設計易調整的電子病歷存取控管機制

學術產出-Theses

Article View/Open

pdf(703)pdf(829)pdf(880)pdf(943)pdf(1274)pdf(1127)pdf(959)pdf(987)pdf(840)pdf(804)pdf(769)

Publication Export

Google Scholar^TM

政大圖書館

學術資源探索系統

Citation Infomation

No doi shows Citation Infomation

Simple Record
Full Record

題名	設計易調整的電子病歷存取控管機制 Using Aspects to Implement Adaptable Access Control for Electronic Medical Records
作者	張淵鈞 Chang, Yuan-chun
貢獻者	陳恭 Chen, Kung 張淵鈞 Chang, Yuan-chun
關鍵詞	剖面導向程式設計電子病歷存取控管 Aspect Oriented Programming Electronic Medical Records Access Control
日期	2005
上傳時間	17-Sep-2009 13:56:00 (UTC+8)
摘要	存取控管是電子病歷 (Electronic Medical Records, EMR)安全防護的核心課題。為了因應醫病關係的變動及確保病患隱私，EMR的存取控管必須滿足動態和細緻化這兩大需求。但這樣的需求並不容易實現，因為負責存取控管的程式碼具有橫跨 (cross-cutting)的特性，必須嵌入到應用系統的各個模組，很容易與應用邏輯發生夾雜不清的現象。礙於現有的程式機制和開發工具對於這樣的安全需求無法提供有效的支援，因此本研究將以剖面導向程式設計 (Aspect Oriented Programming，AOP)技術為基礎，設計一個宣告式EMR安全控管方法，。在我們的方法中，安全控管邏輯將從EMR系統的核心抽離，並且匯集到單一的剖面 (Aspect)模組，使原有的系統更加模組化 (modularity)。此外，利用我們開發的存取控管程式碼產生器，安全管理者可以藉由宣告組態檔的方式產生EMR的存取控管程式碼。如此一來，安全管理者不僅可以容易地掌握全局、減少分散管理可能造成的疏失，更可以大幅減少維護EMR存取安全所需的時間及成本。 This paper presents an aspect-oriented approach to providing adaptable access control framework for Electronic Medical Records (EMR) on Web-based platform. In our scheme, access control logic is decoupled from the core of application and collected into separate aspect modules which are automatically synthesized from access control rules in XML format and properly designed aspect templates. The generated aspect modules will then be compiled and integrated into the underlying application using standard aspect tools. At runtime, these aspect codes will be executed to enforce the required access control without any runtime interpretation overhead. Future changes of access control rules can also be effectively realized through these mechanisms without actual coding. This will not only improve the system’s modularity but also make the task of enforcing comprehensive access control more adaptable.
參考文獻	【1】 B. De Win, F. Piessens, W. Joosen and T. Verhanneman. 2002. On the importance of the separation-of-concerns principle in secure software engineering, ACSA Workshop on the Application of Engineering Principles to System Security Design 1-10. 【2】 H. Ossher and P. Tarr. 2001. Using multidimensional separation of concerns to shape evolving software, Communications of the ACM, vol. 44, no. 10 43-50. 【3】 Patient Privacy Rights. The Important Issues Privacy in Health Care. http://www.patientprivacyrights.org/site/PageServer?pagename=The_Important_Issues. 【4】 HIPAA. http://www.cms.hhs.gov/hipaa. 【5】 G. Kiczales, J. Lamping, A. Menhdhekar, C. Maeda, C. Lopes, J.-M. Loingtier, and J. Irwin. 1997. Aspect-Oriented Programming. ECOOP `97, LNCS 1241 220-242. 【6】 Sun Microsystems, Inc. The Essentials of Filters. http://java.sun.com/products/servlet/Filters.html. 【7】 S Probst, J Kueng. 2004. The Need for Declarative Security Mechanisms. IEEE Proceedings of the 30th EUROMICRO Conference . 【8】 Sun Microsystems, Inc. Java Authentication and Authorization Service (JAAS). http://java.sun.com/products/jaas/index.jsp. 