EMPIRICAL EVALUATION OF ROLE-BASED ACCESS CONTROL AND BELL- LA PADULA CONFIDENTIALITY SECURITY MODELS

Abstract

Medical records are well known to contain vital, sensitive and treasurable information about patients and it is therefore important to guard them against any form of unpermitted or unauthorized access. The motive behind this paper is to benchmark Role Based Access Control (RBAC) and Bell-la Padula security models in a medical domain. Attempt was made to implement these models by evaluating their efficiencies, protection capacity, precision and speed. Role Base Access Control is a security model which allows a user at a higher level to access roles and permissions of a user at a lower level of his organization hierarchy. Bell-la Padula on the other hand uses the “no read-up, no write-down” method of implementation; that is, it does not allow a user at a higher level to write to a user at a lower level. Also, a user at a lower level cannot read up the hierarchy. Comparison of these two access control security models were evaluated in the medical domain based on the above listed metrics. The prototype of this work was implemented using Microsoft C# on the .Net framework with Microsoft’s SQL as the backend. The result shows the prototype of the RBAC models is better in terms of efficiency, protection capacity, precision and speed.