M edicalF ile, F ill_P rivacyF orm)} Rule6: a nurse is allowed to add note the patient file ,
AdU ser, read, P aymentF ile ,
AdU ser, edit, P aymentF ile ,
AdU ser, add_note, P aymentF ile ,
Obligation(System, notif y, DoctorInCharge, modif y_report)} The context F ill_P rivacyF orm is defined as follows ,
rivacyF orm) ? empower(hospitalB, S, nurse)? empower(hospitalB, A, read)? empower(hospitalB ,
P ermission(nurse A , add_note, M edicalF ile, def ault_ctx)} Rule19: an AdUser of hospital A is permitted to read a payment file ,
AdU ser A , read, P aymentF ile ,
AdU ser A , edit, P aymentF ile ,
AdU ser A , add_note, P aymentF ile, def ault_ctx)} Rule22: an ITUser of hospital A is permitted to read a system file ,
Obligation(System, notif y, DoctorInCharge, modif y_report)} " All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved, Sun Tzu Chapter ,
Fast testing of critical properties through passive testing, Proceedings of the 15th IFIP international conference on Testing of communicating systems, TestCom'03, pp.295-310, 2003. ,
An extended RBAC profile of XACML, Proceedings of the 3rd ACM workshop on Secure web services , SWS '06, pp.13-22, 2006. ,
DOI : 10.1145/1180367.1180372
Information Security: A Logic-Based Approach, International Conference on Enterprise Information Systems ,
DOI : 10.1007/978-94-017-1427-3_5
TRBAC, Proceedings of the fifth ACM workshop on Role-based access control , RBAC '00, pp.191-233, 2001. ,
DOI : 10.1145/344287.344298
a spatially aware rbac, Proceedings of the tenth ACM symposium on Access control models and technologies, SACMAT '05, pp.29-37, 2005. ,
14 Tools for Test Case Generation, Model-based Testing of Reactive Systems: Advanced Lectures, 2005. ,
DOI : 10.1007/11498490_18
IF-2.0: A Validation Environment for Component-Based Real-Time Systems, Proceedings of Conference on Computer Aided Verification, CAV02, pp.343-348 ,
DOI : 10.1007/3-540-45657-0_26
URL : https://hal.archives-ouvertes.fr/hal-00357518
The IF Toolset, In Lecture Notes in computer Science, vol.3185, pp.237-267, 2004. ,
DOI : 10.1007/978-3-540-30080-9_8
URL : https://hal.archives-ouvertes.fr/hal-00361307
A delegation model for extended RBAC, International Journal of Information Security, vol.6, issue.3/4, pp.209-236, 2010. ,
DOI : 10.1007/s10207-010-0104-3
Fixed point semantics in process algebra, 1982. ,
Context-based security policies: a new modeling approach, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second, pp.154-158, 2004. ,
DOI : 10.1109/PERCOMW.2004.1276923
Security modeling and analysis. Security Privacy, IEEE, vol.9, issue.3, pp.18-25, 2011. ,
Verification, induction termination analysis. chapter Specifying and verifying organizational security properties in first-order logic, pp.38-53 ,
Specification and validation of a security policy model, IEEE Transactions on Software Engineering and Methodology, pp.63-68, 1995. ,
The utilization of trend analysis in the effective monitoring of information security. Part 1: the concept, Information Management & Computer Security, vol.9, issue.5, pp.237-242, 2001. ,
DOI : 10.1108/EUM0000000006069
Test case generation techniques for interoperability test of component based software from state transition model, In Internation Journal of Computer Science and Network Security, vol.7, pp.151-157, 2007. ,
Penetration Testing, Encyclopedia of Cryptography and Security, 2005. ,
DOI : 10.1007/0-387-23483-7_297
Interoperability using O2O contract, Fourth international conference on signal-image technology and Internet-based systems, 2008. ,
Analyzing consistency of security policies, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097), 1997. ,
DOI : 10.1109/SECPRI.1997.601324
Modeling contextual security policies, Security in Network Architectures (SAR) and Security of Information Systems (SSI), First Joint Conference, pp.285-305, 2006. ,
DOI : 10.1007/s10207-007-0051-9
URL : https://hal.archives-ouvertes.fr/hal-01207773
O2O: Virtual Private Organizations to Manage Security Policy Interoperability, 13th annual workshop of HP Openview University Association, HP-OVUA, pp.21-24, 2006. ,
DOI : 10.1007/11961635_7
Nomad: A Security Model with Non Atomic Actions and Deadlines, 18th IEEE Computer Security Foundations Workshop (CSFW'05), pp.186-196, 2005. ,
DOI : 10.1109/CSFW.2005.20
Design and synthesis of synchronization skeletons using branching time temporal logic, Logic of Programs: Workshop, Yorktown Heights, 1981. ,
Hit-or-Jump: An Algorithm for Embedded Testing with Applications to in Services, International Conference on Formal Techniques for Networked and Distributed Systems, pp.41-56, 1999. ,
