Author(s) |
Evered, MP
Bogeholz, SF
|
Publication Date |
2004
|
Abstract |
We present a detailed examination of the access constraints for a small real-world Health Information System with the aim of achieving minimal access rights for each of the involved principals. We show that, even for such a relatively simple system, the resulting constraints are very complex and cannot be expressed easily or clearly using the static per-method access control lists generally supported by component-based software. We derive general requirements for the expressiveness of access constraints and propose criteria for a more suitable access control mechanism in the context of component-based systems. We describe a two-level mechanism which can fulfil these criteria.
|
Citation |
Proceedings of the Second Australasian Information Security Workshop (AISW2004) - Conferences in Research and Practice in Information Technology, Vol. 32, p. 53-61
|
ISBN |
1920682147
|
Link | |
Publisher |
Australian Computer Society (ACS)
|
Title |
A Case Study in Access Control Requirements for a Health Information System
|
Type of document |
Conference Publication
|
Entity Type |
Publication
|
Name | Size | format | Description | Link |
---|