A flexible access control model for multimedia medical image security

Abstract

Most of the work on multimedia medical images security until now has focused on cryptographic approaches. While valuable, cry ptography is not enough to control access to images. Therefore additional protection approaches should be applied at a higher level. Role-based access control (RBAC) is a good candidate to provide access control in a multimedia medical image DBMS. However, in a multimedia medical image DBMS, specifications of image access rights are often based on the semantic content of the images, the attributes of the user accessing the image, the relationship between the user and the patient whose images are to be accessed and the time. Unfortunately, RBAC cannot be used to handle the above requirements. In this paper we describe an extended RBAC model by using constraints in the specific ation of the Role-Permission relationship. The proposed access control model preserves the advantages of scaleable security administration that RBAC-style models offer and yet offers the flexibility to specify very fine-grained, flexible, content, context and time-based access control policies.