DOI : 10.1007/978-0-387-35578-8_3
Two Complementary Tools for the Formal Testing of Distributed Systems with Time Constraints, 2008 12th IEEE/ACM International Symposium on Distributed Simulation and Real-Time Applications, pp.315-318, 2008. ,
DOI : 10.1109/DS-RT.2008.43
Constraints for role-based access control, Proceedings of the first ACM Workshop on Role-based access control , RBAC '95, 1996. ,
DOI : 10.1145/270152.270177
A first step towards formal verification of security policy properties for RBAC, Fourth International Conference onQuality Software, 2004. QSIC 2004. Proceedings., pp.60-67, 2004. ,
DOI : 10.1109/QSIC.2004.1357945
An intrusion-detection model, IEEE Transactions on Software Engineering, p.13, 1987. ,
Protecting Critical Infrastructures While Preserving Each Organization???s Autonomy, Proceedings of the 7th international conference on Distributed computing and internet technology, pp.15-34, 2011. ,
DOI : 10.1007/978-3-642-19056-8_2
Test Generation for Network Security Rules, 18th IFIP TC6/WG6.1 International Conference on Testing of Communicating Systems, pp.341-356, 2006. ,
DOI : 10.1007/11754008_22
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.458.3609
Formalizing interoperability for test case generation purpose, International Journal on Software Tools for Technology Transfer, vol.9, issue.3, pp.261-267, 2009. ,
DOI : 10.1007/s10009-009-0103-8
URL : https://hal.archives-ouvertes.fr/hal-00789575
Strips: A new approach to the application of theorem proving to problem solving, In Artificial Intelligence, vol.2, pp.189-208, 1971. ,
Specification and verification of security properties of e-contracts, 8th International Conference on Communications (COMM), pp.427-430, 2010. ,
Interoperability testing of presence service on ims platform, Testbeds and Research Infrastructures for the Development of Networks Communities and Workshops 5th International Conference on, pp.1-6, 2009. ,
Testing interoperability security policies, The 24th International Conference on Software Engineering and Knowledge Engineering, 2012. ,
Verification of Interoperability Security Policies by Model Checking, 2011 IEEE 13th International Symposium on High-Assurance Systems Engineering, pp.376-381, 2011. ,
DOI : 10.1109/HASE.2011.17
A Formal Approach for Interoperability Testing of Security Rules, 2010 Sixth International Conference on Signal-Image Technology and Internet Based Systems, 2010. ,
DOI : 10.1109/SITIS.2010.53
An extensible framework for specifying and reasoning about complex role-based access control models, 2009. ,
Going Beyond MAC and DAC Using Mobile Policies, Proceedings of the IFIP TC11 Sixteenth Annual Working Conference on Information Security: Trusted Information: The New Decade Challenge, IFIP/Sec '01, pp.245-260, 2001. ,
DOI : 10.1007/0-306-46998-7_17
Role-based access control, 15th NIST-NCSC National Computer Security Conference, pp.554-563, 1992. ,
Utilizing fuzzy logic and neural networks for effective, preventative intrusion detection in a wireless environment, Proceedings of the 2007 annual research conference of the South African institute of computer scientists and information technologists on IT research in developing countries , SAICSIT '07, pp.29-35, 2007. ,
DOI : 10.1145/1292491.1292495
Rewriting-based techniques for runtime verification, Automated Software Engineering, pp.151-197, 2005. ,
Web services access negociation, 2008. ,
Access control in an open distributed environment, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186), 1998. ,
DOI : 10.1109/SECPRI.1998.674819
XeNA: an access negotiation framework using XACML, Annals of telecommunications, pp.155-169, 2009. ,
DOI : 10.1007/s12243-008-0050-5
URL : https://hal.archives-ouvertes.fr/hal-00448945
Enhancing security and privacy in traffic-monitoring systems, IEEE Pervasive Computing, pp.38-46, 2006. ,
Formal specification and verification of modular security policy based on colored petri nets, IEEE Transactions on Dependable and Secure Computing, 2010. ,
Integrated System Interoperability Testing With Applications to VoIP, IEEE/ACM Transactions on Networking, vol.12, issue.5, pp.823-836, 2004. ,
DOI : 10.1109/TNET.2004.836136
Access control meets public key infrastructure, or: assigning roles to strangers, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000, p.2, 2000. ,
DOI : 10.1109/SECPRI.2000.848442
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.86.2687
Spin model checker, the primer and reference manual ,
Systematic structural testing of firewall policies, IEEE Transactions on Network and Service Management, pp.1-11, 2012. ,
