Modeling and enforcing advanced access control policies in healthcare systems with SECTET

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5002 LNCS, Issue , 2008, Pages 132-144

  Hafner, Michael ^a   Memon, Mukhtiar ^a   Alam, Muhammad ^a  

^a UNIVERSITY OF INNSBRUCK   (Austria)

Author keywords

[No Author keywords available]

Indexed keywords

ARTIFICIAL INTELLIGENCE; BIOINFORMATICS; COMPUTER SCIENCE; CONTROL SYSTEMS; COSINE TRANSFORMS; HEALTH; MODELS; PUBLIC POLICY; SECURITY OF DATA; SECURITY SYSTEMS; SOFTWARE ENGINEERING;

ACCESS CONTROL POLICIES; CODE TRANSFORMATIONS; CONTROL STRATEGIES; DOMAIN ARCHITECTURES; DOMAIN SPECIFIC LANGUAGE (DSL); HEALTH CARE SYSTEMS; HEIDELBERG (CO); LECTURE NOTES; MODEL-DRIVEN; SECURITY POLICY MODEL (SPM); SECURITY REQUIREMENTS; SPECIALIZATION (ORDER); TARGET ARCHITECTURES; USAGE CONTROL;

ACCESS CONTROL;

EID: 47749117634     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-69073-3_15     Document Type: Conference Paper

References (40)

