Authentication, access control, and audit
ACM Computing Surveys (CSUR)
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Cassandra: Flexible Trust Management, Applied to Electronic Health Records
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
By Reason and Authority: A System for Authorization of Proof-Carrying Code
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Reputation-based trust management
Journal of Computer Security - Special issue on WITS'03
An Audit Logic for Accountability
POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks
Access control: principle and practice
IEEE Communications Magazine
Rendezvous-based access control for medical records in the pre-hospital environment
Proceedings of the 1st ACM SIGMOBILE international workshop on Systems and networking support for healthcare and assisted living environments
A medical database case study for reflective database access control
Proceedings of the first ACM workshop on Security and privacy in medical and home-care systems
MeD-Lights: a usable metaphor for patient controlled access to electronic health records
Proceedings of the 1st ACM International Health Informatics Symposium
Hi-index | 0.00 |
Traditional access control mechanisms aim to prevent illegal actions a-priori occurrence, i.e. before granting a request for a document. There are scenarios however where the security decision can not be made on the fly. For these settings we developed a language and a framework for a-posteriori access control. I this paper we show how the framework can be used in a practical scenario. In particular, we work out the example of an Electronic Health Record (EHR) system, we outline the full architecture needed for audit-based access control and we discuss the requirements and limitations of this approach concerning the underlying infrastructure and its users.