Fine-granularity access control in 3-tier laboratory information systems

9th International Database Engineering & Application Symposium (IDEAS'05) Pub Date : 2005-07-25 DOI:10.1109/IDEAS.2005.30

Xue-Ping Li, Nomair A. Naeem, Bettina Kemme

{"title":"Fine-granularity access control in 3-tier laboratory information systems","authors":"Xue-Ping Li, Nomair A. Naeem, Bettina Kemme","doi":"10.1109/IDEAS.2005.30","DOIUrl":null,"url":null,"abstract":"Laboratory information systems (LIMS) are used in life science research to manage complex experiments. Since LIMS systems are often shared by different research groups, powerful access control is needed to allow different access rights to different records of the same table. Traditional access control models that define a permission as the right of a user/role to perform a specific operation on a specific object cannot handle the enormous amount of objects and user/roles. In this paper, we propose an enhancement to role-based access control by introducing conditions that can be added to the traditional concept of permissions in order to keep the number of permissions small. Furthermore, we present an implementation of our access control model at the application programming level. Although access control is performed for every single database access, our solution completely separates access control from the application logic by using aspect-oriented programming. With this, access control can be integrated into a legacy 3-tier information system without changing the application programs.","PeriodicalId":357591,"journal":{"name":"9th International Database Engineering & Application Symposium (IDEAS'05)","volume":"51 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-07-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"9th International Database Engineering & Application Symposium (IDEAS'05)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IDEAS.2005.30","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 15

Abstract

Laboratory information systems (LIMS) are used in life science research to manage complex experiments. Since LIMS systems are often shared by different research groups, powerful access control is needed to allow different access rights to different records of the same table. Traditional access control models that define a permission as the right of a user/role to perform a specific operation on a specific object cannot handle the enormous amount of objects and user/roles. In this paper, we propose an enhancement to role-based access control by introducing conditions that can be added to the traditional concept of permissions in order to keep the number of permissions small. Furthermore, we present an implementation of our access control model at the application programming level. Although access control is performed for every single database access, our solution completely separates access control from the application logic by using aspect-oriented programming. With this, access control can be integrated into a legacy 3-tier information system without changing the application programs.

查看原文本刊更多论文

三层实验室信息系统的细粒度访问控制

实验室信息系统(LIMS)在生命科学研究中用于管理复杂的实验。由于LIMS系统通常由不同的研究小组共享，因此需要强大的访问控制，以允许对同一表的不同记录具有不同的访问权限。传统的访问控制模型将权限定义为用户/角色对特定对象执行特定操作的权限，无法处理海量的对象和用户/角色。在本文中，我们提出了一种基于角色的访问控制的增强方法，通过在传统的权限概念中添加一些条件，以保持权限的数量较少。此外，我们提出了在应用程序编程级别实现我们的访问控制模型。尽管对每个数据库访问都执行访问控制，但我们的解决方案通过使用面向方面的编程将访问控制与应用程序逻辑完全分离。这样，访问控制就可以集成到传统的三层信息系统中，而无需更改应用程序。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

9th International Database Engineering & Application Symposium (IDEAS'05)

自引率

0.00%

发文量