Abstract
AbstractWe present a new formal validation method for healthcare security policies in the form of feedback-based queries to ensure an answer to the question of Who is accessing What in Electronic Health Records. To this end, we consider Role-based Access Control (RBAC) that offers the flexibility to specify the users, roles, permissions, actions, and the objects to secure. We use the Z notation both for formal specification of RBAC security policies and for queries aimed at reviewing these security policies. To ease the effort in creating the correct specification of the security policies, RBAC-based graphical models (such as SecureUML) are used and automatically translated into the corresponding Z specifications. These specifications are then animated using the Jaza tool to execute queries against the specification of security policies. Through this process, it is automatically detected who will gain access to the medical record of the patient and which information will be exposed to that system user.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