【9】 Sun Microsystem, Inc. Java 2 Platform, Enterprise Edition (J2EE). http://java.sun.com/j2ee/. 【10】 OASIS. eXtensible Access Control Markup Languages (XACML). http://www.oasis-open.org/specs/index.php. 【11】 K. Beznosov. 2000. Engineering Access Control in Distributed Applications. PhD thesis, Florida International University, Miami, FL. 【12】 R. Sandhu, E. Coyne, H. Feinstein, and C. Youman. 1996. Role-based access control models. IEEE Computer 29:2:38–47. 【13】 B. De Win and B. De Decker. 2001. Building Frameworks in AspectJ. Workshop on Advanced Separation of Concerns 1-6. 【14】 Goodwin, R., Goh, S.F. and Wu, F.Y. 2002. Instance-level access control for business-to-business electronic commerce. IBM System Journal, vol. 41, no. 2. 【15】 K. Chen and C.W. Lin. 2006. An Aspect-Oriented Approach to Declarative Access Control for Web Applications. APWeb 2006, LNCS 3841. 【16】 G. Kiczales, E. Hilsdale, J. Hugunin, M. Kersten, J. Palm, and W.G. Griswold. 2001. Getting Started with AspectJ, Comm. of ACM, vol. 44, no. 10 59-65. 【17】 Tai-Wei Lin. 2002. Java Architecture for XML Binding：A Primer. http://developer.java.sun.com/developer/technicalArticles/xml/jaxb/. 【18】 E-Taiwan Project. http://www.etaiwanexpo.nat.gov.tw/government/ 01about/abo_c02.asp?bull_id=93. 【19】 W.S. Jian et al.. The Development of Taiwan Electronic Medical Record Template. http://emr.doh.gov.tw/htm?l/kaisya-annai.html. 【20】 E. Gamma, R. Helm, R. Johnson, J. 1995. Vlissides: Design Patterns. A.W. L. ISBN0-201-63361-2. 【21】 Roger Whitney. Advanced Object-Oriented Design and Programming. http://www.eli.sdsu.edu/courses/spring01/cs635/notes/visitor/. 【22】 The Apache Struts Web Application Framework. http://struts.apache.org/. 【23】 K. Chen, and C.H. Huang. A Practical Aspect Framework for Enforcing Fine-GrainedAccess Control in Web Applications. First Information Security Practice and Experience Conference 156-167. 【24】 K. Chen and D.W. Wang. 2004. Toward Configurable Access Control for Healthcare Information Systems. Medical Information System in Taiwan 2004. 【25】 T. Verhanneman, L. Jaco, B. De Win, F. Piessens, and W. Joosen. 2003. Adaptable Access Control Policies for Medical Information Systems. Proc. of Distributed Applications and Interoperable Systems LNCS 2893 133-140. 【26】 M. Kudo and S. Hada. 2000. XML Document Security Based on Provisional Authorization. In Proceedings of the 7th ACM conference on Computer and communications security. 【27】 E. Damiani, P. Samarati. 2002. A Fine Grained Access Control System for XML Documents. ACM Transactions on Information and System Security. 【28】 J. Farrell and S. Hinkelman. 2004. XML Schema Design Guindlines. MedBiquitous Technical Steering Committee. 【29】 Mark. Curphey. 2002. A Guide to Building Secure Web Applicationss. The Open Web Applications Security Project Version 1.1. 【30】 C. Lai, L. Gong, L. Koved, A. Nadalin, and R. Schemers. 1999. User Authentication And Authorization In The Java Platform. Proceedings of Annual Computer Security Applications Conference 285-290.
描述	碩士國立政治大學資訊科學學系 93753005 94
資料來源	http://thesis.lib.nccu.edu.tw/record/#G0093753005
資料類型	thesis

