this year. Regretfully, I didn’t attend but I have been pouring through the proceedings. As I promised months ago, this post highlights some of the more interesting points for those of us doing access control technologies for software systems.
Some folks from Teesside University and Tees Health outlined their Teesside Confidentiality Model (TCM) at the ACM’s Eighth Symposium on Access Control Models and Technologies (SACMAT) held in Como, Italy. TCM is more or less an extension of Role Based Access Control (RBAC) that allows these setups to do some Identity Based Access Control.
This solves several issues that had come up in when we deployed RBAC to hospitals. There are a variety of confidentiality issues that crop up in hospitals due to the US Health Insurance Portability and Accountability Act (HIPAA) requirements, state laws on privacy and civil liability concerns. Who has access to what is a big concern. The TCM seems to provide a framework for solving these various concerns.
Of course, what looks good on paper can be killer to implement and what solves your data structure issues might not be something employees can administer. My real concerns are that their solution might fail at a large facility. One of the things I’ve relearned in the past two years is how complexity increases logarithmically with size in RBAC. Everything looks good until you start putting hundreds of tables with millions of records into production. I wouldn’t even think of running their system the way that they’ve got it: I just don’t think that it would be fast enough. Because of the increase in wireless systems (and ubiquitous computing in general) within healthcare systems, they will already have high latencies. The backend will probably have to make up for this by being overly responsive so that requests aren’t queuing up at it.
Still, the Teesside Confidentiality Model was the most interesting thing for me in the proceedings. The other papers were all fascinating in their own way, but maybe I’m getting jaded.
Of course, maybe I am simply moving away from this as a career. Still, I recommend taking a look at TCM.
Image credit: GPN-2000-000354 Analog Computing Machine in Fuel Systems Building Lewis Flight Propulsion Lab. NASA image. Public domain.