OASIS role-based access control for electronic health records

IEE Proceedings: Software

Volumn 153, Issue 1, 2006, Pages 16-23

  Eyers, D M ^a   Bacon, J ^a   Moody, K ^a  

^a UNIVERSITY OF CAMBRIDGE   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER SOFTWARE; PROCESS CONTROL; PUBLIC POLICY;

ACCESS CONTROL; ELECTRONIC HEALTH RECORDS; PROTOTYPE;

COMPUTER ARCHITECTURE;

EID: 33644505205     PISSN: 14625970     EISSN: None     Source Type: Journal    
DOI: 10.1049/ip-sen:20045038     Document Type: Conference Paper

References (36)

1. Department of Health, NHS Executive: 'Information for health: an information strategy for the modern NHS 1998-2005', Jan. 1998, http://www.dh.gov.uk/assetRoot/04/01/43/89/04014389.pdf
2. Hayton, R.: ' OASIS - an open architecture for secure interworking services ', 1996, PhD, University of Cambridge
3. Yao, W., Moody, K., and Bacon, J.M.: ' A model of OASIS role-based access control and its support for active security ', Proc. Sixth ACM Symposium on Access Control Models and Technologies, 2001, p. 171-181
4. Bacon, J., Moody, K., and Yao, W.: ' A model of OASIS role-based access control and its support for active security ', ACM Trans. Inf. Syst. Secur., 2002, 5, (4), p. 492-540
5. 'Secure computer systems: Unified exposition and multics interpretation', Technical report, MTR-2997, July, 1975 MITRE Corp., Bedford, MA
6. 'Integrity considerations for secure computer systems', Technical report, TR-3153, April, 1977 MITRE Corp., Bedford, MA
7. McLean, J.: ' A comment on the "basic security theorem" of Bell and LaPadula ', ' Inf. Process. Lett. ', 1985, 20, (2), p. 67-70
8. Sandhu, R.S., and Samarati, P.: ' Access control: principles and practice ', IEEE Commun. Mag., 1994, 32, (9), p. 40-48
9. Gollmann, D.: ' Computer security ', (John Wiley & Sons 1999)
10. Sandhu, R.S., Coyne, E., Feinstein, H.L., and Youman, C.E.: ' Role-based access control models ', Computer, 1996, 29, (2), p. 38-47
11. Nyanchama, M., and Osborn, S.L.: ' The role graph model and confiict of interest ', ACM Trans. Inf. Syst. Secur., 1999, 2, (1), p. 3-33
12. Lochowsky, F.H., and Woo, C.C.: ' Role-based security in database management systems ', Landwehr, C.E., Database security: status prospects, (North-Holland Publishing Co., Amsterdam 1988), p. 209-222
13. Sandhu, R.S., Ferraiolo, D., and Kuhn, R.: ' The NIST model for role-based access control: towards a unified standard ', Proc Fifth ACM Workshop on Role-Based Access Control, 2000, Berlin, Germany p. 47-63
14. Simon, R.T., and Zurko, M.E.: ' Separation of duty in role-based environments ', PCSFW: Proc. Tenth Computer Security Foundations Workshop, 1997, IEEE Computer Society Press, Silver Spring, USA
15. Shin, D., and Ahn, G.-J.: ' On modeling system centric information for role engineering ', Proc. Eighth ACM Symposium on Access Control Models and Technologies, 2003, Como, Italy
16. Kuhlmann, M., Schimpf, G., and Shohat, D.: ' Role mining-revealing business roles for security administration using data mining technology ', Proc. Eighth ACM Symposium on Access Control Models and Technologies, 2003, Como, Italy
17. Neumann, G., and Strembeck, M.: ' A scenario-driven role engineering process for functional RBAC roles ', Proc. Seventh ACM Symposium on Access Control Models and Technologies, 2002, ACM Press, Monterey, USA p. 33-42
18. Kern, A., Kuhlmann, M., Schaad, A., and Moffett, J.D.: ' Observations on the role life-cycle in the context of enterprise security management ', Proc. Seventh ACM Symposium on Access Control Models and Technologies, 2002, ACM Press, Monterey, USA p. 43-51