1. Integrating the Healthcare Enterprise (2007), http://www.ihe.net/
2. Alam, M., Hafner, M., Breu, R.: Modeling Authorization in an SOA based Application Scenario. In: IASTED Conference on Software Engineering, pp. 79-84 (2006)
3. Anderson, R.: Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley & Sons, Inc., New York (2001)
4. Blobel, B.: Trustworthiness in Distr. Electr. Healthcare Records-Basis for Shared Care. In: ACSAC 2001: Proc. of the 17th Annual Comp. Sec. App. Conf., Washington, DC, USA, p. 433. IEEE Comp. Soc., Los Alamitos (2001)
5. Breu, R., Breu, M., Hafner, M., Nowak, A.: Web Service Engineering - Advancing a New Software Engineering Discipline. In: Lowe, D.G., Gaedke, M. (eds.) ICWE 2005. LNCS, vol. 3579, pp. 8-18. Springer, Heidelberg (2005)
6. Chanabhai, P., Holt, A.: Consumers are Ready to Accept the Trans. to Online and Electr. Rec. if They Can be Assured of the Sec. Measures. Medscape Gen. Medicine 9(1) (2007)
7. Chinaei, A.H., Tompa, F.: User-managed access control for health care systems. In: Secure Data Management, pp. 63-72 (2005)
8. Gomi, H., et al.: A Delegation Framew. for Fed. Identity Management. In: DIM 2005: Proc. of the 2005 Workshop on Dig. Identity Man, ACM Press, New York (2005)
9. Hafner, M., et al.: Sectet: An Extensible Framework for the Realization of Secure Inter-Organizational Workflows. Journal of Internet Research 16(5) (2006)
10. Breu, R., et al.: Model Driven Security for Inter-organizational Workflows in e-Government. In: Bohlen, M.H., Gamper, J., Polasek, W., Wimmer, M.A. (eds.) TCGOV 2005. LNCS (LNAI), vol. 3416, pp. 122-133. Springer, Heidelberg (2005)
11. Vogl, R., et al.: Architecture for a distributed national electronic health record in Austria. In: Proc. EuroPACS 2006: The 24th International EuroPACS Conference, pp. 67-77 (2006)
12. Schabetsberger, T., et al.: From a Paper-based Transmission of Discharge Summaries to Electronic Communication in Health Care Regions. Int. Journal of Medical Informatics 75, 3-4, 209-215 (2006)
13. Zhang, X., et al.: Formal model and policy specification of usage control. ACM Trans. Inf. Syst. Secur. 8(4), 351-387 (2005)
14. Gritzalis, S.: Enhancing Privacy and Data Protection in Electronic Medical Environments. Journal of Medical Systems 28(6), 535-547 (2004)
15. Gunter, T., Terry, N.: The Emergence of Nat. Electr. Health Record Arch, in the U.S. and Australia: Models, Costs, and Questions. Journal of Med. Internet Research 7(1):3 (2005)
16. Hafner, M., Agreiter, B., Breu, R., Nowak, A.: Sectet an extensible framework for the realization of secure inter-organizational workflows. Journal of Internet Research 16(5) (2006)
17. Hafner, M., Alam, M., Breu, R.: Towards a MOF/QVT-Based Domain Architecture for Model Driven Security. In: Nierstrasz, O., Whittle, J., Harel, D., Reggio, G. (eds.) MoDELS 2006. LNCS, vol. 4199, pp. 275-290. Springer. Heidelberg (2006)
18. Hafner, M., Breu, R., Breu, M.: A security architecture for inter-organizational workflows: Putting security standards for web services together. ICEIS (3), 128-135 (2005)
19. Hafner, M., Breu, M., Breu, R., Nowak, A.: Modelling Inter-organizational Workflow Security in a Peer-to-Peer Environment. In: ICWS 2005: Proceedings of the IEEE International Conference on Web Services (ICWS 2005), Washington. DC, USA, pp. 533-540. IEEE Computer Society, Los Alamitos (2005)
20. Hu, J., Weaver, A.: Dynamic, context-aware access control for distributed healthcare applications (August 2004), http://www.cs.virginia.edu/papers/
21. Hu, V., Ferraiolo, D., Kuhn, D.: Assessment of access control systems. Technical Report NISTIR 7316, National Inst. of Standards and Technology, US Department of Commerce (September 2006)
22. Kohn, L., Corrigan, J., Donaldson, M.: To Err is Human: Building a Safer Health System. National Academy Press, Washington DC (2000)
23. Li, M., Poovendran, R.: Enabling Distributed Addition of Secure Access to Patient's Records in A Tele-Referring Group. In: IEEE-EMBS 2005: Proceedings of the 27th IEEE EMBS Annual International Conference, pp. 308-317. IEEE, Los Alamitos (2005)
24. Alam, M., Hafner, M., Seifert, J.P., Zhang, X.: Extending SELinux Policy Model and Enforcement Architecture for Trusted Platforms Paradigms. In: Annual SELinux Symposium (2007), http://selinux-symposium.org/2007/agenda.php
25. Alam, M., Breu, R., Hafner, M.: Modeling Permissions in a (U/X)ML World. In: IEEE ARES (2006), ISBN: 0-7695-2567-9
26. United States Department of Health & Human Services. Health insurance portability and accountability act of 1996, http://aspe.hhs.gov/admnsimp/ p1104191.htm
27. Office of the Privacy Commissioner of Canada. Personal information protection and electronic documents act (pipeda), http://laws.justice.gc.ca/en/ P-8.6/
28. Committee on Quality of Health Care in America. Inst, of Medicine. In: Crossing the Quality Chasm: A New Health System for the 21 st Century, Nat. Acad. Press, Washington DC (2001)
29. OpenArchitectureWare XPAND Language available at. http://www.eclipse.org/ gmt/oaw/doc/r20_xPandReference.pdf
30. Park, J., Sandhu, R.: The UCON ABC Usage Control Model. ACM Transactions on Information and Systems Security 7, 128-174 (2004)
31. Europ. Parliament. Directive 95-46-ec of the europ. pari, and of the counc. of 24 October 1995 on the p protection of individuals with regard to the processing of personal data and on the free movement of such data (1995). http://www.cdt.org/privacy/eudirective/EU_Directive_.html
32. Role Based Access Control (RBAC) avialable at. csrc.nist.gov/rbac/
33. Schabetsberger, T.: Reference Implementation of a Shared Electr. Health Record Using Med. Data Grids with an RBAC Based Security Model. In: Proc. of the 2nd AGRID Symp. in conj. with 6th Austrian-Hungarian Workshop on Distributed and Parallel Syst. (2007)
34. Joint NEMA/COCIR/JIRA Sec. and Priv. Committee. Break-Glass - An Approach to Granting Emergency Access to Healthcare Systems, http://www.nema.org/prod/ med/security/
35. SECTETPL : A Predicative Language for the Specification of Access Rights available at, http://qe-informatik.uibk.ac.at/~muhammad/TechnicalReportSECTETPL. pdf
36. Pearson, S.: Trusted Computing Platforms: TCPA Technology in Context. Prentice Hall PTR, Upper Saddle River (2002)
37. Straub, T.: Usability Challenges of PKI (2005)
38. Vogt, G.: Multiple Authorization - A Model and Arch. for Increased, Practical Security. In: Proc. of the IFIP/IEEE 8th Int. Symp. on Integrated Network Management (IM 2003), Colorado Springs, US A, March 2003, pp. 109-112. IFIP/IEEE. Kluwer Academic Publishers (2003)
39. Xacml v3.0 administration policy working draft 05 (December 2005). http://www.oasis-open.org/committees/documents.php?wg_abbrev=xacml
40. Yao, W.: Trust Management for Widely Distributed Systems. PhD thesis. University of Cambridge (2003)