Istituto di Scienza e Tecnologie dell'Informazione     
Asirelli P., Braccini G., Coco A., Fabbrini F. Role-based security policies management: a health care example. Technical report, 2001.
In this paper, an approach is presented to modelling the security policy of a health care department by means of a deductive database tool. The goal of a security policy is to provide a reliable mechanism for information sharing, at the same time ensuring its confidentiality, integrity and availability. Once a policy has been defined, it is essential to be able to verify that it really meets the security requirements and prevents any undesired situations. The aim here is to build a tool to help the security administrator of a health care organisation to handle (define, verify, modify) its security policy. After investigating a number of available security policy models, a role-based approach has been considered and specified in a logical form handled by a logic database management system. Thus, the role−based model specification becomes executable and various properties of the policy can be verified together with its adequacy with respect to the expected behaviour. The approach has been inspired by the security policy for the Radiological Department of the "Lotti" Hospital in Pontedera, Pisa.
Subject Information flow controls
Logic programming
D.4.6 Security and Protection: Access controls
Security kernel
H.2.0 General: Security, integrity and protection
I.2.3 Deduction and Theorem Proving: Deduction
J.3 Life and Medical Sciences: Health
K.4.1 Public Policy Issues: Privacy
K.6.5 Security and Protection: Physical security

Icona documento 1) Download Document PDF

Icona documento Open access Icona documento Restricted Icona documento Private


Per ulteriori informazioni, contattare: Librarian http://puma.isti.cnr.it

Valid HTML 4.0 Transitional