{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,1,31]],"date-time":"2025-01-31T12:10:27Z","timestamp":1738325427080,"version":"3.35.0"},"publisher-location":"Berlin, Heidelberg","reference-count":40,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540690696"},{"type":"electronic","value":"9783540690733"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/978-3-540-69073-3_15","type":"book-chapter","created":{"date-parts":[[2008,8,12]],"date-time":"2008-08-12T16:07:43Z","timestamp":1218557263000},"page":"132-144","source":"Crossref","is-referenced-by-count":12,"title":["Modeling and Enforcing Advanced Access Control Policies in Healthcare Systems with Sectet"],"prefix":"10.1007","author":[{"given":"Michael","family":"Hafner","sequence":"first","affiliation":[]},{"given":"Mukhtiar","family":"Memon","sequence":"additional","affiliation":[]},{"given":"Muhammad","family":"Alam","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"15_CR1","unstructured":"Integrating the Healthcare Enterprise (2007), http:\/\/www.ihe.net\/"},{"key":"15_CR2","unstructured":"Alam, M., Hafner, M., Breu, R.: Modeling Authorization in an SOA based Application Scenario. In: IASTED Conference on Software Engineering, pp. 79\u201384 (2006)"},{"key":"15_CR3","volume-title":"Security Engineering: A Guide to Building Dependable Distributed Systems","author":"R. Anderson","year":"2001","unstructured":"Anderson, R.: Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley & Sons, Inc., New York (2001)"},{"key":"15_CR4","first-page":"433","volume-title":"ACSAC 2001: Proc. of the 17th Annual Comp. Sec. App. Conf.","author":"B. Blobel","year":"2001","unstructured":"Blobel, B.: Trustworthiness in Distr. Electr. Healthcare Records-Basis for Shared Care. In: ACSAC 2001: Proc. of the 17th Annual Comp. Sec. App. Conf., Washington, DC, USA, p. 433. IEEE Comp. Soc., Los Alamitos (2001)"},{"key":"15_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"8","DOI":"10.1007\/11531371_5","volume-title":"Web Engineering","author":"R. Breu","year":"2005","unstructured":"Breu, R., Breu, M., Hafner, M., Nowak, A.: Web Service Engineering - Advancing a New Software Engineering Discipline. In: Lowe, D.G., Gaedke, M. (eds.) ICWE 2005. LNCS, vol.\u00a03579, pp. 8\u201318. Springer, Heidelberg (2005)"},{"key":"15_CR6","unstructured":"Chanabhai, P., Holt, A.: Consumers are Ready to Accept the Trans. to Online and Electr. Rec. if They Can be Assured of the Sec. Measures. Medscape Gen. Medicine\u00a09(1) (2007)"},{"key":"15_CR7","doi-asserted-by":"crossref","unstructured":"Chinaei, A.H., Tompa, F.: User-managed access control for health care systems. In: Secure Data Management, pp. 63\u201372 (2005)","DOI":"10.1007\/11552338_5"},{"key":"15_CR8","volume-title":"DIM 2005: Proc. of the 2005 Workshop on Dig. Identity Man","author":"H. Gomi","year":"2005","unstructured":"Gomi, H., et al.: A Delegation Framew. for Fed. Identity Management. In: DIM 2005: Proc. of the 2005 Workshop on Dig. Identity Man, ACM Press, New York (2005)"},{"key":"15_CR9","doi-asserted-by":"crossref","unstructured":"Hafner, M., et al.: Sectet: An Extensible Framework for the Realization of Secure Inter-Organizational Workflows. Journal of Internet Research\u00a016(5) (2006)","DOI":"10.1108\/10662240610710978"},{"key":"15_CR10","series-title":"Lecture Notes in Artificial Intelligence","doi-asserted-by":"crossref","first-page":"122","DOI":"10.1007\/978-3-540-32257-3_12","volume-title":"E-Government: Towards Electronic Democracy","author":"R. Breu","year":"2005","unstructured":"Breu, R., et al.: Model Driven Security for Inter-organizational Workflows in e-Government. In: B\u00f6hlen, M.H., Gamper, J., Polasek, W., Wimmer, M.A. (eds.) TCGOV 2005. LNCS (LNAI), vol.\u00a03416, pp. 122\u2013133. Springer, Heidelberg (2005)"},{"key":"15_CR11","unstructured":"Vogl, R., et al.: Architecture for a distributed national electronic health record in Austria. In: Proc. EuroPACS 2006: The 24th International EuroPACS Conference, pp. 67\u201377 (2006)"},{"key":"15_CR12","doi-asserted-by":"publisher","first-page":"209","DOI":"10.1016\/j.ijmedinf.2005.07.018","volume":"75, 3-4","author":"T. Schabetsberger","year":"2006","unstructured":"Schabetsberger, T., et al.: From a Paper-based Transmission of Discharge Summaries to Electronic Communication in Health Care Regions. Int. Journal of Medical Informatics\u00a075, 3-4, 209\u2013215 (2006)","journal-title":"Int. Journal of Medical Informatics"},{"issue":"4","key":"15_CR13","doi-asserted-by":"publisher","first-page":"351","DOI":"10.1145\/1108906.1108908","volume":"8","author":"X. Zhang","year":"2005","unstructured":"Zhang, X., et al.: Formal model and policy specification of usage control. ACM Trans. Inf. Syst. Secur.