A generalized temporal role-based access control model, IEEE Transactions on Knowledge and Data Engineering, vol.17, issue.1, pp.4-23, 2005. ,
DOI : 10.1109/TKDE.2005.1
TGV: theory, principles and algorithms, The International Journal on Software Tools for Technology Transfer, pp.297-315, 2005. ,
DOI : 10.1007/s10009-004-0153-x
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.1.4262
Organization based access control, Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY '03, p.120, 2003. ,
URL : https://hal.archives-ouvertes.fr/hal-01483818
A policy description language American Association for Artificial Intelligence, Proceedings of the sixteenth national conference on Artificial intelligence and the eleventh Innovative applications of artificial intelligence conference innovative applications of artificial intelligence, AAAI '99/IAAI '99, pp.291-298, 1999. ,
Test generation for the distributed test architecture, Networks, 1993. International Conference on Information Engineering '93. 'Communications and Networks for the Year Proceedings of IEEE Singapore International Conference on, pp.670-674, 1993. ,
Security Rules Specification and Analysis Based on Passive Testing, IEEE GLOBECOM 2008, 2008 IEEE Global Telecommunications Conference, 2008. ,
DOI : 10.1109/GLOCOM.2008.ECP.400
URL : https://hal.archives-ouvertes.fr/hal-01378696
A formal approach for testing security rules, Proceedings of the 12th ACM symposium on Access control models and technologies , SACMAT '07, pp.127-132, 2007. ,
DOI : 10.1145/1266840.1266860
Extending hp identity management solutions to enforce privacy policies and obligations for regulatory compliance by enterprises, 12th HP OpenView University Association Workshop, 2005. ,
Formal supervision of mobile ad hoc networks for security flaws detection, Book chapterSecurity Engineering Techniques and Solutions for Information Systems: Management and Implementation, 2010. ,
URL : https://hal.archives-ouvertes.fr/hal-00690721
A Security Model for OLSR MANET Protocol, 7th International Conference on Mobile Data Management (MDM'06), p.122, 2006. ,
DOI : 10.1109/MDM.2006.17
Snort: Lightweight intrusion detection for networks, Proceedings of USENIX LISA99, 1999. ,
Spl: An access control language for security policies with complex constraints, Proceedings of the Network and Distributed System Security Symposium, pp.89-107, 1999. ,
Firewall Conformance Testing, Int. Conference on Testing of Communicating Systems (Test- Com), pp.226-241, 2005. ,
DOI : 10.1016/0169-7552(88)90064-5
Formal specification of role-based security policies for clinical information systems, Proceedings of the 2005 ACM symposium on Applied computing , SAC '05, pp.332-339, 2005. ,
DOI : 10.1145/1066677.1066756
Analyzing and Managing Role-Based Access Control Policies, IEEE Transactions on Knowledge and Data Engineering, vol.20, issue.7, pp.924-939, 2008. ,
DOI : 10.1109/TKDE.2008.28
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.126.907
Fsm based interoperability testing methods for multi stimuli model, Lecture Notes in Computer Science, vol.2978, pp.60-75, 2004. ,
Interoperability Test Generation and Minimization for Communication Protocols Based on the Multiple Stimuli Principle, IEEE Journal on Selected Areas in Communications, vol.22, issue.10, pp.2062-2074, 2004. ,
DOI : 10.1109/JSAC.2004.836015
Message Confidentiality Testing of Security Protocols ??? Passive Monitoring and Active Checking, International Conference on Testing of Communicating Systems (TestCom), pp.357-372, 2006. ,
DOI : 10.1007/11754008_23
Policy driven management for distributed systems, Journal of Network and Systems Management, pp.333-360, 1994. ,
DOI : 10.1007/BF02283186
Role based interoperability security policies in collaborative systems, 2012 International Conference on Collaboration Technologies and Systems (CTS), 2012. ,
DOI : 10.1109/CTS.2012.6261092
URL : https://hal.archives-ouvertes.fr/hal-00738970
Mutation-Based Evaluation of Weighted Test Case Selection for Firewall Testing, 2011 Fifth International Conference on Secure Software Integration and Reliability Improvement, pp.157-164, 2011. ,
DOI : 10.1109/SSIRI.2011.22
Testing techniques The Netherlands, Lecture notes, 2002. ,
Theorem Proving for Modeling and Conflict Checking of Authorization Policies, 2006 International Symposium on Computer Networks, pp.146-151, 2006. ,
DOI : 10.1109/ISCN.2006.1662524
Robbing the Bank with a Theorem Prover, 2005. ,
DOI : 10.1007/978-3-642-17773-6_21
Modeling Chinese Wall Policy Using Colored Petri Nets, The Sixth IEEE International Conference on Computer and Information Technology (CIT'06), p.162, 2006. ,
DOI : 10.1109/CIT.2006.123