Analyzing and developing role-based access control models

Role-based access control (RBAC) has become today's dominant access control model, and many of its theoretical and practical aspects are well understood. However, certain aspects of more advanced RBAC models, such as the relationship between permission usage and role activation and the interaction between inheritance and constraints, remain poorly understood. Moreover, the computational complexity of some important problems in RBAC remains unknown. In this thesis we consider these issues, develop new RBAC models and answer a number of these questions. We develop an extended RBAC model that proposes an alternative way to distinguish between activation and usage hierarchies. Our extended RBAC model has well-defined semantics, derived from a graph-based interpretation of RBAC state. Pervasive computing environments have created a requirement for access control systems in which authorization is dependent on spatio-temporal constraints. We develop a family of simple, expressive and flexible spatio-temporal RBAC models, and extend these models to include activation and usage hierarchies. Unlike existing work, our models address the interaction between spatio-temporal constraints and inheritance in RBAC, and are consistent and compatible with the ANSI RBAC standard. A number of interesting problems have been defined and studied in the context of RBAC recently. We explore some variations on the set cover problem and use these variations to establish the computational complexity of these problems. Most importantly, we prove that the minimal cover problem -- a generalization of the set cover problem -- is NP-hard. The minimal cover problem is then used to determine the complexity of the inter-domain role mapping problem and the user authorization query problem in RBAC. We also design a number of efficient heuristic algorithms to answer the minimal cover problem, and conduct experiments to evaluate the quality of these algorithms.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Are Rural and Urban Newly Licensed Nurses Different? A Longitudinal Study of a Nurse Residency Programme

Aim This study aimed to compare rural and urban nurse residency programme participants’ personal and job characteristics and perceptions of decision-making, job satisfaction, job stress, nursing performance and organisational commitment over time. Background Nurse residency programmes are an evolving strategy to foster transition to practice for new nurses. However, there are limited data available for programme outcomes particularly for rural nurses. Method A longitudinal design sampled 382 urban and 86 rural newly licensed hospital nurses during a 12-month nurse residency programme. Data were collected at the start of the programme, at 6 months and the end of the programme. Results At the end of the programme, rural nurses had significantly higher job satisfaction and lower job stress compared with urban nurses. Across all time-periods rural nurses had significantly lower levels of stress caused by the physical work environment and at the end of the programme had less stress related to staffing compared with urban nurses. Perceptions of their organisational commitment and competency to make decisions and perform role elements were similar. Conclusions Differences in these outcomes may be result from unique characteristics of rural vs. urban nursing practice that need further exploration. Implications for nursing management Providing a nurse residency programme in rural and urban hospitals can be a useful recruitment and retention strategy

Development and Psychometric Analysis of The Patient Perceptions of Patient-Empowering Nurse Behaviours Scale (PPPNBS)

Aim To (1) develop and psychometrically test the Patient Perceptions of Patient-Empowering Nurse Behaviours Scale, which measures patient perceptions of empowering nurse behaviours during hospitalization; and (2) refine to a shorter, more useful form, for measurement in clinical settings. Background Although patient empowerment has been promoted as a way to engage patients in chronic illness care, there is not a measure reported by patients as recipients of empowering nurse behaviours during hospitalization. Design Psychometric evaluation of construct and predictive validity, reliability and item reduction. Method Data gathered during hospitalization and six weeks postdischarge between April 2012 - August 2014 were used to determine the validity and reliability of the long and short-form Patient Perceptions of Patient-Empowering Nurse Behaviours Scale in a sample of 395 chronically ill medical and surgical adult patients. Results The long and short-form Patient Perceptions of Patient-Empowering Nurse Behaviours Scale demonstrated strong reliability and convergent validity with pre-discharge 13-item Patient Activation Measure scores. Both forms of the Patient Perceptions of Patient-Empowering Nurse Behaviours Scale predicted postdischarge 13-item Patient Activation Measure scores and the long-form predicted physical health status. Confirmatory factor analysis demonstrated improved model fit for the short-form instrument when compared with the long-form fit. The short-form Patient Perceptions of Patient-Empowering Nurse Behaviours Scale explained 98% of the variance of the long-form Patient Perceptions of Patient-Empowering Nurse Behaviours Scale. Conclusion The results provide evidence supporting reliability and validity of both forms. While the scales measure patient reports and not direct observation of empowering nurse behaviours, incorporating patients\u27 experiences as recipients of care is necessary to validate the contribution of nursing care to patients\u27 engagement in chronic illness management

