research-article

An approach to modular and testable security models of real-world health-care applications

Authors:
Achim D. Brucker

SAP Research, Karlsruhe, Germany

SAP Research, Karlsruhe, Germany
View Profile

,
Lukas Brügger

ETH Zurich, Zurich, Switzerland

ETH Zurich, Zurich, Switzerland
View Profile

,
Paul Kearney

BT Innovate & Design, Ipswich, United Kingdom

BT Innovate & Design, Ipswich, United Kingdom
View Profile

,
Burkhart Wolff

Université Paris-Sud, Paris, France

Université Paris-Sud, Paris, France
View Profile

SACMAT '11: Proceedings of the 16th ACM symposium on Access control models and technologiesJune 2011Pages 133–142https://doi.org/10.1145/1998441.1998461

Published:15 June 2011Publication History

SACMAT '11: Proceedings of the 16th ACM symposium on Access control models and technologies

Pages 133–142

ABSTRACT

We present a generic modular policy modelling framework and instantiate it with a substantial case study for model-based testing of some key security mechanisms of applications and services of the NPfIT. NPfIT, the National Programme for IT, is a very large-scale development project aiming to modernise the IT infrastructure of the NHS in England. Consisting of heterogeneous and distributed applications, it is an ideal target for model-based testing techniques of a large system exhibiting critical security features.

We model the four information governance principles, comprising a role-based access control model, as well as policy rules governing the concepts of patient consent, sealed envelopes and legitimate relationships. The model is given in Higher-order Logic (HOL) and processed together with suitable test specifications in the TestGen system, that generates test sequences according to them. Particular emphasis is put on the modular description of security policies and their generic combination and its consequences for model-based testing.

References

American National Standard for Information Technology -- Role Based Access Control. INCITS 359--2004.Google Scholar
R. Anderson. Database State. Joseph Rowntree Reform Trust Ltd, 2009. ISBN 9780954890247 (pbk.).Google Scholar
C. A. Ardagna, S. D. C. di Vimercati, S. Foresti, T. W. Grandison, S. Jajodia, and P. Samarati. Access control for smarter healthcare using policy spaces. Computers & Security, 2010.Google ScholarDigital Library
S. Barker. The next 700 access control models or a unifying meta-model? In SACMAT, pages 187--196. ACM Press, 2009. Google ScholarDigital Library
M. Y. Becker. A formal security policy for an NHS electronic health record service. Technical Report UCAM-CL-TR-628, University of Cambridge, 2005.Google Scholar
M. Y. Becker. Information governance in NHS's NPfIT: A case for policy specification. International Journal of Medical Informatics, 2007.Google ScholarCross Ref
M. Y. Becker. and P. Sewell. Cassandra: flexible trust management, applied to electronic health records. In CSF, pages 139--154. IEEE Computer Society, 2004. Google ScholarDigital Library
D. E. Bell and L. J. LaPadula. Secure computer systems: A mathematical model, volume II. In Journal of Computer Security 4, pages 229--263, 1996.Google Scholar
S. Brennan. The NHS IT project: the biggest computer programme in the world - ever! Radcliffe Publishing, 2005.Google Scholar
A. Browne. Lives ruined as NHS leaks patients' notes. The Observer, June 25th, 2000.Google Scholar
A. D. Brucker and B. Wolff. Symbolic test case generation for primitive recursive functions. In J. Grabowski and B. Nielsen, editors, FATES, number 3395 in LNCS, pages 16--32. Springer, 2004. Google ScholarDigital Library
A. D. Brucker and B. Wolff. Test-sequence generation with TestGen -- with an application to firewall testing. In B. Meyer and Y. Gurevich, editors, TAP, number 4454 in LNCS, pages 149--168. Springer, 2007. Google ScholarDigital Library
A. D. Brucker, L. Brügger, P. Kearney, and B. Wolff. Verified firewall policy transformations for test-case generation. In ICST, pages 345--354. IEEE Computer Society, 2010. Google ScholarDigital Library
A. D. Brucker, L. Brügger, M. P. Krieger, and B. Wolff. TestGen 1.5.0 user guide. Technical Report 670, ETH Zurich, 2010.Google Scholar
A. Church. A formulation of the simple theory of types. Journal of Symbolic Logic, 5 (2): 56--68, 1940.Google ScholarCross Ref
Department of Health. Confidentiality. Code of Practice, 2003.Google Scholar
Department of Health. The Care Record Guarantee. Our Guarantee for NHS Care Records in England, 2009.Google Scholar
Department of Health. Information Governance (IG) Concepts, 2010. http://www.connectingforhealth.nhs.uk/systemsandservices/infogov.Google Scholar
D. Eyers, J. Bacon, and K. Moody. OASIS role-based access control for electronic health records. In IEEE Software, volume 153, pages 16--23. IEE, 2006.Google ScholarCross Ref
H. Hu and G.-J. Ahn. Enabling verification and conformance testing for access control model. In SACMAT, pages 195--204. ACM Press, 2008. Google ScholarDigital Library
V. Hu, E. Martin, J. Hwang, and T. Xie. Conformance checking of access control policies specified in XACML. In COMPSAC, volume 2, pages 275--280, 2007. Google ScholarDigital Library
V. Hu, D. Kuhn, and T. Xie. Property verification for generic access control models. In EUC, volume 2, pages 243--250, 2008. Google ScholarDigital Library
A. A. E. Kalam, S. Benferhat, A. Miège, R. E. Baida, F. Cuppens, C. Saurel, P. Balbiani, Y. Deswarte, and G. Trouessin. Organization based access control. In POLICY, pages 120--131. IEEE Computer Society, 2003. Google ScholarDigital Library
J. Longstaff, M. Lockyer, and M. Thick. A model of accountability, confidentiality and override for healthcare and other applications. In Role-based access control, pages 71--76. ACM Press, 2000. Google ScholarDigital Library
E. Martin and T. Xie. Automated test generation for access control policies via change-impact analysis. In SESS, pages 5--5, 2007. Google ScholarDigital Library
T. Nipkow, L. C. Paulson, and M. Wenzel. Isabelle/HOL--A Proof Assistant for Higher-Order Logic, volume 2283 of phLNCS. Springer, 2002. Google ScholarDigital Library
OASIS. extensible access control markup language (XACML), version 2.0, 2005.Google Scholar
S. L. Peyton Jones and P. Wadler. Imperative functional programming. In POPL, pages 71--84. ACM Press, 1993. Google ScholarDigital Library
A. Pretschner, T. Mouelhi, and Y. Le Traon. Model-based tests for access control policies. In ICST, pages 338--347. IEEE Computer Society, 2008. Google ScholarDigital Library
R. Sandhu, V. Bhamidipati, and Q. Munawer. The ARBAC97 model for role-based administration of roles. ACM TISSEC, 2 (1): 105--135, 1999. Google ScholarDigital Library
J. M. Spivey. The Z Notation: A Reference Manual. Prentice Hall, Inc., 2nd edition, 1992. Google ScholarDigital Library
The Caldicott Committee. Report on the Review of Patient-Identifiable Information, 1997.Google Scholar
Y. L. Traon, T. Mouelhi, and B. Baudry. Testing security policies: Going beyond functional testing. In ISSRE, pages 93--102, 2007. Google ScholarDigital Library

