February 11, 2014 Outline
Reading:
text
, §7
Assignment due:
Homework #2, due February 11, 2014
Clinical Information System Security model
Intended for medical records; goals are confidentiality, authentication of annotators, and integrity
Patients, personal health information, clinician
Assumptions and origin of principles
Access principles
Creation principle
Deletion principle
Confinement principle
Aggregation principle
Enforcement principle
Comparison to Bell-LaPadula: lattice structure but different focus
Comparison to Clark-Wilson: specialization
ORCON
Originator controls distribution
DAC, MAC inadequate
Solution is combination
Role-based Access Control (RBAC)
Definition of role
Partitioning as job function
Containment
You can also obtain a PDF version of this.
Version of February 11, 2014 at 8:50PM