, M edicalF ile, F ill_P rivacyF orm)} Rule6: a nurse is allowed to add note the patient file
, AdU ser, read, P aymentF ile
, AdU ser, edit, P aymentF ile
, AdU ser, add_note, P aymentF ile
, Obligation(System, notif y, DoctorInCharge, modif y_report)} The context F ill_P rivacyF orm is defined as follows
, rivacyF orm) ? empower(hospitalB, S, nurse)? empower(hospitalB, A, read)? empower(hospitalB
, P ermission(nurse A , add_note, M edicalF ile, def ault_ctx)} Rule19: an AdUser of hospital A is permitted to read a payment file
, AdU ser A , read, P aymentF ile
, AdU ser A , edit, P aymentF ile
, AdU ser A , add_note, P aymentF ile, def ault_ctx)} Rule22: an ITUser of hospital A is permitted to read a system file
, Obligation(System, notif y, DoctorInCharge, modif y_report)} " All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved, Sun Tzu Chapter
, Fast testing of critical properties through passive testing, Proceedings of the 15th IFIP international conference on Testing of communicating systems, TestCom'03, pp.295-310, 2003.
, An extended RBAC profile of XACML, Proceedings of the 3rd ACM workshop on Secure web services , SWS '06, pp.13-22, 2006.
DOI : 10.1145/1180367.1180372
, Information Security: A Logic-Based Approach, International Conference on Enterprise Information Systems
DOI : 10.1007/978-94-017-1427-3_5
, TRBAC, Proceedings of the fifth ACM workshop on Role-based access control , RBAC '00, pp.191-233, 2001.
DOI : 10.1145/344287.344298
, a spatially aware rbac, Proceedings of the tenth ACM symposium on Access control models and technologies, SACMAT '05, pp.29-37, 2005.
, 14 Tools for Test Case Generation, Model-based Testing of Reactive Systems: Advanced Lectures, 2005.
DOI : 10.1007/11498490_18
, IF-2.0: A Validation Environment for Component-Based Real-Time Systems, Proceedings of Conference on Computer Aided Verification, CAV02, pp.343-348
DOI : 10.1007/3-540-45657-0_26
URL : https://hal.archives-ouvertes.fr/hal-00357518
, The IF Toolset, In Lecture Notes in computer Science, vol.3185, pp.237-267, 2004.
DOI : 10.1007/978-3-540-30080-9_8
URL : https://hal.archives-ouvertes.fr/hal-00361307
, A delegation model for extended RBAC, International Journal of Information Security, vol.6, issue.3/4, pp.209-236, 2010.
DOI : 10.1007/s10207-010-0104-3
, Fixed point semantics in process algebra, 1982.
, Context-based security policies: a new modeling approach, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second, pp.154-158, 2004.
DOI : 10.1109/PERCOMW.2004.1276923
, Security modeling and analysis. Security Privacy, IEEE, vol.9, issue.3, pp.18-25, 2011.
, Verification, induction termination analysis. chapter Specifying and verifying organizational security properties in first-order logic, pp.38-53
, Specification and validation of a security policy model, IEEE Transactions on Software Engineering and Methodology, pp.63-68, 1995.
, The utilization of trend analysis in the effective monitoring of information security. Part 1: the concept, Information Management & Computer Security, vol.9, issue.5, pp.237-242, 2001.
DOI : 10.1108/EUM0000000006069
, Test case generation techniques for interoperability test of component based software from state transition model, In Internation Journal of Computer Science and Network Security, vol.7, pp.151-157, 2007.
, Penetration Testing, Encyclopedia of Cryptography and Security, 2005.
DOI : 10.1007/0-387-23483-7_297
, Interoperability using O2O contract, Fourth international conference on signal-image technology and Internet-based systems, 2008.
, Analyzing consistency of security policies, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097), 1997.
