Security Challenges in Adaptive e-Health Processes

  • Michael Predeschly
  • Peter Dadam
  • Hilmar Acker
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5219)


E-health scenarios demand system-based support of process-oriented information systems. As most of the processes in this domain have to be flexibly adapted to meet exceptional or unforeseen situations, flexible process-oriented information systems (POIS) are needed which support ad-hoc deviations at the process instance level. However, e-health scenarios are also very sensitive with regard to privacy issues. Therefore, an adequate access rights management is essential as well. The paper addresses challenges which occur when flexible POIS and adequate rights management have to be put together.


Application Function Process Instance Access Control Model Role Base Access Control Security Challenge 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Dadam, P., Reichert, M.: Towards a New Dimension in Clinical Information Processing. In: Proc. MIE2000/GMDS 2000, Hannover, September 2000, pp. 295–301. IOS Press, Amsterdam (2000)Google Scholar
  2. 2.
    Dadam, P., Reichert, M., Kuhn, K.: Clinical Workflows – The Killer Application for Process-oriented Information Systems? In: Abramowicz, W., Orlowska, M. (eds.) Proc. 4th Int’l Conf. on Business Information Systems BIS 2000, Poznan, Poland, April 2000, pp. 36–59. Springer, London (2000)Google Scholar
  3. 3.
    Reichert, M., Rinderle, S., Kreher, U., Dadam, P.: Adaptive Process Management with ADEPT2. In: Proc. Int’l Conf. on Data Engineering, ICDE 2005, Tokyo, Demo Session, April 2005, pp. 1113–1114 (2005)Google Scholar
  4. 4.
    Anderson, J.P.: Computer security technology study ESD-TR-73-51, vol. 2.Google Scholar
  5. 5.
    Microsoft Library: Security in the .NET Framework (2007),
  6. 6.
  7. 7.
  8. 8.
    Payne, C., Thomson, D., Bogle, J., O’Brien, R.: Napoleon: A Recipe for Workflow, Computer Security Application Conference, p. 134 (1999)Google Scholar
  9. 9.
    Dridi, F., Pernul, B.M., Pernul, G.: Administration of an RBAC system. In: Proceedings of the 37th Hawaii International Conference on System Sciences – 2004 (2004)Google Scholar
  10. 10.
    Kern, A., Kuhlmann, M., Kuropka, R., Ruthert, A.: A meta model for authorisations in application security systems and their integration into RBAC administration. In: ACM symposium on Access control models and technologies, New York, pp. 87–96 (2004)Google Scholar
  11. 11.
    Wainer, J., Barthelmess, P., Kumar, A.: W-RBAC – A workflow security model incorporating controlled overriding of constraints. International Journal of Cooperative Information Systems, 455–485 (2003)Google Scholar
  12. 12.
    Joshi J. B. D., Bertino E., Latif U., Ghafoor A.: Generalized Temporal Role Based Access Contol Model (GTRBAC) Part 1 - Specification and Modeling, Cerias Tech Report 2001-47 Google Scholar
  13. 13.
    Joshi J. B. D., Bertino E., Latif U., Ghafoor A.: Generalized Temporal Role Based Access Contol Model (GTRBAC) Part 2 – Expressiveness and Design Issues, Cerias Tech Report 2003-01 Google Scholar
  14. 14.
    Sandhu, R., Bhamidipati, V., Munawer, Q.: The ARBAC97 Model for Role-Based Administration of Roles. ACM Transactions on Information and System Security 2(1), 105–135 (1999)CrossRefGoogle Scholar
  15. 15.
    Oh, S., Sandhu, R.: A model for role administration using organization structure. In: Proceedings of the seventh ACM symposium on Access control models and technologies, Monterey California, pp. 155–162 (2002)Google Scholar
  16. 16.
    Jiong, Q., Chen-hua, M., Jian-wei, Y., Jin-xiang, D.: Research and Implementation of Role-Based RBAC Administration Model. In: The Fifth International Conference on Computer and Information Technology (CIT 2005) (2005)Google Scholar
  17. 17.
    Kern, A., Schaad, A., Moffett, J.: An Administration Concept for the Enterprise Role-Based Access Control Model, ACM, SACMAT 2003, Como, Italy, June 2–3, 2003, pp. 3–11 (2003)Google Scholar
  18. 18.
    Weber, B., Reichert, M., Wild, W., Rinderle, S.: Balancing Flexibility and Security in Adaptive Process Management Systems. In: Proc. 13th Int´l Conf. on Cooperative Information Systems, Agia Napa, November 2005, pp. 59–76 (2005)Google Scholar
  19. 19.
    Middendorf, S., Singer, R., Heid, J.: Java – Programmierhandbuch und Referenz füie Java-2-Plattform, Standard Edition, 3rd edn (2002) (last visited on January 28, 2008),
  20. 20.
    Lai, C., Gong, L., Koved, L., Nadalin, A., Schemers, R.: User Authentication and Authorization in the Java Platform. In: Proc. 15th Annual Computer Security Applications Conference, Phoenix, AZ, December 1999, pp. 285–290 (1999)Google Scholar
  21. 21.
    Morgan, A.G., Kukuk, T.: The Linux-PAM System Administrators’ Guide (2008) (last visited on May 8, 2008),

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Michael Predeschly
    • 1
  • Peter Dadam
    • 1
  • Hilmar Acker
    • 1
  1. 1.Institute DBISUniversity Ulm 

Personalised recommendations