Tracy McLean and Richard Sinnott
University of Birmingham, UK
University of Melbourne, Australia
Posters & Accepted Abstracts: J Health Med Informat
As web-based applications and services grow in size and complexity, traditional access control solutions based on the preliminary identification of users become inadequate for enforcing access control. This is the case in a clinical research environment where web service applications are often distributed and contain sensitive information. The increasing challenges to achieve specific information security goal such as fine-grained authorisation, confidentiality, integrity and non-repudiation may result in security vulnerabilities if not addressed. However, by applying best practice solutions, we demonstrate the use of security design patterns to describe reusable solutions to recurring security issues in clinical research. In this paper, we focus on the composition of clinical access control policies to enhance the authorisation flow of the AndroPhenome project at the University of Birmingham. The work exploits the extensible Access Control Markup Language (XACML) syntax to define the clinical security policies. To eliminate or mitigate the consequences of security vulnerabilities associated with access control, the constructs of the XACML policy elements including combining algorithms and obligations are used to deliver specific security features through a policy enforcement point (PEP) and policy decision point (PDP).
Email: tam146@bham.ac.uk
Journal of Health & Medical Informatics received 2700 citations as per Google Scholar report