政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/29682
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  Items with full text/Total items : 113648/144635 (79%)
Visitors : 51623058      Online Users : 520
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: https://nccur.lib.nccu.edu.tw/handle/140.119/29682


    Title: 可動態調整的電子病歷存取控管機制
    A Dynamically Configurable Access Control Mechanism for Electronic Medical Records
    Authors: 許原瑞
    Hsu,Yuan Jui
    Contributors: 陳恭
    Chen, Kung
    許原瑞
    Hsu,Yuan Jui
    Keywords: 剖面導向
    可動態調整
    Aspect Oriented Programming
    Dynamically Configurable
    Date: 2006
    Issue Date: 2009-09-11 16:03:22 (UTC+8)
    Abstract: 在醫療系統中,存取控管是電子病歷安全防護的核心。針對這樣的議題,我們實驗室已經有設計出一種安全的架構,利用最新的程式開發技術,剖面導向程式設計為基礎,設計出一種宣告式電子病歷安全控管的方法。這樣的設計讓安全管理者可以有系統化的控制整個系統的安全存取。但是這樣的架構下,安全規則的變動必須經過好幾道複雜的手續,造成使用上彈性不足。

    本研究針對這樣的架構提出幾種改進的方式,使安全規則更動更具有彈性。主要分為兩方面,第一,針對安全規則的變數,設計可以彈性更動的方式,不需要為了更動變數而重複整個安全控管規則產生流程。第二,利用動態載入的功能,提出可以由外部Java程式寫好安全控管規則,在執行時候將該規則載入來判斷,如此對於複雜的安全控管規則也有修改的彈性。希望藉由這樣彈性的設計使我們設計的安全控管架構更能符合實際使用的需求。
    Maintaining proper access control to Electronic Medical Records (EMR) is essential to protecting patients’ privacy. However, the fine-grained and dynamic nature of access control rules for EMR has imposed great challenges on the healthcare information system developers. This thesis presents a dynamically configurable access control mechanism for Web-based EMR systems.It is an enhancement of a previous work in which static aspects are employed to enforce fine-grained access control for EMR. Specifically, we provide two additional kinds of dynamic adjustment mechanism to enhance the static access control aspects, namely dynamic parameters and dynamic constraints. If the scope of dynamic changes is small, dynamic parameters can realize the required changes. Otherwise, dynamic constraints can be used to support replacement of the access control enforcing code while allowing the EMR application running as usual. Consequently, system administrators have a fine range of choices with different trade-offs between flexibility and performance, namely fully static aspects, parameterized aspects using dynamic parameters and fully dynamic aspects using dynamic constraints. We have built a Web-based EMR prototype implementation using AspectJ to demonstrate our approach.
    Reference: [1] TMT(Taiwan Electronic Medical Record Template)
    http://emr.doh.gov.tw/introduce/introduce.html
    [2] H. Ossher And P. Tarr. 2001 Using multidimension separation of concerns to shape evolving software,Communications of the ACM, vol. 44, no. 10 43-50.
    [3] LUO Guang-chun,WANG Yan-hua,LU Xian-liang,et al.2003 A novel Web application frame developed by MVC[J].ACM SIGSOFT Software Engineering Notes,28(2): 1-3.
    [4] Apache Struts
    http://struts.apache.org/
    [5] Pascal Fradet,Mario Sudholt. AOP: towards a generic frameworkusing program transformation and analysis
    [6] Wim Vanderperren, Davy Suvee, Bart Verheecke, Maria Agustina Cibran, Viviane Jonckers .2005. Adaptive Programming in JAsCo. Communications of the ACM
    [7] Gregor Kiczales1, Erik Hilsdale2, Jim Hugunin2, Mik Kersten2,Jeffrey Palm2 and William G. Griswold3 .2004.An Overview of AspectJ
    [8] Apache Velocity Project
    http://velocity.apache.org/
    [9] Sheng Liang,Gilad Bracha.1998.Dynamic class loading in the Java virtual machine
    [10] Tai-Wei Lin.2002.Java Architecture for XML Binding
    http://java.sun.com/developer/technicalArticles/WebServices/jaxb/
    [11] K. Chen, and C.H. Huang. A Practical Aspect Framework for Enforcing Fine-GrainedAccess Control in Web Application. First Information Security Practice and Experience Conference.
    [12] Yuan-Chun Chang. Using Aspects to Implement Adaptable Access Control for Electronic Medical Records
    Description: 碩士
    國立政治大學
    資訊科學學系
    93971010
    95
    Source URI: http://thesis.lib.nccu.edu.tw/record/#G0093971010
    Data Type: thesis
    Appears in Collections:[Department of Computer Science ] Theses

    Files in This Item:

    File SizeFormat
    index.html0KbHTML2490View/Open


    All items in 政大典藏 are protected by copyright, with all rights reserved.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback