Abstract
Information systems security defines three properties of information: confidentiality, integrity, and availability. These characteristics remain major concerns throughout the commercial and military industry. In this work, we focus on the integrity aspect of commercial security applications by exploring the nature and scope of the famous integrity policy - the Clinical Information Systems Policy. We model it and check its consistency using the Alloy Analyzer.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Summers, C.: Computer Security: Threats and Safeguards. McGraw Hill, New York (1997) ISBN-13: 978-0070694194
Jackson, D.: Alloy 3.0 Reference Manual (2004), http://alloy.mit.edu/reference-manual.pdf (retrieved on September 24, 2012)
Seater, R., Dennis, G.: Tutorial for Alloy Analyzer 4.0 (2011), http://alloy.mit.edu/tutorial4 (retrieved on September 24, 2012)
Anderson, R.: A Security Policy Model for Clinical Information Systems. In: Proceedings of the 1996 IEEE Symposium and Security and Privacy, pp. 30–43. IEEE Press, Oakland (1996)
Hassan, W., Logrippo, L.: Detecting Inconsistencies of Mixed Secrecy Models and Business Policies. University of Ottawa, Canada, Technical Report (2009)
Bell, L., LaPadula, E.: Secure Computer Systems: Mathematical Foundations. Technical Report 2547, Volume I. The MITRE Corporation (1976)
Ferraiolo, D.F., Kuhn, D.R.: Role-Based Access Control. In: Proceedings of the 15th National Computer Security Conference, Baltimore, MD, USA, pp. 554–563 (1992)
Viega, J., Evans, D.: Separation of Concerns for Security. In: Proceedings of the Workshop on Multi-Dimensional Separation of Concerns in Software Engineering, Limerick, Ireland, pp. 126–129 (2000)
Zao, J., Hoetech, W., Chu, J., Jackson, D.: RBAC Schema Verification using Lightweight Formal Model and Constraint Analysis. In: Proceedings of 8th ACM Symposium on Access Control Models and Technologies, Boston, MA, USA (2003)
Hassan, W., Logrippo, L., Mankai, M.: Validating Access Control Policies with Alloy. In: Proceedings of the Workshop on Practice and Theory of Access Control Technologies, Quebec, Canada (2005)
Shaffer, A., Auguston, M., Irvine, C., Levin, T.: A Security Domain Model to Assess Software for Exploitable Covert Channels. In: Proceedings of the ACM SIGPLAN Third Workshop on Programming Languages and Analysis for Security, Tucson, Arizona, USA, pp. 45–56 (2008)
Misic, J., Misic, V.: Implementation of Security Policy for Clinical Information Systems over Wireless Sensor Networks. Ad Hoc Networks Journal 5, 134–144 (2006)
Haraty, R.A., Boss, N.: Modeling and Validating Confidentiality, Integrity, and Object Oriented Policies using Alloy. In: Security & Privacy Preserving in Social Networks. Springer (2013) ISBN 978-3-7091-0893-2
Brewer, D., Nash, M.: The Chinese Wall Security Policy. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, USA, pp. 206–214 (1989)
Biba, K.J.: Integrity Considerations for Secure Computer Systems. Technical Report MTR-3153. The MITRE Corporation (1977)
Lipner, S.B.: Non-discretionary Controls for Commercial Applications. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, USA, pp. 2–10 (1982)
Haraty, R.A.: A Security Policy Manager for Multilevel Secure Object Oriented Database Management Systems. In: Proceedings of the International Conference on Applied Modeling and Simulation, Cairns - Queensland, Australia (1999)
Haraty, R.A.: C2 Secure Database Management Systems – A Comparative Study. In: Proceedings of the Symposium on Applied Computing. San Antonio, TX, USA, pp. 216–220 (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Haraty, R.A., Naous, M. (2013). Modeling and Validating the Clinical Information Systems Policy Using Alloy. In: Huang, G., Liu, X., He, J., Klawonn, F., Yao, G. (eds) Health Information Science. HIS 2013. Lecture Notes in Computer Science, vol 7798. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37899-7_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-37899-7_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-37898-0
Online ISBN: 978-3-642-37899-7
eBook Packages: Computer ScienceComputer Science (R0)