A smartcard-based framework for delegation management in healthcare Access Control systems

摘要

A comprehensive access control system must provide a well-designed mechanism for delegation of access-control rights. In order to achieve a balance between security and flexibility, delegation of access privileges is necessary in one way or another for any kind of enterprise; for healthcare systems in particular, the ability to delegate access privileges is crucially important as it can directly impact the quality and timeliness of care and consequently saving a patient's life. Most of the existing access control models - for healthcare or otherwise - propose a delegation framework based on Role-based Access Control (RBAC). However, we argue that delegation should be treated in a discretionary manner, and hence a Discretionary Access Control or DAC-based approach would be more appropriate, as delegation is intuitively discretionary in nature - and many statutory healthcare regulations explicitly consider patients as the owner of their data. In this paper, we explain the design and implementation of a discretionary framework for managing delegation of access privileges in a healthcare scenario. The proposed framework is implemented using the eTRON cyber security architecture that is based on usage of public key infrastructure (PKI) and tamper-resistant devices like smartcards. Analysis of our proposed framework ascertains that it is secure against various attacks, and can be a robust delegation component of any standard access control system for healthcare.