Index Terms

An approach to modular and testable security models of real-world health-care applications
1. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Operating systems security

Recommendations

Web applications testing techniques: a systematic mapping study

Due to the importance of web application testing techniques for detecting faults and assessing quality attributes, many research papers were published in this field. For this reason, it became essential to analyse, classify and summarise the research in ...
Read More
Knowledge-based security testing of web applications by logic programming

This article introduces a new method for knowledge-based security testing by logic programming and the related tool implementation for model-based non-functional security testing of web applications. Our method helps to overcome the current prevalent ...
Read More
Formal firewall conformance testing: an application of test and proof techniques

Firewalls are an important means to secure critical ICT infrastructures. As configurable off-the-shelf products, the effectiveness of a firewall crucially depends on both the correctness of the implementation itself as well as the correct configuration. ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SACMAT '11: Proceedings of the 16th ACM symposium on Access control models and technologies
June 2011
196 pages
ISBN:9781450306881
DOI:10.1145/1998441
General Chair:
Ruth Breu
University of Innsbruck, Austria
,
Program Chairs:
Jason Crampton
Royal Holloway, University of London, UK
,
Jorge Lobo
IBM, USA
Copyright © 2011 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 15 June 2011
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
electronic health-care record
model-based testing
npfit
security testing
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate177of597submissions,30%
Upcoming Conference
SACMAT 2024

Sponsor:

sigsac

The 29th ACM Symposium on Access Control Models and Technologies

May 15 - 17, 2024

San Antonio , TX , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 18
  Total Citations
  View Citations
- 348
  Total Downloads
- Downloads (Last 12 months)13
- Downloads (Last 6 weeks)2
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

An approach to modular and testable security models of real-world health-care applications

SACMAT '11: Proceedings of the 16th ACM symposium on Access control models and technologies

ABSTRACT

References

Cited By

Index Terms

Recommendations

Web applications testing techniques: a systematic mapping study

Knowledge-based security testing of web applications by logic programming

Formal firewall conformance testing: an application of test and proof techniques