The Z notation: a reference manual
The Z notation: a reference manual
Imperative functional programming
POPL '93 Proceedings of the 20th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
A model of accountability, confidentiality and override for healthcare and other applications
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Organization based access control
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Cassandra: Flexible Trust Management, Applied to Electronic Health Records
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Automated Test Generation for Access Control Policies via Change-Impact Analysis
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
Conformance Checking of Access Control Policies Specified in XACML
COMPSAC '07 Proceedings of the 31st Annual International Computer Software and Applications Conference - Volume 02
Testing Security Policies: Going Beyond Functional Testing
ISSRE '07 Proceedings of the The 18th IEEE International Symposium on Software Reliability
Enabling verification and conformance testing for access control model
Proceedings of the 13th ACM symposium on Access control models and technologies
Model-Based Tests for Access Control Policies
ICST '08 Proceedings of the 2008 International Conference on Software Testing, Verification, and Validation
Property Verification for Generic Access Control Models
EUC '08 Proceedings of the 2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing - Volume 02
The next 700 access control models or a unifying meta-model?
Proceedings of the 14th ACM symposium on Access control models and technologies
Test-sequence generation with Hol-TestGen with an application to firewall testing
TAP'07 Proceedings of the 1st international conference on Tests and proofs
Isabelle/HOL: a proof assistant for higher-order logic
Isabelle/HOL: a proof assistant for higher-order logic
Verified Firewall Policy Transformations for Test Case Generation
ICST '10 Proceedings of the 2010 Third International Conference on Software Testing, Verification and Validation
Symbolic test case generation for primitive recursive functions
FATES'04 Proceedings of the 4th international conference on Formal Approaches to Software Testing
SecureBPMN: modeling and enforcing access control requirements in business processes
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
| Hi-index | 0.00 |
We present a generic modular policy modelling framework and instantiate it with a substantial case study for model-based testing of some key security mechanisms of applications and services of the NPfIT. NPfIT, the National Programme for IT, is a very large-scale development project aiming to modernise the IT infrastructure of the NHS in England. Consisting of heterogeneous and distributed applications, it is an ideal target for model-based testing techniques of a large system exhibiting critical security features. We model the four information governance principles, comprising a role-based access control model, as well as policy rules governing the concepts of patient consent, sealed envelopes and legitimate relationships. The model is given in Higher-order Logic (HOL) and processed together with suitable test specifications in the TestGen system, that generates test sequences according to them. Particular emphasis is put on the modular description of security policies and their generic combination and its consequences for model-based testing.