Sciweavers

ACSW
2004

A Case Study in Access Control Requirements for a Health Information System

14 years 1 months ago
A Case Study in Access Control Requirements for a Health Information System
We present a detailed examination of the access constraints for a small real-world Health Information System with the aim of achieving minimal access rights for each of the involved principals. We show that, even for such a relatively simple system, the resulting constraints are very complex and cannot be expressed easily or clearly using the static per-method access control lists generally supported by component-based software. We derive general requirements for the expressiveness of access constraints and propose criteria for a more suitable access control mechanism in the context of componentbased systems. We describe a two-level mechanism which can fulfil these criteria.
Mark Evered, Serge Bögeholz
Added 30 Oct 2010
Updated 30 Oct 2010
Type Conference
Year 2004
Where ACSW
Authors Mark Evered, Serge Bögeholz
Comments (0)