RBAC for Healthcare-Infrastructure and data storage

Role based Access control (RBAC) is the cornerstone of security for any modern organization. In this report, we defined a health-care access control structure based on RBAC. We used Alloy formal logic modeling tool to model and validate system functions. We modeled system static and dynamic or temporal behaviours. We focused on evaluating properties such as integrity, conformance and progress.

[1]  Mathias Ekstedt,et al.  The Cyber Security Modeling Language: A Tool for Assessing the Vulnerability of Enterprise System Architectures , 2013, IEEE Systems Journal.

[2]  Ramzi A. Haraty,et al.  Role-Based Access Control modeling and validation , 2013, 2013 IEEE Symposium on Computers and Communications (ISCC).

[3]  Roberto Nardone,et al.  Vulnerability modeling and analysis for critical infrastructure protection applications , 2013, Int. J. Crit. Infrastructure Prot..

[4]  Elisa Bertino,et al.  Secure interoperation in a multidomain environment employing RBAC policies , 2005, IEEE Transactions on Knowledge and Data Engineering.

[5]  Indrajit Ray,et al.  TrustBAC: integrating trust relationships into the RBAC model for access control in open systems , 2006, SACMAT '06.

[6]  Nicole van Deursen,et al.  HI-Risk : a socio-technical method for the identification and monitoring of healthcare information security risks in the information society , 2014 .

[7]  Joshua D. Guttman,et al.  Information Flow in Operating Systems: Eager Formal Methods , 2003 .

[8]  Shan Wu Review of the methods for the development of information security policies at organizations , 2016 .

[9]  Tomas Kulik,et al.  Compliance verification of a cyber security standard for Cloud-connected SCADA , 2019, 2019 Global IoT Summit (GIoTS).

[10]  Mathias Ekstedt,et al.  A Meta Language for Threat Modeling and Attack Simulations , 2018, ARES.

[11]  Noel Carroll,et al.  The Need for Trustworthiness Models in Healthcare Software Solutions , 2017, HEALTHINF.

[12]  Chuck Easttom,et al.  SecML: A Proposed Modeling Language for CyberSecurity , 2019, 2019 IEEE 10th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON).

[13]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.