dc.contributor.advisor	陳恭	zh_TW
dc.contributor.advisor	Chen, Kung	en_US
dc.contributor.author (Authors)	張淵鈞	zh_TW
dc.contributor.author (Authors)	Chang, Yuan-chun	en_US
dc.creator (作者)	張淵鈞	zh_TW
dc.creator (作者)	Chang, Yuan-chun	en_US
dc.date (日期)	2005	en_US
dc.date.accessioned	17-Sep-2009 13:56:00 (UTC+8)	-
dc.date.available	17-Sep-2009 13:56:00 (UTC+8)	-
dc.date.issued (上傳時間)	17-Sep-2009 13:56:00 (UTC+8)	-
dc.identifier (Other Identifiers)	G0093753005	en_US
dc.identifier.uri (URI)	https://nccur.lib.nccu.edu.tw/handle/140.119/32648	-
dc.description (描述)	碩士	zh_TW
dc.description (描述)	國立政治大學	zh_TW
dc.description (描述)	資訊科學學系	zh_TW
dc.description (描述)	93753005	zh_TW
dc.description (描述)	94	zh_TW
dc.description.abstract (摘要)	存取控管是電子病歷 (Electronic Medical Records, EMR)安全防護的核心課題。為了因應醫病關係的變動及確保病患隱私，EMR的存取控管必須滿足動態和細緻化這兩大需求。但這樣的需求並不容易實現，因為負責存取控管的程式碼具有橫跨 (cross-cutting)的特性，必須嵌入到應用系統的各個模組，很容易與應用邏輯發生夾雜不清的現象。礙於現有的程式機制和開發工具對於這樣的安全需求無法提供有效的支援，因此本研究將以剖面導向程式設計 (Aspect Oriented Programming，AOP)技術為基礎，設計一個宣告式EMR安全控管方法，。在我們的方法中，安全控管邏輯將從EMR系統的核心抽離，並且匯集到單一的剖面 (Aspect)模組，使原有的系統更加模組化 (modularity)。此外，利用我們開發的存取控管程式碼產生器，安全管理者可以藉由宣告組態檔的方式產生EMR的存取控管程式碼。如此一來，安全管理者不僅可以容易地掌握全局、減少分散管理可能造成的疏失，更可以大幅減少維護EMR存取安全所需的時間及成本。	zh_TW
dc.description.abstract (摘要)	This paper presents an aspect-oriented approach to providing adaptable access control framework for Electronic Medical Records (EMR) on Web-based platform. In our scheme, access control logic is decoupled from the core of application and collected into separate aspect modules which are automatically synthesized from access control rules in XML format and properly designed aspect templates. The generated aspect modules will then be compiled and integrated into the underlying application using standard aspect tools. At runtime, these aspect codes will be executed to enforce the required access control without any runtime interpretation overhead. Future changes of access control rules can also be effectively realized through these mechanisms without actual coding. This will not only improve the system’s modularity but also make the task of enforcing comprehensive access control more adaptable.	en_US
dc.description.tableofcontents	第一章導論..................................................1 1.1 研究動機............................................1 1.2 研究目的............................................3 1.3 研究目標............................................4 1.4 本研究之貢獻........................................4 1.5 本研究之限制........................................4 1.6 本論文之章節架構....................................5 第二章相關研究與技術背景....................................6 2.1 Servlet Filter......................................7 2.2 宣告式安全機制 (Declarative Security Mechanisms)....9 2.3 Java Authentication and Authorization Service (JAAS)9 2.4 J2EE Declarative Security...........................11 2.5 可延伸性存取控制標示語言 (eXtensible Access Control Markup Language, XACML)......................................12 2.6 其它相關研究........................................14 2.7 Aspect-Oriented Programming (AOP) 和 AspectJ.......15 2.8 Java Architecture for XML Binding (JAXB)............17 2.9 台灣電子醫療記錄樣板 (Taiwan Electronic Medical Record Template, TMT)........................................18 2.10 樣式理論 (Design Patterns)和訪問者樣式 (Visitor Pattern).....................................................19 第三章 AACEMR之實現方式與系統架構............................21 3.1 AACEMR的系統架構....................................22 3.2 存取控管的層次......................................23 3.3 EMR的存取控管模型及規則.............................24 3.4 存取控管剖面樣板 (Access Control Aspect Templates)..28 3.5 電子病歷的存取控管框架 (Access Control Framework for EMR) ....................................................32 第四章存取控管規則及應用程式規格的描述語言..................36 4.1 存取控管規則描述語言 (Access Control Rule Language).36 4.2 應用程式規格 (Application Specification)............43 第五章存取控管規則的轉換....................................51 5.1 規則轉換流程........................................51 5.2 剖面樣板的選擇......................................54 5.3 覆寫分析及Visitor類別的產生.........................55 5.4 存取控管規則的檢查方式..............................57 5.5 研究平台：EMR系統原型...............................59 5.6 範例說明............................................62 第六章結論..................................................68 參考文獻.....................................................70 附錄A、Abstract Aspects & Aspect Templates...................73 附錄B、Access Control Framework of EMR.......................80 附錄C、XML Schema of Configuration Files.....................82 附錄D、The Syntax of Constraint..............................92 附錄E、The Example of Adaptable Access Control...............93	zh_TW
dc.format.extent	61387 bytes	-
dc.format.extent	75788 bytes	-
dc.format.extent	81501 bytes	-
dc.format.extent	116480 bytes	-
dc.format.extent	239373 bytes	-
dc.format.extent	409721 bytes	-
dc.format.extent	482624 bytes	-
dc.format.extent	508032 bytes	-
dc.format.extent	80905 bytes	-
dc.format.extent	57243 bytes	-
dc.format.extent	153777 bytes	-
dc.format.mimetype	application/pdf	-
dc.format.mimetype	application/pdf	-
dc.format.mimetype	application/pdf	-
dc.format.mimetype	application/pdf	-
dc.format.mimetype	application/pdf	-
dc.format.mimetype	application/pdf	-
dc.format.mimetype	application/pdf	-
dc.format.mimetype	application/pdf	-
dc.format.mimetype	application/pdf	-
dc.format.mimetype	application/pdf	-
dc.format.mimetype	application/pdf	-
dc.language.iso	en_US	-
dc.source.uri (資料來源)	http://thesis.lib.nccu.edu.tw/record/#G0093753005	en_US
dc.subject (關鍵詞)	剖面導向程式設計	zh_TW
dc.subject (關鍵詞)	電子病歷	zh_TW
dc.subject (關鍵詞)	存取控管	zh_TW
dc.subject (關鍵詞)	Aspect Oriented Programming	en_US
dc.subject (關鍵詞)	Electronic Medical Records	en_US
dc.subject (關鍵詞)	Access Control	en_US
dc.title (題名)	設計易調整的電子病歷存取控管機制	zh_TW
dc.title (題名)	Using Aspects to Implement Adaptable Access Control for Electronic Medical Records	en_US
dc.type (資料類型)	thesis	en
dc.relation.reference (參考文獻)	【1】 B. De Win, F. Piessens, W. Joosen and T. Verhanneman. 2002. On the importance of the separation-of-concerns principle in secure software engineering, ACSA Workshop on the Application of Engineering Principles to System Security Design 1-10.	zh_TW
dc.relation.reference (參考文獻)	【2】 H. Ossher and P. Tarr. 2001. Using multidimensional separation of concerns to shape evolving software, Communications of the ACM, vol. 44, no. 10 43-50.	zh_TW
dc.relation.reference (參考文獻)	【3】 Patient Privacy Rights. The Important Issues Privacy in Health Care. http://www.patientprivacyrights.org/site/PageServer?pagename=The_Important_Issues.	zh_TW
dc.relation.reference (參考文獻)	【4】 HIPAA. http://www.cms.hhs.gov/hipaa.	zh_TW
dc.relation.reference (參考文獻)	【5】 G. Kiczales, J. Lamping, A. Menhdhekar, C. Maeda, C. Lopes, J.-M. Loingtier, and J. Irwin. 1997. Aspect-Oriented Programming. ECOOP `97, LNCS 1241 220-242.	zh_TW
dc.relation.reference (參考文獻)	【6】 Sun Microsystems, Inc. The Essentials of Filters. http://java.sun.com/products/servlet/Filters.html.	zh_TW
dc.relation.reference (參考文獻)	【7】 S Probst, J Kueng. 2004. The Need for Declarative Security Mechanisms. IEEE Proceedings of the 30th EUROMICRO Conference .	zh_TW
dc.relation.reference (參考文獻)	【8】 Sun Microsystems, Inc. Java Authentication and Authorization Service (JAAS). http://java.sun.com/products/jaas/index.jsp.	zh_TW
dc.relation.reference (參考文獻)	【9】 Sun Microsystem, Inc. Java 2 Platform, Enterprise Edition (J2EE). http://java.sun.com/j2ee/.	zh_TW
dc.relation.reference (參考文獻)	【10】 OASIS. eXtensible Access Control Markup Languages (XACML). http://www.oasis-open.org/specs/index.php.	zh_TW
