學術產出-期刊論文

文章檢視/開啟

書目匯出

Google ScholarTM

政大圖書館

引文資訊

TAIR相關學術產出

題名 Aspect-oriented design and implementation of adaptable access control for Electronic Medical Records
作者 Chen, Kung
陳恭
Chang, Y.-C.
貢獻者 資科系
關鍵詞 Access control logic; Aspect-J; Aspect-oriented; Aspect-oriented designs; Aspect-oriented programming; Dynamic adjustment; Electronic medical record; EMR systems; Implementation scheme; Prototype implementations; Runtimes; XML format; Computer systems programming; Electric relays; Medical computing; Program interpreters; Security systems; Software prototyping; Synthesis (chemical); Access control; access to information; article; aspect oriented programming; computer program; electronic medical record; human; medical informatics; medical information system; priority journal; web browser; Access to Information; Computer Communication Networks; Confidentiality; Electronic Health Records; Internet; Software; Taiwan
日期 2010-03
上傳時間 18-六月-2015 17:17:25 (UTC+8)
摘要 Objectives: Maintaining proper access control to Electronic Medical Records (EMR) is essential to protecting patients` privacy. We aim to develop mechanisms and tools that can support fine-grained and adaptable access control for EMR. Method: This paper presents an aspect-oriented design and implementation scheme to providing adaptable access control for Web-based EMR systems. In our scheme, access control logic is decoupled from the core of the EMR application and collected into separate aspect modules which are automatically synthesized from access control rules in XML format and properly designed aspect templates. The generated aspect modules will then be compiled and integrated into the underlying EMR application using standard aspect tools. At runtime, these binary aspect modules will be executed to enforce the required access control. Future changes of access control rules can also be effectively realized through these mechanisms without actual coding. Results: A structured form of access control rules based on the Taiwan Electronic Medical Record Template, a suite of abstract aspects and templates for enforcing access control and a translator for synthesizing the complete access control code in AspectJ from such access control rules and aspect templates. We have also built a Web-based EMR prototype implementation to demonstrate our approach. Conclusion: Our approach can not only accommodate a wide range of fine-grained access control requirements but also enforce them in a modular and easy to adapt manner without incurring extra performance overhead due to rule interpretation. The use of aspect-oriented technology to provide adaptable access control for EMR is a promising approach. We have further enhanced our scheme with a mechanism for dynamic adjustment of access control rules. Other tools for authoring and analyzing the access control rules are the main parts of our future work. © 2010 Elsevier Ireland Ltd. All rights reserved.
關聯 International Journal of Medical Informatics,Volume 79, Issue 3, Pages 181-203
資料類型 article
DOI http://dx.doi.org/10.1016/j.ijmedinf.2009.12.007
dc.contributor 資科系-
dc.creator (作者) Chen, Kung-
dc.creator (作者) 陳恭zh_TW
dc.creator (作者) Chang, Y.-C.en_US
dc.date (日期) 2010-03-
dc.date.accessioned 18-六月-2015 17:17:25 (UTC+8)-
dc.date.available 18-六月-2015 17:17:25 (UTC+8)-
dc.date.issued (上傳時間) 18-六月-2015 17:17:25 (UTC+8)-
dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/75977-
dc.description.abstract (摘要) Objectives: Maintaining proper access control to Electronic Medical Records (EMR) is essential to protecting patients` privacy. We aim to develop mechanisms and tools that can support fine-grained and adaptable access control for EMR. Method: This paper presents an aspect-oriented design and implementation scheme to providing adaptable access control for Web-based EMR systems. In our scheme, access control logic is decoupled from the core of the EMR application and collected into separate aspect modules which are automatically synthesized from access control rules in XML format and properly designed aspect templates. The generated aspect modules will then be compiled and integrated into the underlying EMR application using standard aspect tools. At runtime, these binary aspect modules will be executed to enforce the required access control. Future changes of access control rules can also be effectively realized through these mechanisms without actual coding. Results: A structured form of access control rules based on the Taiwan Electronic Medical Record Template, a suite of abstract aspects and templates for enforcing access control and a translator for synthesizing the complete access control code in AspectJ from such access control rules and aspect templates. We have also built a Web-based EMR prototype implementation to demonstrate our approach. Conclusion: Our approach can not only accommodate a wide range of fine-grained access control requirements but also enforce them in a modular and easy to adapt manner without incurring extra performance overhead due to rule interpretation. The use of aspect-oriented technology to provide adaptable access control for EMR is a promising approach. We have further enhanced our scheme with a mechanism for dynamic adjustment of access control rules. Other tools for authoring and analyzing the access control rules are the main parts of our future work. © 2010 Elsevier Ireland Ltd. All rights reserved.-
dc.format.extent 4815018 bytes-
dc.format.mimetype application/pdf-
dc.relation (關聯) International Journal of Medical Informatics,Volume 79, Issue 3, Pages 181-203-
dc.subject (關鍵詞) Access control logic; Aspect-J; Aspect-oriented; Aspect-oriented designs; Aspect-oriented programming; Dynamic adjustment; Electronic medical record; EMR systems; Implementation scheme; Prototype implementations; Runtimes; XML format; Computer systems programming; Electric relays; Medical computing; Program interpreters; Security systems; Software prototyping; Synthesis (chemical); Access control; access to information; article; aspect oriented programming; computer program; electronic medical record; human; medical informatics; medical information system; priority journal; web browser; Access to Information; Computer Communication Networks; Confidentiality; Electronic Health Records; Internet; Software; Taiwan-
dc.title (題名) Aspect-oriented design and implementation of adaptable access control for Electronic Medical Records-
dc.type (資料類型) articleen
dc.identifier.doi (DOI) 10.1016/j.ijmedinf.2009.12.007-
dc.doi.uri (DOI) http://dx.doi.org/10.1016/j.ijmedinf.2009.12.007-