\u00a08(4), 351\u2013387 (2005)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"issue":"6","key":"15_CR14","doi-asserted-by":"publisher","first-page":"535","DOI":"10.1023\/B:JOMS.0000044956.55209.75","volume":"28","author":"S. Gritzalis","year":"2004","unstructured":"Gritzalis, S.: Enhancing Privacy and Data Protection in Electronic Medical Environments. Journal of Medical Systems\u00a028(6), 535\u2013547 (2004)","journal-title":"Journal of Medical Systems"},{"issue":"1","key":"15_CR15","doi-asserted-by":"crossref","first-page":"3","DOI":"10.2196\/jmir.7.1.e3","volume":"7","author":"T. Gunter","year":"2005","unstructured":"Gunter, T., Terry, N.: The Emergence of Nat. Electr. Health Record Arch. in the U.S. and Australia: Models, Costs, and Questions. Journal of Med. Internet Research\u00a07(1):3 (2005)","journal-title":"Journal of Med. Internet Research"},{"key":"15_CR16","doi-asserted-by":"crossref","unstructured":"Hafner, M., Agreiter, B., Breu, R., Nowak, A.: Sectet an extensible framework for the realization of secure inter-organizational workflows. Journal of Internet Research\u00a016(5) (2006)","DOI":"10.1108\/10662240610710978"},{"key":"15_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"275","DOI":"10.1007\/11880240_20","volume-title":"Model Driven Engineering Languages and Systems","author":"M. Hafner","year":"2006","unstructured":"Hafner, M., Alam, M., Breu, R.: Towards a MOF\/QVT-Based Domain Architecture for Model Driven Security. In: Nierstrasz, O., Whittle, J., Harel, D., Reggio, G. (eds.) MoDELS 2006. LNCS, vol.\u00a04199, pp. 275\u2013290. Springer, Heidelberg (2006)"},{"key":"15_CR18","first-page":"128","volume":"3","author":"M. Hafner","year":"2005","unstructured":"Hafner, M., Breu, R., Breu, M.: A security architecture for inter-organizational workflows: Putting security standards for web services together. ICEIS\u00a0(3), 128\u2013135 (2005)","journal-title":"ICEIS"},{"key":"15_CR19","doi-asserted-by":"publisher","first-page":"533","DOI":"10.1109\/ICWS.2005.83","volume-title":"ICWS 2005: Proceedings of the IEEE International Conference on Web Services (ICWS 2005)","author":"M. Hafner","year":"2005","unstructured":"Hafner, M., Breu, M., Breu, R., Nowak, A.: Modelling Inter-organizational Workflow Security in a Peer-to-Peer Environment. In: ICWS 2005: Proceedings of the IEEE International Conference on Web Services (ICWS 2005), Washington, DC, USA, pp. 533\u2013540. IEEE Computer Society, Los Alamitos (2005)"},{"key":"15_CR20","unstructured":"Hu, J., Weaver, A.: Dynamic, context-aware access control for distributed healthcare applications (August 2004), http:\/\/www.cs.virginia.edu\/papers\/"},{"key":"15_CR21","doi-asserted-by":"crossref","unstructured":"Hu, V., Ferraiolo, D., Kuhn, D.: Assessment of access control systems. Technical Report NISTIR 7316, National Inst. of Standards and Technology, US Department of Commerce (September 2006)","DOI":"10.6028\/NIST.IR.7316"},{"key":"15_CR22","volume-title":"To Err is Human: Building a Safer Health System","author":"L. Kohn","year":"2000","unstructured":"Kohn, L., Corrigan, J., Donaldson, M.: To Err is Human: Building a Safer Health System. National Academy Press, Washington DC (2000)"},{"key":"15_CR23","first-page":"308","volume-title":"IEEE-EMBS 2005: Proceedings of the 27th IEEE EMBS Annual International Conference","author":"M. Li","year":"2005","unstructured":"Li, M., Poovendran, R.: Enabling Distributed Addition of Secure Access to Patient\u2019s Records in A Tele-Referring Group. In: IEEE-EMBS 2005: Proceedings of the 27th IEEE EMBS Annual International Conference, pp. 308\u2013317. IEEE, Los Alamitos (2005)"},{"key":"15_CR24","unstructured":"Alam, M., Hafner, M., Seifert, J.P., Zhang, X.: Extending SELinux Policy Model