A. Ferreira, R. Correia, L. Antunes, Pedro Farinha, E. Oliveira-Palhares, D. Chadwick, A. Pereira
{"title":"如何以可控的方式打破访问控制","authors":"A. Ferreira, R. Correia, L. Antunes, Pedro Farinha, E. Oliveira-Palhares, D. Chadwick, A. Pereira","doi":"10.1109/CBMS.2006.95","DOIUrl":null,"url":null,"abstract":"The electronic medical record (EMR) integrates heterogeneous information within a healthcare institution stressing the need for security and access control. The Biostatistics and Medical Informatics Department from Porto Faculty of Medicine has recently implemented a virtual EMR (VEMR) in order to integrate patient information and clinical reports within a university hospital. With more than 500 medical doctors using the system on a daily basis, an access control policy and model were implemented. However, the healthcare environment has unanticipated situations (i.e. emergency situations) where access to information is essential. Most traditional policies do not allow for overriding. A policy that allows for \"Break-The-Glass (BTG)\" was implemented in order to override access control whilst providing for non-repudiation mechanisms for its usage. The policy was easily integrated within the model confirming its modularity and the fact that user intervention in defining security procedures is crucial to its successful implementation and use","PeriodicalId":208693,"journal":{"name":"19th IEEE Symposium on Computer-Based Medical Systems (CBMS'06)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"136","resultStr":"{\"title\":\"How to Break Access Control in a Controlled Manner\",\"authors\":\"A. Ferreira, R. Correia, L. Antunes, Pedro Farinha, E. Oliveira-Palhares, D. Chadwick, A. Pereira\",\"doi\":\"10.1109/CBMS.2006.95\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The electronic medical record (EMR) integrates heterogeneous information within a healthcare institution stressing the need for security and access control. The Biostatistics and Medical Informatics Department from Porto Faculty of Medicine has recently implemented a virtual EMR (VEMR) in order to integrate patient information and clinical reports within a university hospital. With more than 500 medical doctors using the system on a daily basis, an access control policy and model were implemented. However, the healthcare environment has unanticipated situations (i.e. emergency situations) where access to information is essential. Most traditional policies do not allow for overriding. A policy that allows for \\\"Break-The-Glass (BTG)\\\" was implemented in order to override access control whilst providing for non-repudiation mechanisms for its usage. The policy was easily integrated within the model confirming its modularity and the fact that user intervention in defining security procedures is crucial to its successful implementation and use\",\"PeriodicalId\":208693,\"journal\":{\"name\":\"19th IEEE Symposium on Computer-Based Medical Systems (CBMS'06)\",\"volume\":\"7 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2006-06-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"136\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"19th IEEE Symposium on Computer-Based Medical Systems (CBMS'06)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CBMS.2006.95\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"19th IEEE Symposium on Computer-Based Medical Systems (CBMS'06)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CBMS.2006.95","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
How to Break Access Control in a Controlled Manner
The electronic medical record (EMR) integrates heterogeneous information within a healthcare institution stressing the need for security and access control. The Biostatistics and Medical Informatics Department from Porto Faculty of Medicine has recently implemented a virtual EMR (VEMR) in order to integrate patient information and clinical reports within a university hospital. With more than 500 medical doctors using the system on a daily basis, an access control policy and model were implemented. However, the healthcare environment has unanticipated situations (i.e. emergency situations) where access to information is essential. Most traditional policies do not allow for overriding. A policy that allows for "Break-The-Glass (BTG)" was implemented in order to override access control whilst providing for non-repudiation mechanisms for its usage. The policy was easily integrated within the model confirming its modularity and the fact that user intervention in defining security procedures is crucial to its successful implementation and use
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
