Requirements-based Access Control Analysis and Policy Specification (ReCAPS)

He, Qingfeng; Antón, Annie I.

doi:10.1016/j.infsof.2008.11.005

Cited by 28 publications

(23 citation statements)

References 33 publications

(60 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Covered Entities (CE) or Business Associates (BA) should consider multiple factor for administrative access e.g. two-factor authentication to enhance HIPAA compliance [18]. Above tactic can be called as access control tactic under HIPAA.…”

Section: A Am 1 Access Controlmentioning

confidence: 99%

Compliance-Driven Architecture for Healthcare Industry

Gardazi¹,

Shahid²

2017

ijacsa

View full text Add to dashboard Cite

Abstract-The United States (US) healthcare organizations are continuously struggling to cope-up with evolving regulatory requirements e.g. Health Information Technology for Economic and Clinical Health Act (HITECH) and International Organization for Standardization (ISO) 9001: 2015. These requirements are not only affecting the US healthcare industry but also other industries as well e.g. software industry that provides software products and services to healthcare organizations. It is vital for software companies to ensure and comply with applicable regulatory requirements. These evolving regulatory requirements may affect all phases of software development lifecycle including software architecture. It is difficult for Software architects to transform and trace regulatory requirements at software architecture level due to the absence of software design and architectural mechanisms. We have composed architectural mechanisms from given set of information security regulations i.e. Health Insurance Portability and Accountability Act (HIPAA) non-functional requirements, and these composed mechanisms were used to initiate initial architecture for the Electronic Health Record (EHR) and/or Health Level Seven (HL7). At next, style was selected for compliant and non-compliant software architecture. A layer of compliance was introduced in existing layered style that intends to help software companies to track compliance at software architecture level. Further, we have evaluated compliance-driven EHR architecture vs. non-compliant EHR architecture using a large healthcare billing and IT company with offices on three continents as a case study.

show abstract

Section: A Am 1 Access Controlmentioning

confidence: 99%

Compliance-Driven Architecture for Healthcare Industry

Gardazi¹,

Shahid²

2017

ijacsa

View full text Add to dashboard Cite

show abstract

“…Several approaches have been proposed to derive access control policies from requirement specifications, but none of them focuses on the automatic generation of data protection policies. He and Anton [13] propose Requirements-based Access Control Analysis and Policy Specification (ReCAPS). The method provides guidelines for identifying access rules elements from the requirements specifications and for detecting and resolving conflicts among the rules based on a set of heuristics.…”

Section: Related Workmentioning

confidence: 99%

PERSONA - A Personalized Data Protection Framework

Egea

Paci

Petrocchi

et al. 2013

Trust Management VII

View full text Add to dashboard Cite

Abstract. The European Directive on Data Protection recognizes the right of data subjects to control the usage of their information. However, to date there are no data protection solutions that involve data subjects in the definition and enforcement of data protection policies. In this paper we present the foundation of a novel approach to personalized data protection in which users play a central role in the authoring and enforcement of the policies governing the access and usage to their data. We discuss the challenges of designing a personalized data protection framework using personalized medicine as an illustrative scenario.

show abstract

“…In the context of security, modeling vulnerabilities, failures and countermeasures [18][19][20][21], security requirements and their potential conflicts with other functional and non-functional requirements, application of standards [22,23], access control policies and requirements [24,25] and policy description languages [7,[26][27][28] have been mainly addressed.…”

Section: Related Workmentioning

confidence: 99%

Deriving implementation-level policies for usage control enforcement

Kumari

Pretschner

2012

Proceedings of the Second ACM Conference on Data and Application Security and Privacy

View full text Add to dashboard Cite

Usage control is concerned with how data is used after access to it has been granted. As such, it is particularly relevant to end users who own the data. System implementations of access and usage control enforcement mechanisms, however, do not always adequately reflect end user requirements. This is due to several reasons, one of which is the problem of mapping concepts in the end user's domain to technical events and artifacts. For instance, semantics of basic operators such as "copy" or "delete", which are fundamental for specifying privacy policies, tend to vary according to context. For this reason they can be mapped to different sets of system events. The behaviour users expect from the system, therefore, may differ from the actual behaviour. In this paper we present a translation of specification-level usage control policies into implementation-level policies which takes into account the precise semantics of domain-specific abstractions. A tool for automating the translation has also been implemented.

show abstract

Requirements-based Access Control Analysis and Policy Specification (ReCAPS)

Cited by 28 publications

References 33 publications

Compliance-Driven Architecture for Healthcare Industry

Compliance-Driven Architecture for Healthcare Industry

PERSONA - A Personalized Data Protection Framework

Deriving implementation-level policies for usage control enforcement

Contact Info

Product

Resources

About