Abstract

Objective: This article objective is to model authorization process from role-based access control (RBAC) using restrict mode features (separation of duties (SoD) implementation) via Colored Petri Nets (CPN) simulations to map security concerns or limitations of this access control while addressing ISO 14441 requirements for Electronic Health Records (EHR) systems. Method: We have mapped the two separation of duties access control resources from RBAC (static and dynamic) according with National Institute of Standards and Technology (NIST) documentation into a representative process flow using Petri Net formalism. The test scenario included two different physician roles with access permission grants labeled as in conflict if used altogether. Then, we have implemented this flow into a Colored Petri Net simulator (CPN Tools) in order to check RBAC SoD capability to address ISO 14441 privacy requirements to segregate conflicted grants from authenticated users on a general EHR system. The simulations considered conflicts either from a single user or from two users accessing shared patient's private EHR. Conclusion: Colored tokens on Petri Nets models simulating RBAC authorization are useful to demonstrate security policy conflicts during access control authorization process. Tested ISO 14441 privacy demands could be addressed only by including RBAC's dynamic SoD property.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.