Skip to main content
SpringerLink
Log in

Modeling and Validating the Clinical Information Systems Policy Using Alloy

  • Conference paper
Health Information Science (HIS 2013)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 7798))

Included in the following conference series:

Abstract

Information systems security defines three properties of information: confidentiality, integrity, and availability. These characteristics remain major concerns throughout the commercial and military industry. In this work, we focus on the integrity aspect of commercial security applications by exploring the nature and scope of the famous integrity policy - the Clinical Information Systems Policy. We model it and check its consistency using the Alloy Analyzer.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 49.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Summers, C.: Computer Security: Threats and Safeguards. McGraw Hill, New York (1997) ISBN-13: 978-0070694194

    Google Scholar 

  2. Jackson, D.: Alloy 3.0 Reference Manual (2004), http://alloy.mit.edu/reference-manual.pdf (retrieved on September 24, 2012)

  3. Seater, R., Dennis, G.: Tutorial for Alloy Analyzer 4.0 (2011), http://alloy.mit.edu/tutorial4 (retrieved on September 24, 2012)

  4. Anderson, R.: A Security Policy Model for Clinical Information Systems. In: Proceedings of the 1996 IEEE Symposium and Security and Privacy, pp. 30–43. IEEE Press, Oakland (1996)

    Google Scholar 

  5. Hassan, W., Logrippo, L.: Detecting Inconsistencies of Mixed Secrecy Models and Business Policies. University of Ottawa, Canada, Technical Report (2009)

    Google Scholar 

  6. Bell, L., LaPadula, E.: Secure Computer Systems: Mathematical Foundations. Technical Report 2547, Volume I. The MITRE Corporation (1976)

    Google Scholar 

  7. Ferraiolo, D.F., Kuhn, D.R.: Role-Based Access Control. In: Proceedings of the 15th National Computer Security Conference, Baltimore, MD, USA, pp. 554–563 (1992)

    Google Scholar 

  8. Viega, J., Evans, D.: Separation of Concerns for Security. In: Proceedings of the Workshop on Multi-Dimensional Separation of Concerns in Software Engineering, Limerick, Ireland, pp. 126–129 (2000)

    Google Scholar 

  9. Zao, J., Hoetech, W., Chu, J., Jackson, D.: RBAC Schema Verification using Lightweight Formal Model and Constraint Analysis. In: Proceedings of 8th ACM Symposium on Access Control Models and Technologies, Boston, MA, USA (2003)

    Google Scholar 

  10. Hassan, W., Logrippo, L., Mankai, M.: Validating Access Control Policies with Alloy. In: Proceedings of the Workshop on Practice and Theory of Access Control Technologies, Quebec, Canada (2005)

    Google Scholar 

  11. Shaffer, A., Auguston, M., Irvine, C., Levin, T.: A Security Domain Model to Assess Software for Exploitable Covert Channels. In: Proceedings of the ACM SIGPLAN Third Workshop on Programming Languages and Analysis for Security, Tucson, Arizona, USA, pp. 45–56 (2008)

    Google Scholar 

  12. Misic, J., Misic, V.: Implementation of Security Policy for Clinical Information Systems over Wireless Sensor Networks. Ad Hoc Networks Journal 5, 134–144 (2006)

    Article  Google Scholar 

  13. Haraty, R.A., Boss, N.: Modeling and Validating Confidentiality, Integrity, and Object Oriented Policies using Alloy. In: Security & Privacy Preserving in Social Networks. Springer (2013) ISBN 978-3-7091-0893-2

    Google Scholar 

  14. Brewer, D., Nash, M.: The Chinese Wall Security Policy. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, USA, pp. 206–214 (1989)

    Google Scholar 

  15. Biba, K.J.: Integrity Considerations for Secure Computer Systems. Technical Report MTR-3153. The MITRE Corporation (1977)

    Google Scholar 

  16. Lipner, S.B.: Non-discretionary Controls for Commercial Applications. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, USA, pp. 2–10 (1982)

    Google Scholar 

  17. Haraty, R.A.: A Security Policy Manager for Multilevel Secure Object Oriented Database Management Systems. In: Proceedings of the International Conference on Applied Modeling and Simulation, Cairns - Queensland, Australia (1999)

    Google Scholar 

  18. Haraty, R.A.: C2 Secure Database Management Systems – A Comparative Study. In: Proceedings of the Symposium on Applied Computing. San Antonio, TX, USA, pp. 216–220 (1999)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Mathematics, Lebanese American University, Beirut, Lebanon

    Ramzi A. Haraty & Mirna Naous

Authors
  1. Ramzi A. Haraty
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mirna Naous
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Centre for Applied Informatics, Victoria University, 3011, Melbourne, VIC, Australia

    Guangyan Huang  & Jing He  & 

  2. School of Information System, Computing, and Mathematics, Brunel University, UB8 3PH, London, UK

    Xiaohui Liu

  3. Department of Computer Science, Ostfalia University of Applied Sciences, Salzdahlumer Str. 46/48, Wolfenbüttel, Germany

    Frank Klawonn

  4. Health Economics, Primary Care and Population Sciences, Faculty of Medicine, University of Southampton, Southampton, UK

    Guiqing Yao

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Haraty, R.A., Naous, M. (2013). Modeling and Validating the Clinical Information Systems Policy Using Alloy. In: Huang, G., Liu, X., He, J., Klawonn, F., Yao, G. (eds) Health Information Science. HIS 2013. Lecture Notes in Computer Science, vol 7798. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37899-7_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-37899-7_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-37898-0

  • Online ISBN: 978-3-642-37899-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation