550346895dd1ff22/html5/thumbnails/9.jpg)
9
AlgorithmsStatic algorithmDynamic algorithm
![Page 10: Distributed Medical Environment Database Access control (DIMEDAC)](https://reader036.fdocuments.in/reader036/viewer/2022062520/568161e3550346895dd1ff22/html5/thumbnails/10.jpg)
10
Static AlgorithmInsert {UR , UL , DS , ACCESS}
Step 1 : If the specific data set DS has descendants in the DSH, then for each one descendant a new entry is automatically inserted (if there isn’t one already) having the same UR, UL and AM.
Step 2 : If the specific user location UL has descendants in the ULH, then for each one descendant all the above entries are automatically inserted (if there isn’t one already) having the same UR, DS and AM.
Step 3 : If the specific user role UR has ancestors in the URH, then for each one ancestor all the above entries are automatically inserted (if there isn’t one already) having the same UL, DS and AM.
![Page 11: Distributed Medical Environment Database Access control (DIMEDAC)](https://reader036.fdocuments.in/reader036/viewer/2022062520/568161e3550346895dd1ff22/html5/thumbnails/11.jpg)
11
ExampleInsert : {D, C12111, HE, Select}
Step 1: {D, C12111, HEC, Select} {D, C12111, HEL, Select} {D, C12111, HEX, Select}
Step 2: {M, C12111, HE, Select} {M, C12111, HEC, Select} {M, C12111, HEL, Select} {M, C12111, HEX, Select}
Step 3: {D, S121111, HE, Select} {D, S121111, HEC, Select} {D, S121111, HEL, Select} {D, S121111, HEX, Select} {M, S121111, HE, Select} {M, S121111, HEC, Select} {M, S121111, HEL, Select} {M, S121111, HEX, Select} {D, S121112, HE, Select} {D, S121112, HEC, Select} {D, S121112, HEL, Select} {D, S121112, HEX, Select} {M, S121112, HE, Select} {M, S121112, HEC, Select} {M, S121112, HEL, Select} {M, S121112, HEX, Select}
![Page 12: Distributed Medical Environment Database Access control (DIMEDAC)](https://reader036.fdocuments.in/reader036/viewer/2022062520/568161e3550346895dd1ff22/html5/thumbnails/12.jpg)
12
Dynamic Algorithm Step 1: For every descendant UR' of the user role UR (including
the UR itself) a search for all relevant quadruples (having the same UR') in 3DAM is performed. If no quadruples are found then the access request is denied. If in the result set there is an entry {UR', UL', DS', AM'} where UL'=UL, DS'=DS and AM'=AM then the access request is permitted. Otherwise, for each quadruple found the following step is performed.
Step 2: For every ancestor UL'' of the user location UL' (including the UL' itself) of the quadruple found, a search for all relevant quadruples (having the same UR' and UL'') in 3DAM is performed. If no quadruples are found then the access request is denied. If in the result set there is an entry {UR', UL'', DS'', AM''} where DS''=DS and AM''=AM then the access request is permitted. Otherwise, for each quadruple found the following step is performed.
![Page 13: Distributed Medical Environment Database Access control (DIMEDAC)](https://reader036.fdocuments.in/reader036/viewer/2022062520/568161e3550346895dd1ff22/html5/thumbnails/13.jpg)
13
Dynamic Algorithm…Step 3: For every ancestor DS''' of the data set
DS'' (including the DS'' itself) of the quadruple found, a search for all relevant quadruples (having the same UR', UL'' and DS''') in 3DAM is performed. If no quadruples are found then the access request is denied. If in the result set there is an entry {UR', UL'', DS''', AM'''} where AM'''=AM then the access request is permitted. Otherwise, the access request is denied.
![Page 14: Distributed Medical Environment Database Access control (DIMEDAC)](https://reader036.fdocuments.in/reader036/viewer/2022062520/568161e3550346895dd1ff22/html5/thumbnails/14.jpg)
14
Request : { N, D2111 , HEX, Select }
![Page 15: Distributed Medical Environment Database Access control (DIMEDAC)](https://reader036.fdocuments.in/reader036/viewer/2022062520/568161e3550346895dd1ff22/html5/thumbnails/15.jpg)
15
![Page 16: Distributed Medical Environment Database Access control (DIMEDAC)](https://reader036.fdocuments.in/reader036/viewer/2022062520/568161e3550346895dd1ff22/html5/thumbnails/16.jpg)
16
Request : { {N|NO|NH|NT}, D2111 , HEX, Select }
![Page 17: Distributed Medical Environment Database Access control (DIMEDAC)](https://reader036.fdocuments.in/reader036/viewer/2022062520/568161e3550346895dd1ff22/html5/thumbnails/17.jpg)
17
![Page 18: Distributed Medical Environment Database Access control (DIMEDAC)](https://reader036.fdocuments.in/reader036/viewer/2022062520/568161e3550346895dd1ff22/html5/thumbnails/18.jpg)
18
Request : {{N|NO|NH|NT} , {D2111|H211} , HEX, Select }
![Page 19: Distributed Medical Environment Database Access control (DIMEDAC)](https://reader036.fdocuments.in/reader036/viewer/2022062520/568161e3550346895dd1ff22/html5/thumbnails/19.jpg)
19
![Page 20: Distributed Medical Environment Database Access control (DIMEDAC)](https://reader036.fdocuments.in/reader036/viewer/2022062520/568161e3550346895dd1ff22/html5/thumbnails/20.jpg)
20
Request : {{N|NO|NH|NT} , {D2111|H211} , {HEX|HE}, Select }
![Page 21: Distributed Medical Environment Database Access control (DIMEDAC)](https://reader036.fdocuments.in/reader036/viewer/2022062520/568161e3550346895dd1ff22/html5/thumbnails/21.jpg)
21
ReferencesMavridis, I., Pangalos, G., Khair, M. and Bozios, L.,
1999, Defining Access Control Mechanisms for Privacy Protection in Distributed Medical Databases, Proceedings of IFIP Working Conference on User Identification and Privacy Protection, Sweden.
Mavridis I. And Pangalos G., “Determining User Authorizations in Distributed Database Systems”, in Proceedings of the 8th Conference on Informatics, Volume 1, Nicosia, Cyprus, November 2001, ISBN 960-14-0459-7.
![Page 22: Distributed Medical Environment Database Access control (DIMEDAC)](https://reader036.fdocuments.in/reader036/viewer/2022062520/568161e3550346895dd1ff22/html5/thumbnails/22.jpg)
22
Thanks
?