Verification of SGAC access control policies using alloy and ProB

Nghi Huynh; Marc Frappier; Amel Mammar; Regine Laleau

doi:10.1109/HASE.2017.24

Verification of SGAC access control policies using alloy and ProB

Nghi Huynh, Marc Frappier, Amel Mammar, Regine Laleau

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

This paper investigates the verification ofaccess control policies for SGAC, a new healthcare access-control model, using Alloy and ProB, two first orderlogic model checkers based on distinct technologies.SGAC supports permission and prohibition, ruleinheritance among subjects and resources and conflictsresolution. In order to protect patient privacy while ensuringeffective caregiving in safety-critical situations, we check different properties such as accessibility, ineffectiverule detection. Our performance results showthat ProB performs two orders of magnitude betterthan Alloy. Results are promising enough to considerProB for verifying patient policies in SGAC.

Original language	English
Title of host publication	Proceedings - IEEE 18th International Symposium on High Assurance Systems Engineering, HASE 2017
Publisher	IEEE Computer Society
Pages	120-123
Number of pages	4
ISBN (Electronic)	9781509046355
DOIs	https://doi.org/10.1109/HASE.2017.24
Publication status	Published - 25 Apr 2017
Event	18th IEEE International Symposium on High Assurance Systems Engineering, HASE 2017 - Singapore, Singapore Duration: 12 Jan 2017 → 14 Jan 2017

Publication series

Name	Proceedings of IEEE International Symposium on High Assurance Systems Engineering
ISSN (Print)	1530-2059

Conference

Conference	18th IEEE International Symposium on High Assurance Systems Engineering, HASE 2017
Country/Territory	Singapore
City	Singapore
Period	12/01/17 → 14/01/17

Keywords

Access control
Alloy
Consent management
Formal model
Healthcare
ProB
Verification

Access to Document

10.1109/HASE.2017.24

Cite this

Huynh, N., Frappier, M., Mammar, A., & Laleau, R. (2017). Verification of SGAC access control policies using alloy and ProB. In Proceedings - IEEE 18th International Symposium on High Assurance Systems Engineering, HASE 2017 (pp. 120-123). Article 7911882 (Proceedings of IEEE International Symposium on High Assurance Systems Engineering). IEEE Computer Society. https://doi.org/10.1109/HASE.2017.24

@inproceedings{3a0b49b7e3dc45e3b71814eb30b661ff,

title = "Verification of SGAC access control policies using alloy and ProB",

abstract = "This paper investigates the verification ofaccess control policies for SGAC, a new healthcare access-control model, using Alloy and ProB, two first orderlogic model checkers based on distinct technologies.SGAC supports permission and prohibition, ruleinheritance among subjects and resources and conflictsresolution. In order to protect patient privacy while ensuringeffective caregiving in safety-critical situations, we check different properties such as accessibility, ineffectiverule detection. Our performance results showthat ProB performs two orders of magnitude betterthan Alloy. Results are promising enough to considerProB for verifying patient policies in SGAC.",

keywords = "Access control, Alloy, Consent management, Formal model, Healthcare, ProB, Verification",

author = "Nghi Huynh and Marc Frappier and Amel Mammar and Regine Laleau",

note = "Publisher Copyright: {\textcopyright} 2017 IEEE.; 18th IEEE International Symposium on High Assurance Systems Engineering, HASE 2017 ; Conference date: 12-01-2017 Through 14-01-2017",

year = "2017",

month = apr,

day = "25",

doi = "10.1109/HASE.2017.24",

language = "English",

series = "Proceedings of IEEE International Symposium on High Assurance Systems Engineering",

publisher = "IEEE Computer Society",

pages = "120--123",

booktitle = "Proceedings - IEEE 18th International Symposium on High Assurance Systems Engineering, HASE 2017",

}

Huynh, N, Frappier, M, Mammar, A & Laleau, R 2017, Verification of SGAC access control policies using alloy and ProB. in Proceedings - IEEE 18th International Symposium on High Assurance Systems Engineering, HASE 2017., 7911882, Proceedings of IEEE International Symposium on High Assurance Systems Engineering, IEEE Computer Society, pp. 120-123, 18th IEEE International Symposium on High Assurance Systems Engineering, HASE 2017, Singapore, Singapore, 12/01/17. https://doi.org/10.1109/HASE.2017.24

Verification of SGAC access control policies using alloy and ProB. / Huynh, Nghi; Frappier, Marc; Mammar, Amel et al.
Proceedings - IEEE 18th International Symposium on High Assurance Systems Engineering, HASE 2017. IEEE Computer Society, 2017. p. 120-123 7911882 (Proceedings of IEEE International Symposium on High Assurance Systems Engineering).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Verification of SGAC access control policies using alloy and ProB

AU - Huynh, Nghi

AU - Frappier, Marc

AU - Mammar, Amel

AU - Laleau, Regine

PY - 2017/4/25

Y1 - 2017/4/25

N2 - This paper investigates the verification ofaccess control policies for SGAC, a new healthcare access-control model, using Alloy and ProB, two first orderlogic model checkers based on distinct technologies.SGAC supports permission and prohibition, ruleinheritance among subjects and resources and conflictsresolution. In order to protect patient privacy while ensuringeffective caregiving in safety-critical situations, we check different properties such as accessibility, ineffectiverule detection. Our performance results showthat ProB performs two orders of magnitude betterthan Alloy. Results are promising enough to considerProB for verifying patient policies in SGAC.

AB - This paper investigates the verification ofaccess control policies for SGAC, a new healthcare access-control model, using Alloy and ProB, two first orderlogic model checkers based on distinct technologies.SGAC supports permission and prohibition, ruleinheritance among subjects and resources and conflictsresolution. In order to protect patient privacy while ensuringeffective caregiving in safety-critical situations, we check different properties such as accessibility, ineffectiverule detection. Our performance results showthat ProB performs two orders of magnitude betterthan Alloy. Results are promising enough to considerProB for verifying patient policies in SGAC.

KW - Access control

KW - Alloy

KW - Consent management

KW - Formal model

KW - Healthcare

KW - ProB

KW - Verification

U2 - 10.1109/HASE.2017.24

DO - 10.1109/HASE.2017.24

M3 - Conference contribution

AN - SCOPUS:85019243536

T3 - Proceedings of IEEE International Symposium on High Assurance Systems Engineering

SP - 120

EP - 123

BT - Proceedings - IEEE 18th International Symposium on High Assurance Systems Engineering, HASE 2017

PB - IEEE Computer Society

T2 - 18th IEEE International Symposium on High Assurance Systems Engineering, HASE 2017

Y2 - 12 January 2017 through 14 January 2017

ER -

Verification of SGAC access control policies using alloy and ProB

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this