Analyzing temporal role based access control models

Today, Role Based Access Control (RBAC) is the de facto model used for advanced access control, and is widely deployed in diverse enterprises of all sizes. Several extensions to the authorization as well as the administrative models for RBAC have been adopted in recent years. In this paper, we consider the temporal extension of RBAC (TRBAC), and develop safety analysis techniques for it. Safety analysis is essential for understanding the implications of security policies both at the stage of specification and modification. Towards this end, in this paper, we first define an administrative model for TRBAC. Our strategy for performing safety analysis is to appropriately decompose the TRBAC analysis problem into multiple subproblems similar to RBAC. Along with making the analysis simpler, this enables us to leverage and adapt existing analysis techniques developed for traditional RBAC. We have adapted and experimented with employing two state of the art analysis approaches developed for RBAC as well as tools developed for software testing. Our results show that our approach is both feasible and flexible

Authorization and access control of application data in Workflow systems

Workflow Management Systems (WfMSs) are used to support the modeling and coordinated execution of business processes within an organization or across organizational boundaries. Although some research efforts have addressed requirements for authorization and access control for workflow systems, little attention has been paid to the requirements as they apply to application data accessed or managed by WfMSs. In this paper, we discuss key access control requirements for application data in workflow applications using examples from the healthcare domain, introduce a classification of application data used in workflow systems by analyzing their sources, and then propose a comprehensive data authorization and access control mechanism for WfMSs. This involves four aspects: role, task, process instance-based user group, and data content. For implementation, a predicate-based access control method is used. We believe that the proposed model is applicable to workflow applications and WfMSs with diverse access control requirements

CrossFlow: Integrating Workflow Management and Electronic Commerce

The CrossFlow1 architecture provides support for cross-organisational workflow management in dynamically established virtual enterprises. The creation of a business relationship between a service provider organisation performing a service on behalf of a consumer organisation can be made dynamic when augmented by virtual market technology, the dynamic configuration of the contract enactment infrastructures, and the provision of fine grained service monitoring and control. Standard ways of describing services and contracts can be combined with matchmaking technology to create a virtual market for such service provision and consumption. A provider can then advertise its services in the market and consumers can search for a compatible business partner. This provides choice in selecting a partner and allows the deferment of the decision to a point in time where it can be made on the most up-to-date requirements of the consumer and service offers in the market. The penalty for deferred decision making is the time to set up the infrastructure in each organisation for the dynamically established contract. Thus, a further aspect of CrossFlow was to exploit the contract in the dynamic and automatic configuration of the contract enactment and supervision infrastructures of the respective organisations and in linking them in a dynamic fashion. The electronic contract, which results from the agreement between the newly established business partners, completely specifies the intended collaboration between them. Given the importance of the business process enacted by the provider, this includes fine-grained monitoring and control to allow tight co-operation between the organisations

Predictors of Engagement in Postpartum Weight Self-management Behaviours in the First 12 Weeks After Birth

Aim To explore factors that influence postpartum weight self-management behaviours. Transitions Theory and the Integrated Theory of Health Behaviour Change guided selection of variables. Transition conditions, level of patient activation and social facilitation were examined for association with postpartum weight self-management behaviours. Background Retention of pregnancy weight increases risk of overweight and obesity later in life. Little is known about what women do to self-manage return to pre-pregnant weight and how providers can influence their behaviours. Design Prospective, longitudinal, correlational. Methods Data collection occurred from March through October, 2013. One hundred and twenty-four women completed surveys during postpartum hospitalization; telephone interviews were completed by 91 women at 6 weeks and 66 women at 12 weeks. Standard and hierarchical multiple regression methods were used for analyses. Results Transition difficulty was negatively associated with patient activation and immediate postbirth patient activation was positively associated with eating behaviours at 6 weeks, eating behaviours at 12 weeks and physical activity at 12 weeks. Social support and social influence were not significant predictors in the regression models. Conclusion Patients experiencing a difficult postpartum transition have lower activation levels; those less activated are less probably to engage in weight self-management behaviours in the 12 weeks following their baby\u27s birth. Patient activation level should be considered in tailoring promotion of healthy postpartum weight management

CRiBAC: Community-centric role interaction based access control model

As one of the most efficient solutions to complex and large-scale problems, multi-agent cooperation has been in the limelight for the past few decades. Recently, many research projects have focused on context-aware cooperation to dynamically provide complex services. As cooperation in the multi-agent systems (MASs) becomes more common, guaranteeing the security of such cooperation takes on even greater importance. However, existing security models do not reflect the agents' unique features, including cooperation and context-awareness. In this paper, we propose a Community-based Role interaction-based Access Control model (CRiBAC) to allow secure cooperation in MASs. To do this, we refine and extend our preliminary RiBAC model, which was proposed earlier to support secure interactions among agents, by introducing a new concept of interaction permission, and then extend it to CRiBAC to support community-based cooperation among agents. We analyze potential problems related to interaction permissions and propose two approaches to address them. We also propose an administration model to facilitate administration of CRiBAC policies. Finally, we present the implementation of a prototype system based on a sample scenario to assess the proposed work and show its feasibility. © 2012 Elsevier Ltd. All rights reserved