A workflow-based access control framework for e-Health applications

Proceedings - International Conference on Advanced Information Networking and Applications, AINA

Volumn , Issue , 2008, Pages 441-450

  Russello, Giovanni ^a   Dong, Changyu ^a   Dulay, Naranker ^a  

^a IMPERIAL COLLEGE LONDON   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

EHEALTH;

ACCESS CONTROL MECHANISM; ACCESS RIGHTS; CONTROL FRAMEWORK; E-HEALTH APPLICATIONS; MEDICAL CASE;

ACCESS CONTROL;

EID: 50249126670     PISSN: 1550445X     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/WAINA.2008.131     Document Type: Conference Paper

References (33)

1. W.M.P. van der Aalst, L. Aldred, M. Dumas, and A.H.M. ter Hofstede. "Design and implementation of the YAWL system." In A. Persson and J. Stirna, editors, Proceedings of The 16th International Conference on Advanced Information Systems Engineering (CAiSE 04), volume 3084 of LNCS, pp. 142-159, Riga, Latvia, June 2004. Springer Verlag.
2. W.M.P. van der Aalst and A.H.M. ter Hofstede. "YAWL: Yet Another Workflow Language." Information Systems, 30(4), pp. 245-275, 2005.
3. L. Ardissono, A. Di Leva, G. Petrone, M. Segnan, and M. Sonnessa. "Adaptive Medical Workflow Management for a Context-Dependent Home Healthcare Assistance Service." In Electronic Notes in Theoretical Computer Science, Elsevier, 2005.
4. V. Atluri and W.-K. Huang. "An Authorization Model for Workflows." In Proceedings of the Fifth European Symposium on Research in Computer Security, Rome, Italy, pp. 44-64. Lecture Notes in Computer Science, no. 1146. Berlin: Springer-Verlag.
5. P. Barthelmess. "Security in Workflow Systems." Available at http://www.barthelmess.net/Survey_Pages/Security/security.html. 2001.
6. M. Becker and P. Sewell "Cassandra: Flexible Trust Management, Applied to Electronic Health Records." In Proc. of the 17th IEEE Computer Security Foundations Workshop (CSFW'04), pp. 139-154, June 2004.
7. S. Chaari, F. Biennier, C. Ben Amar, J. and Favrel. "An authorization and access control model for workflow." First International Symposium on Control, Communications and Signal Processing, pp. 141-148, 2004.
8. R. Chandramouli. "A framework for multiple authorization types in a healthcare application system." In Proc. 17th Annual Computer Security Applications Conference (ACSAC), December 2001.
9. K. Cook. "Evaluating acute abdominal pain in adults". http://www.jaapa.com/issues/j20050301/articles/belly0305.htm
10. G. Coulouris, J. Dollimore and M. Roberts "Role and task-based access control in the PerDiS group-ware platform." In Proc. of the 3rd ACM Workshop on Role-Based Access Control, pp. 115-121, 1998.
11. P. Dadam, and M. Reichert. "Towards a new dimension in clinical information processing." In Stud. Health Technol. Inform., 77, pp. 295-301, 2000.
12. L. Dazzi, and M. Stefanelli. "A patient workflow management system built on guidelines." In Proc. of AMIA 97, pp. 146-150, 1997.
13. M. Dekker and S. Etalle "Audit-Based Access Control for Electronic Health Records." In Electronic Notes in Theoretical Computer Science (ENTCS), vol. 168, pp. 221-236, 2007.
14. I. Denley and S. Weston Smith. "Privacy in clinical information systems in secondary care." In British Medical Journal, 318, pp. 1328-1331, May 1999.
15. D. F. Ferraiolo, and D. R. Kuhn. "Role-Based Access Control." In Proc. of the NIST-NSA Nat. (USA) Comp. Security Conf., pp. 554-563, 1992.
16. D. Georgakopoulos, M. Hornick, and A. Sheth. "An overview of workflow management: from process modeling to workflow automation infrastructure." In Distributed Parallel Databases, 3, 2, pp. 119-153, 1995.
17. The Healthcare Role-Based Access Control Task Force http://www.va.gov/ RBAC/.
18. K. Knorr. "Dynamic Access Control through Petri NetWorkflows." In Proceedings of the 16th Annual Computer Security Applications Conference, pp. 159-167, New Orleans, LA, December 2000.
19. X. Liao,L. Zhang, and S.C.F. Chan. "A Task-Oriented Access Control Model for WfMS." Information Security Practice and Experience, pp.168-177, 2005.
20. The Ponder2 Project http://ponder2.net
21. M. Poulymenopoulou, and G. Vassilacopoulos. "A Web-based Workflow System for Emergency Healthcare." In Medical Informatics Europ, 2002.
22. D. Povey. "Optimistic security: a new access control paradigm." In Proceedings of the 1999 workshop on New security paradigms. ACM Press, Caledon Hills, Ontario, Canada, 2000. ISBN: 1581131496.
23. S. Quaglini, E. Caffi, A. Cavallini, G. Micieli, and M. Stefanelli. "Simulation of a Stroke Unit Careflow." In Medinfo, 2001.
24. L. Røstad and O. Edsberg. "A Study of Access Control Requirements for Healthcare Systems Based on Audit Trails from Access Logs." In Proc. of 22nd Annual Computer Security Applications Conference, Miami, Florida, December, 2006.
25. G. Russello, C. Dong, N. Dulay. "Authorisation and Conflict Resolution for Hierarchical Domains." In Proc. of Policy07 June 2007.
26. R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. "Role-based access control models". In IEEE Computer 29, 2 (Feb.), pp. 38-47, 1996.
27. A. Sheth, D. Worah, K. Kochut, Z.J. Miller, D. Palaniswami, and S. Das. "METEOR Workflow Management System and its use in Prototyping Healthcare Applications." In Proceedings of the Towards an Electronic Patient Record (TEPR97) Conference, Nashville, TN, April 1997.
28. M. Sloman and E. Lupu. "Security and Management Policy Specification." In IEEE Network, pp.10-19, Vol. 16, Issue 2, March, 2002.
29. R.K. Thomas and R.S. Sandhu. "Towards a Task-based Paradigm for Flexible and Adaptable Access Control in Distributed Applications." In Proceedings of the Second New Security Paradigms Workshop, IEEE Press, pp. 138-142, 1993.
30. R. Thomas and R. Sandhu "Conceptual foundations for a model of task-based authorisations." In Proc. of the 7th IEEE Computer Security Foundations Workshop (CSFW'94), pp. 66-79 1994.
31. R. Thomas and R. Sandhu "Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management." In Proc. of the IFIP TC11 WG11.3 11th International Conference on Database Securty XI: Status and Prospects, pp. 166-181, 1997.
32. W. Tolone, G.-J. Ahn, T. Pai, and S.-P. Hong. "Access control in collaborative systems." In ACM Comput. Surv., 37(1), pp. 29-41, 2005.
33. S. Wu, A. Sheth, J. Miller, and Z Luo. "Authorization and Access Control of Application Data in Workflow Systems." In Journal of Intelligent Information Systems, 18(1), pp. 71-94, 2002.