A Case Study in Access Control Requirements for a Health Information System

Evered, MP; Bogeholz, SF

Title

Publication Date

2004

Author(s)

Evered, MP

Bogeholz, SF

Editor

Editor(s): Hogan, J, Montague, P, Purvis, M, Steketee, C

Type of document

Conference Publication

Language

en

Entity Type

Publication

Publisher

Australian Computer Society (ACS)

Place of publication

Dunedin, New Zealand

UNE publication id

une:1031

Abstract

We present a detailed examination of the access constraints for a small real-world Health Information System with the aim of achieving minimal access rights for each of the involved principals. We show that, even for such a relatively simple system, the resulting constraints are very complex and cannot be expressed easily or clearly using the static per-method access control lists generally supported by component-based software. We derive general requirements for the expressiveness of access constraints and propose criteria for a more suitable access control mechanism in the context of component-based systems. We describe a two-level mechanism which can fulfil these criteria.

Link

link

Citation

Proceedings of the Second Australasian Information Security Workshop (AISW2004) - Conferences in Research and Practice in Information Technology, Vol. 32, p. 53-61

ISBN

1920682147

Start page

53

End page

61

A Case Study in Access Control Requirements for a Health Information System

Files: