Research Article
An Authoring Framework for Security Policies: A Use-Case within the Healthcare Domain
@INPROCEEDINGS{10.1007/978-3-642-23635-8_1, author={Thomas Trojer and Basel Katt and Florian Wozak and Thomas Schabetsberger}, title={An Authoring Framework for Security Policies: A Use-Case within the Healthcare Domain}, proceedings={Electronic Healthcare. Third International Conference, eHealth 2010, Casablanca, Morocco, December 13-15, 2010, Revised Selected Papers}, proceedings_a={E-HEALTH}, year={2012}, month={10}, keywords={Security policy EHR Policy authoring Usability Model-driven engineering}, doi={10.1007/978-3-642-23635-8_1} }
- Thomas Trojer
Basel Katt
Florian Wozak
Thomas Schabetsberger
Year: 2012
An Authoring Framework for Security Policies: A Use-Case within the Healthcare Domain
E-HEALTH
Springer
DOI: 10.1007/978-3-642-23635-8_1
Abstract
Traditionally, the definition and the maintenance of security and access control policies has been the exclusive task of system administrators or security officers. In modern distributed and heterogeneous systems, there exist the need to allow different stakeholders to create and edit their security and access control preferences. In order to solve this problem two main challenges need to be met. First, authoring tools with different user interfaces should be designed and adapted to meet domain background and the degree of expertise of each stakeholder. For example, policy authoring tools for a patient or a doctor should be user friendly and not contain any technical details, while those for a security administrators can be more sophisticated, containing more details. Second, conflicts that can arise among security policies defined by different stakeholders must be considered by these authoring tools on runtime. Furthermore, warnings and assisting messages must be provided to help defining correct policies and to avoid potential security risks. Towards meeting these challenges, we propose an authoring framework for security policies. This framework enables building authoring tools that take into consideration the views of different stakeholders.