A comprehensive need-to-know access control system and its application for medical information systems
暂无分享,去创建一个
In this paper we present an access control system (ACS) that allows implemention as well as management of comprehensive need-to-know access control policies. The overall system is built around a role based ACS that has been extended by two additional components namely, a security design and a context autentication component which allow the overall system to cohesively implement and manage need-to-know policies. The security design component systematically generates access control information that is appropriate to initialise the role based ACS according to the individual need-to-know within an organisation. The context authentication component on the other hand, has been integrated with the access control decision facility of the role based ACS. It dynamically verifies if a need-to-know really exists at the particular point in time when users request access to information. Finally, we describe an application scenario that illustrates the benefits provided by our need-to-know ACS concerning privacy of patient data within a hospital environment.
[1] Terry Winograd,et al. The action workflow approach to workflow management technology , 1992, CSCW '92.
[2] Stephanie Teufel,et al. A Formal Security Design Approach for Information Exchange in Organisations , 1995, DBSec.
[3] Stephanie Teufel,et al. The use of business process models for security design in organisations , 1996, SEC.
[4] Terry Winograd. A Language/Action Perspective on the Design of Cooperative Work , 1987, Hum. Comput. Interact..