Optimistic security: a new access control paradigm
Proceedings of the 1999 workshop on New security paradigms
The NIST model for role-based access control: towards a unified standard
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Proceedings of the IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security: Data and Application Security, Development and Directions
The effects of introspection on creating privacy policy
Proceedings of the 8th ACM workshop on Privacy in the electronic society
What's Wrong with Access Control in the Real World?
IEEE Security and Privacy
IEEE Security and Privacy
Likert-type scales, statistical methods, and effect sizes
Communications of the ACM
Hi-index | 0.00 |
In theory, access control is a solved problem. In practice, large real-world enterprises still report trouble: de facto policy becomes unmanageable; users circumvent controls. These issues can be particularly critical in medical IT, such as emerging EMR and EHR, where access control errors can have serious repercussions. In this paper, we investigate how real-world EMR users think about access control when they are making policy decisions in the abstract-and when they are actually using the system in treatment scenarios. Mismatches suggest places ("empathy gaps") where new policy tools may be needed.