Protection in operating systems
Communications of the ACM
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Privacy and Contextual Integrity: Framework and Applications
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Privacy APIs: Access Control Techniques to Analyze and Verify Legal Privacy Policies
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
A logical framework for history-based access control and reputation systems
Journal of Computer Security
Spin model checker, the: primer and reference manual
Spin model checker, the: primer and reference manual
A Formalization of HIPAA for a Medical Messaging System
TrustBus '09 Proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business
Toward practical authorization-dependent user obligation systems
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Experiences in the logical specification of the HIPAA and GLBA privacy laws
Proceedings of the 9th annual ACM workshop on Privacy in the electronic society
Policy auditing over incomplete logs: theory, implementation and applications
Proceedings of the 18th ACM conference on Computer and communications security
On practical specification and enforcement of obligations
Proceedings of the second ACM conference on Data and Application Security and Privacy
Policy monitoring in first-order temporal logic
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
Formalizing and Enforcing Purpose Restrictions in Privacy Policies
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
Privacy by design: a formal framework for the analysis of architectural choices
Proceedings of the third ACM conference on Data and application security and privacy
Proceedings of the 18th ACM symposium on Access control models and technologies
Hi-index | 0.00 |
In the medical sphere, personal and medical information is collected, stored, and transmitted for various purposes, such as, continuity of care, rapid formulation of diagnoses, and billing. Many of these operations must comply with federal regulations like the Health Insurance Portability and Accountability Act (HIPAA). To this end, we need a specification language that can precisely capture the requirements of HIPAA. We also need an enforcement engine that can enforce the privacy policies specified in the language. In the current work, we evaluate eXtensible Access Control Markup Language (XACML) as a candidate specification language for HIPAA privacy rules. We evaluate XACML based on the set of features required to sufficiently express HIPAA, proposed by a prior work. We also discuss which of the features necessary for expressing HIPAA are missing in XACML. We then present high level designs of how to enhance XACML's enforcement engine to support the missing features.