TY - CONF AU - Brucker, Achim D. AU - Brügger, Lukas AU - Kearney, Paul AU - Wolff, Burkhart PY - 2011 DA - 2011// TI - An Approach to Modular and Testable Security Models of Real-world Health-care Applications BT - ACM symposium on access control models and technologies (SACMAT) SP - 133 EP - 142 PB - ACM Press CY - New York, NY, USA AB - We present a generic modular policy modelling framework and instantiate it with a substantial case study for model-based testing of some key security mechanisms of applications and services of the NPfIT. NPfIT, the National Programme for IT, is a very large-scale development project aiming to modernise the IT infrastructure of the NHS in England. Consisting of heterogeneous and distributed applications, it is an ideal target for model-based testing techniques of a large system exhibiting critical security features. We model the four information governance principles, comprising a role-based access control model, as well as policy rules governing the concepts of patient consent, sealed envelopes and legitimate relationship. The model is given in HOL and processed together with suitable test specifications in the HOL-TestGen system, that generates test sequences according to them. Particular emphasis is put on the modular description of security policies and their generic combination and its consequences for model-based testing. SN - 978-1-4503-0688-1 L1 - https://www.brucker.ch/bibliography/download/2011/brucker.ea-model-based-2011.pdf UR - https://www.brucker.ch/bibliography/abstract/brucker.ea-model-based-2011 UR - https://doi.org/10.1145/1998441.1998461 DO - 10.1145/1998441.1998461 LA - USenglish ID - brucker.ea:model-based:2011 ER -