Online Version - Last Updated - 20 Jan 2012 |
 |
| Home |
| |
| Procedures and Resources for Authors |
|
| Information and Resources for Volume Editors |
| |
| Orders and Subscriptions |
| |
| Published Articles |
|
| Upcoming Volumes |
| |
| Contact Us |
| |
| Useful External Links |
| |
| CRPIT Site Search |
A Case Study in Access Control Requirements for a Health Information System
Evered, M. and Bogeholz, S.
We present a detailed examination of the access constraints for a small real-world Health Information System with the aim of achieving minimal access rights for each of the involved principals. We show that, even for such a relatively simple system, the resulting constraints are very complex and cannot be expressed easily or clearly using the static per-method access control lists generally supported by component-based software. We derive general requirements for the expressiveness of access constraints and propose criteria for a more suitable access control mechanism in the context of componentbased systems. We describe a two-level mechanism which can fulfil these criteria.
Cite as: Evered, M. and Bogeholz, S. (2004). A Case Study in Access Control Requirements for a Health Information System. In Proc. Second Australasian Information Security Workshop (AISW2004), Dunedin, New Zealand. CRPIT, 32. Montague, P. and Steketee, C., Eds. ACS. 53-61.
(from crpit.com)
(local if available)
