A security policy model for clinical information systems
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
We have met the enemy and he is us
Proceedings of the 2008 workshop on New security paradigms
Hi-index | 0.00 |
Security models generally incorporate elements of both confidentiality and integrity. We examine a case where confidentiality is irrelevant to the process being modeled. In this case, integrity includes not only the authentication of origin and the lack of unauthorized changes to a document, but also the acceptance of all parties that the document is complete, signed by all parties, and cannot be modified further. This is especially critical when the document is recorded, so that it is legally the agreement or statement of record, and any copies of the document have no legal force. We show that current security models do not capture the details of this process. We then present a new security model for this process. This model captures the recordation process, and augments, rather than supplants, existing models. Hence it can also be used with existing security models to describe other situations.