Modelling and verifying dynamic access control policies in workflow-based healthcare systems
Access control system is an important component to protect patients’ information from abuse in a health care system. It is a major concern in the management, design, and development of healthcare systems. Designing access control policies for healthcare systems is complicated due to the dynamic and...
Saved in:
| Main Author: | |
|---|---|
| Format: | Article |
| Language: | en |
| Published: |
Penerbit Universiti Kebangsaan Malaysia
2020
|
| Online Access: | http://journalarticle.ukm.my/14836/1/01.pdf http://journalarticle.ukm.my/14836/ http://www.ukm.my/jkukm/volume-321-2020/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1834432512795869184 |
|---|---|
| author | Faruqui, Rokan Uddin |
| author_facet | Faruqui, Rokan Uddin |
| author_sort | Faruqui, Rokan Uddin |
| building | Tun Sri Lanang Library |
| collection | Institutional Repository |
| content_provider | Universiti Kebangsaan Malaysia |
| content_source | UKM Journal Article Repository |
| continent | Asia |
| country | Malaysia |
| description | Access control system is an important component to protect patients’ information from abuse in a health care system. It is a major concern in the management, design, and development of healthcare systems. Designing access control policies for healthcare systems is complicated due to the dynamic and inherent complexity of the tasks performed by the healthcare
personnel. Permissions in access control systems are usually granted on the basis of static policies. However, static policies are not enough to cope with various situations such as emergencies. Most often, the Break-the-glass mechanism is used to bypass static policies to handle emergency situations. Since healthcare systems are critical systems, where errors can be very costly in terms of lives, quality of life, and/or dollars, it is crucial to identify discrepancies between policy
specifications and their intended function to implement correctly a flexible access control system. Formal verifications are necessary for exhaustive verification and validation of policy specifications to ensure that the policy specifications
truly encapsulate the desires of the policy authors. We present a verifiable framework to enact a dynamic access control model by integrating the ANSI/INCTIS RBAC Reference Model in a workflow and an approach for property verifications of
the access control model. Access control policies are expressed by the formal semantics of a model checker and properties are verified by the DiVinE model checker. |
| format | Article |
| id | my-ukm.journal.14836 |
| institution | Universiti Kebangsaan Malaysia |
| language | en |
| publishDate | 2020 |
| publisher | Penerbit Universiti Kebangsaan Malaysia |
| record_format | eprints |
| spelling | my-ukm.journal.148362020-07-10T08:01:00Z http://journalarticle.ukm.my/14836/ Modelling and verifying dynamic access control policies in workflow-based healthcare systems Faruqui, Rokan Uddin Access control system is an important component to protect patients’ information from abuse in a health care system. It is a major concern in the management, design, and development of healthcare systems. Designing access control policies for healthcare systems is complicated due to the dynamic and inherent complexity of the tasks performed by the healthcare personnel. Permissions in access control systems are usually granted on the basis of static policies. However, static policies are not enough to cope with various situations such as emergencies. Most often, the Break-the-glass mechanism is used to bypass static policies to handle emergency situations. Since healthcare systems are critical systems, where errors can be very costly in terms of lives, quality of life, and/or dollars, it is crucial to identify discrepancies between policy specifications and their intended function to implement correctly a flexible access control system. Formal verifications are necessary for exhaustive verification and validation of policy specifications to ensure that the policy specifications truly encapsulate the desires of the policy authors. We present a verifiable framework to enact a dynamic access control model by integrating the ANSI/INCTIS RBAC Reference Model in a workflow and an approach for property verifications of the access control model. Access control policies are expressed by the formal semantics of a model checker and properties are verified by the DiVinE model checker. Penerbit Universiti Kebangsaan Malaysia 2020-02 Article PeerReviewed application/pdf en http://journalarticle.ukm.my/14836/1/01.pdf Faruqui, Rokan Uddin (2020) Modelling and verifying dynamic access control policies in workflow-based healthcare systems. Jurnal Kejuruteraan, 32 (1). pp. 1-7. ISSN 0128-0198 http://www.ukm.my/jkukm/volume-321-2020/ |
| spellingShingle | Faruqui, Rokan Uddin Modelling and verifying dynamic access control policies in workflow-based healthcare systems |
| title | Modelling and verifying dynamic access control policies in workflow-based healthcare systems |
| title_full | Modelling and verifying dynamic access control policies in workflow-based healthcare systems |
| title_fullStr | Modelling and verifying dynamic access control policies in workflow-based healthcare systems |
| title_full_unstemmed | Modelling and verifying dynamic access control policies in workflow-based healthcare systems |
| title_short | Modelling and verifying dynamic access control policies in workflow-based healthcare systems |
| title_sort | modelling and verifying dynamic access control policies in workflow-based healthcare systems |
| url | http://journalarticle.ukm.my/14836/1/01.pdf http://journalarticle.ukm.my/14836/ http://www.ukm.my/jkukm/volume-321-2020/ |
| url_provider | http://journalarticle.ukm.my/ |