A lattice model of secure information flow
Communications of the ACM
Practical Domain and Type Enforcement for UNIX
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
A security policy model for clinical information systems
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A domain and type enforcement UNIX prototype
SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
| Hi-index | 0.00 |
We present a security model to regulate the exchange and pooling of medical information over a wide-area distributed system. The policy is an abstraction of the principles that guided the implementation of such a system at the University of Ulm. The entities introduced to express the policy are defined by the ethical and legal constraints imposed on a medical informatics system. This policy regulates bulk data interactions between cooperating organizations. As such, it is designed to supplement other security policies regulating access to information at a finer granularity within each of the organizations taking part in the exchange. As an example of such integration, we compare it with the guidelines of the British Medical Association.