Back to Search Start Over

Verification of SGAC Access Control Policies Using Alloy and ProB

Authors :
Nghi Quang Huynh
Amel Mammar
Régine Laleau
Marc Frappier
Laboratoire d'Algorithmique Complexité et Logique (LACL)
Université Paris-Est Créteil Val-de-Marne - Paris 12 (UPEC UP12)-Centre National de la Recherche Scientifique (CNRS)
Département d'informatique [Sherbrooke] (UdeS)
Faculté des sciences [Sherbrooke] (UdeS)
Université de Sherbrooke (UdeS)-Université de Sherbrooke (UdeS)
Département Informatique (INF)
Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP)
Services répartis, Architectures, MOdélisation, Validation, Administration des Réseaux (SAMOVAR)
Centre National de la Recherche Scientifique (CNRS)
Source :
PROCEEDINGS HASE 2017: 18th IEEE International Symposium on High Assurance Systems Engineering, 18th IEEE International Symposium on High Assurance Systems Engineering, HASE 2017, 18th IEEE International Symposium on High Assurance Systems Engineering, HASE 2017, Jan 2017, Singapore, Singapore. pp.120-123, ⟨10.1109/HASE.2017.24⟩, HASE
Publication Year :
2017
Publisher :
HAL CCSD, 2017.

Abstract

International audience; This paper investigates the verification ofaccess control policies for SGAC, a new healthcare access-control model, using Alloy and ProB, two first orderlogic model checkers based on distinct technologies.SGAC supports permission and prohibition, ruleinheritance among subjects and resources and conflictsresolution. In order to protect patient privacy while ensuringeffective caregiving in safety-critical situations, we check different properties such as accessibility, ineffectiverule detection. Our performance results showthat ProB performs two orders of magnitude betterthan Alloy. Results are promising enough to considerProB for verifying patient policies in SGAC.

Subjects

Subjects :
Engineering
Patient privacy
Control (management)
Access control
Context (language use)
0102 computer and information sciences
02 engineering and technology
[INFO.INFO-SE]Computer Science [cs]/Software Engineering [cs.SE]
Permission
Computer security
computer.software_genre
01 natural sciences
Order (exchange)
0202 electrical engineering, electronic engineering, information engineering
formal model
business.industry
ProB
access control
healthcare
020207 software engineering
Performance results
3. Good health
consent management
010201 computation theory & mathematics
Alloy
business
verification
computer

Details

Language :
English
Database :
OpenAIRE
Journal :
PROCEEDINGS HASE 2017: 18th IEEE International Symposium on High Assurance Systems Engineering, 18th IEEE International Symposium on High Assurance Systems Engineering, HASE 2017, 18th IEEE International Symposium on High Assurance Systems Engineering, HASE 2017, Jan 2017, Singapore, Singapore. pp.120-123, ⟨10.1109/HASE.2017.24⟩, HASE
Accession number :
edsair.doi.dedup.....1b4d516481e1c2020df01c6848e3df8b
Full Text :
https://doi.org/10.1109/HASE.2017.24⟩
Full Text Access
View/download PDF

Tools

Authors Abstract Subjects Details