19. Schaad, A., Moffett, J.D., and Jacob, J.: ' The role-based access control system of a European bank: a case study and discussion ', Proc. Sixth ACM Symposium on Access Control Models and Technologies, 2002, ACM Press, Monterey, USA p. 3-9
20. Bacon, J.M., Lloyd, M., and Moody, K.:: ' Translating role-based access control policy within context ', Lect. Notes Comput. Sci., 2001, 1995, p. 107-119
21. Becker, M.Y., and Sewell, P.: ' Cassandra: distributed access control policies with tunable expressiveness ', Proc. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, June 2004, Yorktown Heights, USA
22. Becker, M.Y., and Sewell, P.: ' Cassandra: flexible trust management, applied to electronic health records ', Proc. Seventeenth IEEE Computer Security Foundations Workshop, June 2004, Pacific Grove, USA
23. Damianou, N.C., Dulay, N., Lupu, E.C., and Sloman, M.S.:: ' The Ponder policy specification language ', Lect Notes Comput. Sci., 2001, 1995, p. 18-38
24. 'Rei: a policy language for the me-centric project', Technical report HPL-2002-270, 4, October, 2002 Hewlett Packard Laboratories
25. Longstaff, J.J., Lockyer, M.A., and Nicholas, J.: ' The Tees Confidentiality Model: an authorization model for identities and roles ', Proc. Eighth ACM Symposium on Access Control Models and Technologies, 2003, Como, Italy
26. Longstaff, J.J., Lockyer, M.A., and Nicholas, J.: ' Authorisation models for complex computing applications ', Proc. Information Security Solutions Europe Conf., Oct. 7-9 2003, Vienna, Austria
27. Longstaff, J.J., Lockyer, M.A., Capper, G., and Thick, M.G.: ' A model of accountability, confidentiality and override for healthcare and other applications ', Proc. Fifth ACM Workshop on Role-Based Access Control (RBAC '00), 2000, Berlin, Germany p. 71-76
28. Chadwick, D.W., and Otenko, A.: ' The PERMIS X.509 role based privilege management infrastructure ', Proc. Seventh ACM Symposium on Access Control Models and Technologies, 2002, ACM Press, Monterey, USA p. 135-140
29. Chadwick, D.W., and Otenko, A.: ' RBAC policies in XML for X.509 based privilege management ', Proc. Seventeenth International Conf. on Information Security, Dec. 9-12 2002, Singapore
30. Chadwick, D.W., and Mundy, D.: ' Policy based electronic transmission of prescriptions ', Policy 2003: IEEE Fourth International Workshop on Policies for Distributed Systems and Networks, 2003, Como, Italy
31. Bacon, J.M., Moody, K., Chadwick, D.W., and Otenko, A.: ' Persistent versus dynamic role membership ', Seventeenth IFIP WG3 Annual Working Conf. on Data and Application Security, August 2003, IFIP, Estes Park, CO, USA p. 344-357
32. Grimson, W., Berry, D., Grimson, J., Stephens, G., Felton, E., Given, P., and O'Moore, R.: ' Technical description: Federated healthcare record server - the Synapses paradigm ', 1996), http://www.cs.tcd.ie/synapses/public/html/ technicaldescription.html
33. Baker, D.B., Barnhart, R.M., and Buss, T.T.: ' PCASSO: applying and extending state-of-the-art security in the healthcare domain ', Proc. Thirteenth Annual Computer Security Applications Conf., 1997, IEEE Computer Society, Silver Spring, USA p. 251
34. Bacon, J.M., Moody, K., and Yao, W.: ' Access control and trust in the use of widely distributed services ', Lect Notes Comput. Sci., 2001, 2218, p. 295-310
35. Hine, J.H., Yao, W., Bacon, J.M., and Moody, K.:: ' An architecture for distributed OASIS services ', 2000, 1795, p. 104-120
36. W3C: SOAP version 1.2 part 0: Primer, http://www.w3.org/TR/soap12-part0/, June 2003