1 / 22

A Formal Security Model for Collaboration in Multi-agency Networks

A Formal Security Model for Collaboration in Multi-agency Networks . Salem Aljareh Newcastle University, UK Nick Rossiter & Michael Heather Northumbria University, UK nick.rossiter@unn.ac.uk. Outline. Motivation. Security Requirements. UK Security Regulations. Task-based Perspective

zeke
Télécharger la présentation

A Formal Security Model for Collaboration in Multi-agency Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Formal Security Model for Collaboration in Multi-agency Networks Salem Aljareh Newcastle University, UK Nick Rossiter & Michael Heather Northumbria University, UK nick.rossiter@unn.ac.uk

  2. Outline • Motivation. • Security Requirements. • UK Security Regulations. • Task-based Perspective • The CTCP/CTRP model. • Categorical Representation. • Discussion. • Current work. • References. 2nd WSIS, Porto

  3. Motivation Vulnerabilities Model Polices Mechanisms Threats 2nd WSIS, Porto

  4. Security Requirements • The origin of security requirements. • Rhetoric. • Concept. • Regulations. • Security Policy. 2nd WSIS, Porto

  5. UK Security Regulations • Personal Data in General: • Data Protection Act. • Patient Record: • Caldicott Principles and Recommendations 2nd WSIS, Porto

  6. The CTCP/CTRP model Requirements Policy Material Collaboration Task Creation Protocol CTCP Collaboration task Collaboration Task Runtime Protocol CTRP 2nd WSIS, Porto

  7. General Principles of our Model • Relationship. • Ownership. • Authorization. • Responsibilities 2nd WSIS, Porto

  8. Task-based Perspective as: • There is no collaboration without a task. • Can address the need-to-know problem. • The collaboration task forms the common object between the collaborators. • Shared information ownership can be granted to the collaboration task. • Tasks are scalable, flexible and dynamic. • Explicit responsibility is recognized in the task-based approach. 2nd WSIS, Porto

  9. Collaboration Task Creation Protocol Introduction Dismiss Rethinking Negotiation Decision CTCP Discard Agreement Create Task 2nd WSIS, Porto

  10. Collaboration Task Runtime Protocol Preparation Init Process Task Process CTRP Log Assessment Abort Update End CTCP 2nd WSIS, Porto

  11. Exceptions -- Three Main Types • 1. The task can still continue to its normal end. • Exceptions of this type are handled within CTRP protocol by task update component. • 2. The task must be terminated and another task is required to complete the function. • The task in such cases is aborted in CTRP • The task history is used by the CTCP protocol to create another task to redo the function. • 3. The task must be terminated and there is no need for any further actions. • Handled within the CTRP protocol through ABORT 2nd WSIS, Porto

  12. Coverage of Data Protection Act. • Principle 1: Personal data shall be processed fairly and lawfully. • Principle 2: Personal data shall be obtained only for one or more specified and lawful purposes. • Principle 3: Personal data shall be adequate. • Principle 4: Personal data shall be accurate and, where necessary, kept up to date. • Principle 5: Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. • Principle 6: Personal data shall be processed in accordance with the rights of data subjects under this Act. • Principle 7: Appropriate measures shall be taken against unauthorised processing of personal data. • Principle 8: Personal data shall not be transferred to a country or territory outside the European Economic Area. 2nd WSIS, Porto

  13. Correspondence of DPA Principles and CTCP/CTRP Components 2nd WSIS, Porto

  14. Coverage of Caldicott Principles • Principle 1:Justify the purpose(s) • Principle 2: Don't use person-identifiable information unless it is absolutely necessary • Principle 3:Use the minimum necessary person-identifiable information • Principle 4:Access to person-identifiable information should be on a strict need-to-know basis • Principle 5:Everyone with access to person-identifiable information should be aware of their responsibilities. • Principle 6:Understand and comply with the law. 2nd WSIS, Porto

  15. Correspondence of Caldicott Principles and CTCP/CTRP Components 2nd WSIS, Porto

  16. Categorical Model of Security System 2nd WSIS, Porto

  17. Correspondence -- categorical: CTCP/CTRP model •  corresponds to the protocol CTCP whereby a limit C XB A is selected for a particular purpose C/B through negotiation. • Existential functor  is a type constraint: there must exist for all policy rules in C XB A an entry in the system C/B. • Universal quantifier functor  corresponds to the protocol CTRP: all the rules held in the negotiated policy are applied. 2nd WSIS, Porto

  18. Use of Petri Net Notation • Increasingly used in security area • Suitable for situations with: • concurrency, • asynchronicity, • distribution, • parallelism • non-determinism. • Model states and transitions 2nd WSIS, Porto

  19. Types of Petri Nets • Simple ones may not be adequate • More complex examples: • Timed Petri-Nets • Stochastic Petri-Nets • Coloured Petri Nets 2nd WSIS, Porto

  20. Discussion • Sources of the security requirements sources. • Coverage of general security regulation and medical security regulation. • Software engineering principles are met (Maximal cohesion, low coupling and efficient execution). • Balance between Category Theory and Petri Nets 2nd WSIS, Porto

  21. Case Studies • Case study multi-agency security requirements in the Electronic Health Record. • Testing our model against the EHR security requirements. 2nd WSIS, Porto

  22. References • Aljareh, S., J. Dobson and Rossiter N. Satisfaction of Health Record Security Principles through Collaborative Protocols, 8th International Congress in Nursing Informatics. Brazil 20-25 June 2003. • Aljareh, S., & Rossiter N., 2001, Toward security in multi-agency clinical information services, Proceedings Workshop on Dependability in Healthcare Informatics, Edinburgh, 22nd-23rd March 2001, 33-41. • Aljareh S., Rossiter N. A Task-based Security Model to facilitate Collaboration in Trusted Multi-agency Networks.In proceedings of ACM-SAC2002, Symposium on Applied Computing, 10–14 March 2002, Madrid pp 744-749. 2nd WSIS, Porto

More Related