and Enforcement Architecture for Trusted Platforms Paradigms. In: Annual SELinux Symposium (2007), http:\/\/selinux-symposium.org\/2007\/agenda.php"},{"key":"15_CR25","doi-asserted-by":"crossref","unstructured":"Alam, M., Breu, R., Hafner, M.: Modeling Permissions in a (U\/X)ML World. In: IEEE ARES (2006), ISBN: 0-7695-2567-9","DOI":"10.1109\/ARES.2006.84"},{"key":"15_CR26","unstructured":"United States\u00a0Department of\u00a0Health & Human\u00a0Services. Health insurance portability and accountability act of 1996, http:\/\/aspe.hhs.gov\/admnsimp\/pl104191.htm"},{"key":"15_CR27","unstructured":"Office of\u00a0the Privacy Commissioner\u00a0of Canada. Personal information protection and electronic documents act (pipeda), http:\/\/laws.justice.gc.ca\/en\/P-8.6\/"},{"key":"15_CR28","unstructured":"Committee on\u00a0Quality of Health Care in America. Inst.\u00a0of Medicine. In: Crossing the Quality Chasm: A New Health System for the 21st Century, Nat. Acad. Press, Washington DC (2001)"},{"key":"15_CR29","unstructured":"OpenArchitectureWare XPAND Language available at, http:\/\/www.eclipse.org\/gmt\/oaw\/doc\/r20_xPandReference.pdf"},{"key":"15_CR30","doi-asserted-by":"publisher","first-page":"128","DOI":"10.1145\/984334.984339","volume":"7","author":"J. Park","year":"2004","unstructured":"Park, J., Sandhu, R.: The UCON ABC Usage Control Model. ACM Transactions on Information and Systems Security\u00a07, 128\u2013174 (2004)","journal-title":"ACM Transactions on Information and Systems Security"},{"key":"15_CR31","unstructured":"Europ. Parliament. Directive 95-46-ec of the europ. parl. and of the counc. of 24 october 1995 on the p protection of individuals with regard to the processing of personal data and on the free movement of such data (1995), http:\/\/www.cdt.org\/privacy\/eudirective\/EU_Directive_.html"},{"key":"15_CR32","unstructured":"Role Based Access Control (RBAC) avialable at, csrc.nist.gov\/rbac\/"},{"key":"15_CR33","unstructured":"Schabetsberger, T.: Reference Implementation of a Shared Electr. Health Record Using Med. Data Grids with an RBAC Based Security Model. In: Proc. of the 2nd AGRID Symp. in conj. with 6th Austrian-Hungarian Workshop on Distributed and Parallel Syst. (2007)"},{"key":"15_CR34","unstructured":"Joint\u00a0NEMA\/COCIR\/JIRA Sec. and Priv. Committee. Break-Glass \u2013 An Approach to Granting Emergency Access to Healthcare Systems, http:\/\/www.nema.org\/prod\/med\/security\/"},{"key":"15_CR35","unstructured":"SECTETPL : A Predicative Language for the Specification of Access Rights available at, http:\/\/qe-informatik.uibk.ac.at\/~muhammad\/TechnicalReportSECTETPL.pdf"},{"key":"15_CR36","volume-title":"Trusted Computing Platforms: TCPA Technology in Context","author":"S. Pearson","year":"2002","unstructured":"Pearson, S.: Trusted Computing Platforms: TCPA Technology in Context. Prentice Hall PTR, Upper Saddle River (2002)"},{"key":"15_CR37","doi-asserted-by":"crossref","unstructured":"Straub, T.: Usability Challenges of PKI (2005)","DOI":"10.1145\/1041280.1041287"},{"key":"15_CR38","doi-asserted-by":"crossref","unstructured":"Vogt, G.: Multiple Authorization \u2013 A Model and Arch. for Increased, Practical Security. In: Proc. of the IFIP\/IEEE 8th Int. Symp. on Integrated Network Management (IM 2003), Colorado Springs, USA, March 2003, pp. 109\u2013112. IFIP\/IEEE, Kluwer Academic Publishers (2003)","DOI":"10.1109\/INM.2003.1194167"},{"key":"15_CR39","unstructured":"Xacml v3.0 administration policy working draft 05 (December 2005), http:\/\/www.oasis-open.org\/committees\/documents.php?wg_abbrev=xacml"},{"key":"15_CR40","unstructured":"Yao, W.: Trust Management for Widely Distributed Systems. PhD thesis, University of Cambridge (2003)"}],"container-title":["Lecture Notes in Computer Science","Models in Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-69073-3_15.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,31]],"date-time":"2025-01-31T11:56:50Z","timestamp":1738324610000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-69073-3_15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["9783540690696","9783540690733"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-69073-3_15","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[]}}