A Case Study in Access Control Requirements for a Health Information System

Evered, MP; Bogeholz, SF

Author(s)

Evered, MP

Bogeholz, SF

Publication Date

2004

Abstract

We present a detailed examination of the access constraints for a small real-world Health Information System with the aim of achieving minimal access rights for each of the involved principals. We show that, even for such a relatively simple system, the resulting constraints are very complex and cannot be expressed easily or clearly using the static per-method access control lists generally supported by component-based software. We derive general requirements for the expressiveness of access constraints and propose criteria for a more suitable access control mechanism in the context of component-based systems. We describe a two-level mechanism which can fulfil these criteria.

Citation

Proceedings of the Second Australasian Information Security Workshop (AISW2004) - Conferences in Research and Practice in Information Technology, Vol. 32, p. 53-61

ISBN

1920682147

Link

https://hdl.handle.net/1959.11/1012

Language

en

Publisher

Australian Computer Society (ACS)

Title

A Case Study in Access Control Requirements for a Health Information System

Type of document

Conference Publication

Entity Type

Publication

Author(s)	Evered, MP Bogeholz, SF
Publication Date	2004
Abstract	We present a detailed examination of the access constraints for a small real-world Health Information System with the aim of achieving minimal access rights for each of the involved principals. We show that, even for such a relatively simple system, the resulting constraints are very complex and cannot be expressed easily or clearly using the static per-method access control lists generally supported by component-based software. We derive general requirements for the expressiveness of access constraints and propose criteria for a more suitable access control mechanism in the context of component-based systems. We describe a two-level mechanism which can fulfil these criteria.
Citation	Proceedings of the Second Australasian Information Security Workshop (AISW2004) - Conferences in Research and Practice in Information Technology, Vol. 32, p. 53-61
ISBN	1920682147
Link	https://hdl.handle.net/1959.11/1012
Language	en
Publisher	Australian Computer Society (ACS)
Title	A Case Study in Access Control Requirements for a Health Information System
Type of document	Conference Publication
Entity Type	Publication

A Case Study in Access Control Requirements for a Health Information System

Files: