Abstract
In this paper we present an access control system (ACS) that allows implemention as well as management of comprehensive need-to-know access control policies. The overall system is built around a role based ACS that has been extended by two additional components namely, a security design and a context autentication component which allow the overall system to cohesively implement and manage need-to-know policies. The security design component systematically generates access control information that is appropriate to initialise the role based ACS according to the individual need-to-know within an organisation. The context authentication component on the other hand, has been integrated with the access control decision facility of the role based ACS. It dynamically verifies if a need-to-know really exists at the particular point in time when users request access to information. Finally, we describe an application scenario that illustrates the benefits provided by our need-to-know ACS concerning privacy of patient data within a hospital environment.
Chapter PDF
Similar content being viewed by others
Keywords
References
Action Technologies I, Ed. (1993). Action Workflow Application Builder User’s Guide. Alameda, CA 94501, USA, Action Technology Incorporation.
Action Technologies I, Ed. ( 1993, 1994). Action Workflow Analyst User’s Guide. Alameda, CA 94501, USA, Action Technologies Incorporation.
Fischer H-R, Teufel S, Muggli C and Bichsel M (1995) MobiMed - Privacy and Efficiency of Mobile Medical Systems. Project Proposal, Department of Computer Science, University of Zurich.
Holbein R (1996) Secure Information Exchange in Organisations - An Approach for Solving the Information Misuse Problem. Department of Computer Science. Dissertation, University of Zurich.
Holbein R and Teufel S (1995) A Security Service for Role Based Access Controls in Distributed Systems. Presented at the IFIP TC11 Eleventh International Conference on Computer Security IFIP/SEC95, Cape Town, South Africa, 1995.
Holbein R, Teufel S and Bauknecht K (1995) A Formal Security Design Approach for Information Exchange in Organisations. Presented at the 1FIP WG11.3 Ninth Annual Working Conference on Database Security, Aug. 1995, Rensselearville, N.Y., USA, 1995.
Holbein R, Teufel S and Bauknecht K (1996) The Use Of Business Process Models For Security Design in Organisations. Presented at the accepted for presentation at IFIP SEC96 TC 11 Twelfth International Conference on Information Security, Samos, Greece, 1996.
IBM (1995) Distributed Security Manager for AIX, Concepts and Planning. IBM Entwicklung Deutschland GmbH, Information Development, Dept. 0446.
Jonscher D and Dittrich K R (1993) A Formal Security Model Based on an Object-Oriented Data Model. Technical Report, Department of Computer Science, University of Zurich.
Jonscher D and Dittrich K R (1995) Argos - A Configurable Access Control Subsystem for Interoperable Environments. Presented at the IFIP WG11.3 Ninth Annual Working Conference on Database Security, Aug. 1995, Rensselearville, N.Y., USA, 1995.
Medina-Mora R, Winograd T, Flores R and Flores F (1992) The Action Workflow Approach to Workflow Management Technology. Presented at the Proceeding of the ACM Conference on Computer Supported Cooperative Work, Toronto, 1992.
Teufel S and Holbein R (1996) Security Aspects of Mobile Medical Systems. Presented at the will be published in Proc. of IFIP TC11 WG11.2 Annual General Meeting on Small System Security, Samos, Greece, 1996.
Winograd T (1988) A Language/Action Perspective on the Design of Cooperative Work. In Computer Supported Cooperative Work: A Book of Readings ( Winograd T, Eds.), pp. 623–653. Morgan Kaufmann Publishers.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1997 Springer Science+Business Media Dordrecht
About this chapter
Cite this chapter
Holbein, R., Teufel, S., Morger, O., Bauknecht, K. (1997). A Comprehensive Need-to-Know Access Control System and its Application for Medical Information Systems. In: Yngström, L., Carlsen, J. (eds) Information Security in Research and Business. IFIP — The International Federation for Information Processing. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35259-6_33
Download citation
DOI: https://doi.org/10.1007/978-0-387-35259-6_33
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-5481-0
Online ISBN: 978-0-387-35259-6
eBook Packages: Springer Book Archive