How to break access control in a controlled manner

被引：61

作者：

Ferreira, A. ^{[1
]}

Cruz-Correia, R. ^{[1
,2
]}

Antunes, L. ^{[3
,4
]}

Farinha, P. ^{[2
]}

Oliveira-Palhares, E. ^{[2
]}

Chadwick, D. W. ^{[5
]}

Costa-Pereira, A. ^{[1
,2
]}

机构：

[1] Univ Porto, Fac Med, Ctr Res Hlth Informat Syst & Technol CINTESIS, Rua Campo Alegre 823, P-4100 Porto, Portugal

[2] Univ Porto, Fac Med, Dept Biostat & Med Informat, P-4100 Porto, Portugal

[3] Univ Porto, Fac Med, Dept Comp Sci, Porto, Portugal

[4] Univ Porto, LIACC, Porto, Portugal

[5] Univ Kent, Comp Lab, Informat Syst Secur Grp, Canterbury, Kent, England

来源：

19TH IEEE INTERNATIONAL SYMPOSIUM ON COMPUTER-BASED MEDICAL SYSTEMS, PROCEEDINGS | 2006年

关键词：

D O I：

10.1109/CBMS.2006.95

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

The Electronic Medical Record (EMR) integrates heterogeneous information within a Healthcare Institution stressing the need for security and access control. The Biostatistics and Medical Informatics Department from Porto Faculty of Medicine has recently implemented a Virtual EMR (VEMR) in order to integrate patient information and clinical reports within a university hospital. With more than 500 medical doctors using the system on a daily basis, an access control policy and model were implemented. However, the healthcare environment has unanticipated situations (i.e. emergency situations) where access to information is essential. Most traditional policies do not allow for overriding. A policy that allows for "Break-The-Glass (BTG)" was implemented in order to override access control whilst providing for non-repudiation mechanisms for its usage. The policy was easily integrated within the model confirming its modularity and the fact that user intervention in defining security procedures is crucial to its successful implementation and use.

引用

页码：847 / +

页数：2

共 11 条

[1]

Anderson Ross., 2001, SECURITY ENG GUIDE B

[2] Access to EHR and access control at a moment in the past: a discussion of the need and an exploration of the consequences [J].

Bakker, B .

INTERNATIONAL JOURNAL OF MEDICAL INFORMATICS, 2004, 73 (03) :267-270

[3] Authorisation and access control for electronic health record systems [J].

Blobel, B .

INTERNATIONAL JOURNAL OF MEDICAL INFORMATICS, 2004, 73 (03) :251-257

[4]

Cruz-Correia R, 2005, AI COMMUN, V18, P191

[5]

Ferraiolo D. F., 2001, ACM Transactions on Information and Systems Security, V4, P224, DOI 10.1145/501978.501980

[6]

FERREIRA A, 2005, P 10 INT S HLTH INF

[7]

Povey D, 2000, NEW SECURITY PARADIGM WORKSHOP, PROCEEDINGS, P40

[8]

RISSANEN E, 2004, P 12 INT WORKSH SEC

[9]

WAEGEMANN P, 2003, EHR VS CPR VS EMR HE

[10]

2004, BREAK GLASS APPROACH

← 1 2 →