@InProceedings{ brucker.ea:model-based:2011, title = {An Approach to Modular and Testable Security Models of Real-world Health-care Applications}, author = {Achim D. Brucker and Lukas Br{\"u}gger and Paul Kearney and Burkhart Wolff}, booktitle = {ACM symposium on access control models and technologies (SACMAT)}, language = {USenglish}, publisher = {ACM Press}, address = {New York, NY, USA}, location = {Innsbruck, Austria}, categories = {holtestgen}, classification= {conference}, areas = {security, formal methods}, year = {2011}, copyright = {ACM}, copyrighturl = {http://dl.acm.org/authorize?431936}, public = {yes}, pages = {133--142}, pdf = {http://www.brucker.ch/bibliography/download/2011/brucker.ea-model-based-2011.pdf}, abstract = {We present a generic modular policy modelling framework and instantiate it with a substantial case study for model-based testing of some key security mechanisms of applications and services of the NPfIT. NPfIT, the National Programme for IT, is a very large-scale development project aiming to modernise the IT infrastructure of the NHS in England. Consisting of heterogeneous and distributed applications, it is an ideal target for model-based testing techniques of a large system exhibiting critical security features. We model the four information governance principles, comprising a role-based access control model, as well as policy rules governing the concepts of patient consent, sealed envelopes and legitimate relationship. The model is given in HOL and processed together with suitable test specifications in the HOL-TestGen system, that generates test sequences according to them. Particular emphasis is put on the modular description of security policies and their generic combination and its consequences for model-based testing.}, doi = {10.1145/1998441.1998461}, isbn = {978-1-4503-0688-1}, url = {http://www.brucker.ch/bibliography/abstract/brucker.ea-model-based-2011} }