Please use this identifier to cite or link to this item:
|Title:||A Case Study in Access Control Requirements for a Health Information System||Contributor(s):||Evered, MP (author); Bogeholz, SF (author)||Publication Date:||2004||Handle Link:||https://hdl.handle.net/1959.11/1012||Abstract:||We present a detailed examination of the access constraints for a small real-world Health Information System with the aim of achieving minimal access rights for each of the involved principals. We show that, even for such a relatively simple system, the resulting constraints are very complex and cannot be expressed easily or clearly using the static per-method access control lists generally supported by component-based software. We derive general requirements for the expressiveness of access constraints and propose criteria for a more suitable access control mechanism in the context of component-based systems. We describe a two-level mechanism which can fulfil these criteria.||Publication Type:||Conference Publication||Conference Name:||Second Australasian Information Security Workshop (AISW2004), Dunedin, New Zealand, January, 2004||Conference Details:||Second Australasian Information Security Workshop (AISW2004), Dunedin, New Zealand, January, 2004||Source of Publication:||Proceedings of the Second Australasian Information Security Workshop (AISW2004) - Conferences in Research and Practice in Information Technology, Vol. 32, p. 53-61||Publisher:||Australian Computer Society Inc.||Place of Publication:||Dunedin, New Zealand||Field of Research (FOR):||080399 Computer Software not elsewhere classified||Peer Reviewed:||Yes||HERDC Category Description:||E1 Refereed Scholarly Conference Publication||Other Links:||http://www.cis.unisa.edu.au/aisw04/
|Statistics to Oct 2018:||Visitors: 162
|Appears in Collections:||Conference Publication|
Files in This Item:
checked on Mar 9, 2019
Items in Research UNE are protected by copyright, with all rights reserved, unless otherwise indicated.