User-managed access control for health care systems

Authors:
Amir H. Chinaei;Frank Wm. Tompa
Affiliations:
School of Computer Science, University of Waterloo, Canada;School of Computer Science, University of Waterloo, Canada
Venue:
SDM'05 Proceedings of the Second VDLB international conference on Secure Data Management
Year:
2005

Citing 16
Cited 3

Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems

RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Access control for client-server object databases

Access control for client-server object databases
A flexible authorization mechanism for relational data management systems

ACM Transactions on Information Systems (TOIS)
An authorization mechanism for a relational database system

ACM Transactions on Database Systems (TODS)
Protection in operating systems

Communications of the ACM
Lattice-Based Access Control Models

Computer
The role control center: features and case studies

Proceedings of the eighth ACM symposium on Access control models and technologies
Cooperative role-based administration

Proceedings of the eighth ACM symposium on Access control models and technologies
Dependencies and separation of duty constraints in GTRBAC

Proceedings of the eighth ACM symposium on Access control models and technologies
Role-based access control for collaborative enterprise in peer-to-peer computing environments

Proceedings of the eighth ACM symposium on Access control models and technologies
Induced role hierarchies with attribute-based RBAC

Proceedings of the eighth ACM symposium on Access control models and technologies
The Typed Access Matrix Model

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Separation of duties for access control enforcement in workflow environments

IBM Systems Journal - End-to-end security
Compressed accessibility map: efficient access control for XML

VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
A Linear time algorithm for deciding security

SFCS '76 Proceedings of the 17th Annual Symposium on Foundations of Computer Science
Protection: principles and practice

AFIPS '72 (Spring) Proceedings of the May 16-18, 1972, spring joint computer conference

Modeling and Enforcing Advanced Access Control Policies in Healthcare Systems with Sectet

Models in Software Engineering
On the Facilitation of Fine-Grained Access to Distributed Healthcare Data

SDM '08 Proceedings of the 5th VLDB workshop on Secure Data Management
On the need for user-defined fine-grained access control policies for social networking applications

Proceedings of the workshop on Security in Opportunistic and SOCial networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

The requirements and technologies supporting shared health record databases pose new access control challenges. This paper proposes a decentralized access control system in which corporate policy can allow all health record owners to administer access control over their own objects, and at the same time, all objects are reasonably secure. We exploit various concepts of Rule Based Access Control, Role Based Access Control, XML structures, and object databases in our model.