@article{ec6d9f1a3296477f8d67e9e573081635,
title = "Audit-Based Access Control for Electronic Health Records",
abstract = "Traditional access control mechanisms aim to prevent illegal actions a-priori occurrence, i.e.before granting a request for a document. There are scenarios however where the security decision can not be made on the fly. For these settings we developed a language and a framework for a-posteriori access control. In this paper we show how the framework can be used in a practical scenario. In particular, we work out the example of an Electronic Health Record (EHR) system, we outline the full architecture needed for audit-based access control and we discuss the requirements and limitations of this approach concerning the underlying infrastructure and its users.",
keywords = "SCS-Cybersecurity, Distributed access control, Audit, Accountability, Electronic Health Record (EHR) systems",
author = "M.A.C. Dekker and S. Etalle",
year = "2006",
month = sep,
doi = "10.1016/j.entcs.2006.08.028",
language = "English",
volume = "168",
pages = "221--236",
journal = "Electronic notes in theoretical computer science",
issn = "1571-0661",
publisher = "Elsevier",
note = "2nd International Workshop on Views on Designing Complex Architectures, VODCA 2006, VODCA ; Conference date: 16-09-2006 Through 17-09-2006",
}