dc.relation.reference (參考文獻)	【11】 K. Beznosov. 2000. Engineering Access Control in Distributed Applications. PhD thesis, Florida International University, Miami, FL.	zh_TW
dc.relation.reference (參考文獻)	【12】 R. Sandhu, E. Coyne, H. Feinstein, and C. Youman. 1996. Role-based access control models. IEEE Computer 29:2:38–47.	zh_TW
dc.relation.reference (參考文獻)	【13】 B. De Win and B. De Decker. 2001. Building Frameworks in AspectJ. Workshop on Advanced Separation of Concerns 1-6.	zh_TW
dc.relation.reference (參考文獻)	【14】 Goodwin, R., Goh, S.F. and Wu, F.Y. 2002. Instance-level access control for business-to-business electronic commerce. IBM System Journal, vol. 41, no. 2.	zh_TW
dc.relation.reference (參考文獻)	【15】 K. Chen and C.W. Lin. 2006. An Aspect-Oriented Approach to Declarative Access Control for Web Applications. APWeb 2006, LNCS 3841.	zh_TW
dc.relation.reference (參考文獻)	【16】 G. Kiczales, E. Hilsdale, J. Hugunin, M. Kersten, J. Palm, and W.G. Griswold. 2001. Getting Started with AspectJ, Comm. of ACM, vol. 44, no. 10 59-65.	zh_TW
dc.relation.reference (參考文獻)	【17】 Tai-Wei Lin. 2002. Java Architecture for XML Binding：A Primer. http://developer.java.sun.com/developer/technicalArticles/xml/jaxb/.	zh_TW
dc.relation.reference (參考文獻)	【18】 E-Taiwan Project. http://www.etaiwanexpo.nat.gov.tw/government/	zh_TW
dc.relation.reference (參考文獻)	01about/abo_c02.asp?bull_id=93.	zh_TW
dc.relation.reference (參考文獻)	【19】 W.S. Jian et al.. The Development of Taiwan Electronic Medical Record Template. http://emr.doh.gov.tw/htm?l/kaisya-annai.html.	zh_TW
dc.relation.reference (參考文獻)	【20】 E. Gamma, R. Helm, R. Johnson, J. 1995. Vlissides: Design Patterns. A.W. L. ISBN0-201-63361-2.	zh_TW
dc.relation.reference (參考文獻)	【21】 Roger Whitney. Advanced Object-Oriented Design and Programming. http://www.eli.sdsu.edu/courses/spring01/cs635/notes/visitor/.	zh_TW
dc.relation.reference (參考文獻)	【22】 The Apache Struts Web Application Framework. http://struts.apache.org/.	zh_TW
dc.relation.reference (參考文獻)	【23】 K. Chen, and C.H. Huang. A Practical Aspect Framework for Enforcing Fine-GrainedAccess Control in Web Applications. First Information Security Practice and Experience Conference 156-167.	zh_TW
dc.relation.reference (參考文獻)	【24】 K. Chen and D.W. Wang. 2004. Toward Configurable Access Control for Healthcare Information Systems. Medical Information System in Taiwan 2004.	zh_TW
dc.relation.reference (參考文獻)	【25】 T. Verhanneman, L. Jaco, B. De Win, F. Piessens, and W. Joosen. 2003. Adaptable Access Control Policies for Medical Information Systems. Proc. of Distributed Applications and Interoperable Systems LNCS 2893 133-140.	zh_TW
dc.relation.reference (參考文獻)	【26】 M. Kudo and S. Hada. 2000. XML Document Security Based on Provisional Authorization. In Proceedings of the 7th ACM conference on Computer and communications security.	zh_TW
dc.relation.reference (參考文獻)	【27】 E. Damiani, P. Samarati. 2002. A Fine Grained Access Control System for XML Documents. ACM Transactions on Information and System Security.	zh_TW
dc.relation.reference (參考文獻)	【28】 J. Farrell and S. Hinkelman. 2004. XML Schema Design Guindlines. MedBiquitous Technical Steering Committee.	zh_TW
dc.relation.reference (參考文獻)	【29】 Mark. Curphey. 2002. A Guide to Building Secure Web Applicationss. The Open Web Applications Security Project Version 1.1.	zh_TW
dc.relation.reference (參考文獻)	【30】 C. Lai, L. Gong, L. Koved, A. Nadalin, and R. Schemers. 1999. User Authentication And Authorization In The Java Platform. Proceedings of Annual Computer Security Applications Conference 285-290.	zh_TW

學術產出-Theses

Article View/Open

Publication Export

Google ScholarTM

政大圖書館

Citation Infomation

Google Scholar^TM