Please use this identifier to cite or link to this item:
Title: A Case Study in Access Control Requirements for a Health Information System
Contributor(s): Evered, MP (author); Bogeholz, SF (author)
Publication Date: 2004
Handle Link:
Abstract: We present a detailed examination of the access constraints for a small real-world Health Information System with the aim of achieving minimal access rights for each of the involved principals. We show that, even for such a relatively simple system, the resulting constraints are very complex and cannot be expressed easily or clearly using the static per-method access control lists generally supported by component-based software. We derive general requirements for the expressiveness of access constraints and propose criteria for a more suitable access control mechanism in the context of component-based systems. We describe a two-level mechanism which can fulfil these criteria.
Publication Type: Conference Publication
Conference Name: Second Australasian Information Security Workshop (AISW2004), Dunedin, New Zealand, January, 2004
Conference Details: Second Australasian Information Security Workshop (AISW2004), Dunedin, New Zealand, January, 2004
Source of Publication: Proceedings of the Second Australasian Information Security Workshop (AISW2004) - Conferences in Research and Practice in Information Technology, Vol. 32, p. 53-61
Publisher: Australian Computer Society Inc.
Place of Publication: Dunedin, New Zealand
Field of Research (FOR): 080399 Computer Software not elsewhere classified
Peer Reviewed: Yes
HERDC Category Description: E1 Refereed Scholarly Conference Publication
Other Links:
Statistics to Oct 2018: Visitors: 162
Views: 161
Downloads: 0
Appears in Collections:Conference Publication

Files in This Item:
2 files
File Description SizeFormat 
Show full item record

Page view(s)

checked on Mar 9, 2019
Google Media

Google ScholarTM




Items in Research UNE are protected by copyright, with all rights reserved, unless otherwise indicated.