Completing an MIMD multiprocessor taxonomy
ACM SIGARCH Computer Architecture News
Role-Based Access Control Models
Computer
Configuring role-based access control to enforce mandatory and discretionary access control policies
ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Proceedings of the IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security: Data and Application Security, Development and Directions
PBDM: a flexible delegation model in RBAC
Proceedings of the eighth ACM symposium on Access control models and technologies
Journal of Medical Systems
Audit-based compliance control
International Journal of Information Security
Evaluating MapReduce for Multi-core and Multiprocessor Systems
HPCA '07 Proceedings of the 2007 IEEE 13th International Symposium on High Performance Computer Architecture
MapReduce: simplified data processing on large clusters
Communications of the ACM - 50th anniversary issue: 1958 - 2008
Patterns for parallel programming
Patterns for parallel programming
Towards improved privacy policy coverage in healthcare using policy refinement
SDM'07 Proceedings of the 4th VLDB conference on Secure data management
Some computer organizations and their effectiveness
IEEE Transactions on Computers
Policy auditing over incomplete logs: theory, implementation and applications
Proceedings of the 18th ACM conference on Computer and communications security
IEEE Security and Privacy
Hi-index | 0.00 |
One of the most important requirements of HIPAA is the "minimum-necessary" access requirement, which states that healthcare personnel must be granted no more access to electronic healthcare data than is necessary in order to work effectively. Due to the complexity of constructing such a policy, many hospitals do not comply with the regulation and instead manually audit the logs when they suspect that abuse has occurred. This audit-only approach is error-prone and difficult due to the volume of data contained in the logs. To address this problem, we have built a policy engine capable of automatically auditing logs and separating normal accesses from abnormal accesses. Our policy engine implicitly constructs role-based policies from the audit data in order to produce a workable policy that can be used to enforce minimum-necessary access. The policy engine can also audit an existing role-based access policy by comparing it to observed accesses in order to determine whether the existing policy is overpermissive compared to actual usage patterns.