DOI : 10.1109/SECPRI.1997.601324
, Modeling contextual security policies, Security in Network Architectures (SAR) and Security of Information Systems (SSI), First Joint Conference, pp.285-305, 2006.
DOI : 10.1007/s10207-007-0051-9
URL : https://hal.archives-ouvertes.fr/hal-01207773
, O2O: Virtual Private Organizations to Manage Security Policy Interoperability, 13th annual workshop of HP Openview University Association, HP-OVUA, pp.21-24, 2006.
DOI : 10.1007/11961635_7
, Nomad: A Security Model with Non Atomic Actions and Deadlines, 18th IEEE Computer Security Foundations Workshop (CSFW'05), pp.186-196, 2005.
DOI : 10.1109/CSFW.2005.20
, Design and synthesis of synchronization skeletons using branching time temporal logic, Logic of Programs: Workshop, Yorktown Heights, 1981.
, Hit-or-Jump: An Algorithm for Embedded Testing with Applications to in Services, International Conference on Formal Techniques for Networked and Distributed Systems, pp.41-56, 1999.
DOI : 10.1007/978-0-387-35578-8_3
, Two Complementary Tools for the Formal Testing of Distributed Systems with Time Constraints, 2008 12th IEEE/ACM International Symposium on Distributed Simulation and Real-Time Applications, pp.315-318, 2008.
DOI : 10.1109/DS-RT.2008.43
, Constraints for role-based access control, Proceedings of the first ACM Workshop on Role-based access control , RBAC '95, 1996.
DOI : 10.1145/270152.270177
, A first step towards formal verification of security policy properties for RBAC, Fourth International Conference onQuality Software, 2004. QSIC 2004. Proceedings., pp.60-67, 2004.
DOI : 10.1109/QSIC.2004.1357945
, An intrusion-detection model, IEEE Transactions on Software Engineering, p.13, 1987.
, Protecting Critical Infrastructures While Preserving Each Organization???s Autonomy, Proceedings of the 7th international conference on Distributed computing and internet technology, pp.15-34, 2011.
DOI : 10.1007/978-3-642-19056-8_2
, Test Generation for Network Security Rules, 18th IFIP TC6/WG6.1 International Conference on Testing of Communicating Systems, pp.341-356, 2006.
DOI : 10.1007/11754008_22
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.458.3609
, Formalizing interoperability for test case generation purpose, International Journal on Software Tools for Technology Transfer, vol.9, issue.3, pp.261-267, 2009.
DOI : 10.1007/s10009-009-0103-8
URL : https://hal.archives-ouvertes.fr/hal-00789575
, Strips: A new approach to the application of theorem proving to problem solving, In Artificial Intelligence, vol.2, pp.189-208, 1971.
, Specification and verification of security properties of e-contracts, 8th International Conference on Communications (COMM), pp.427-430, 2010.
, Interoperability testing of presence service on ims platform, Testbeds and Research Infrastructures for the Development of Networks Communities and Workshops 5th International Conference on, pp.1-6, 2009.
, Testing interoperability security policies, The 24th International Conference on Software Engineering and Knowledge Engineering, 2012.
, Verification of Interoperability Security Policies by Model Checking, 2011 IEEE 13th International Symposium on High-Assurance Systems Engineering, pp.376-381, 2011.
DOI : 10.1109/HASE.2011.17
, A Formal Approach for Interoperability Testing of Security Rules, 2010 Sixth International Conference on Signal-Image Technology and Internet Based Systems, 2010.
DOI : 10.1109/SITIS.2010.53
, An extensible framework for specifying and reasoning about complex role-based access control models, 2009.
, Going Beyond MAC and DAC Using Mobile Policies, Proceedings of the IFIP TC11 Sixteenth Annual Working Conference on Information Security: Trusted Information: The New Decade Challenge, IFIP/Sec '01, pp.245-260, 2001.
DOI : 10.1007/0-306-46998-7_17
, Role-based access control, 15th NIST-NCSC National Computer Security Conference, pp.554-563, 1992.
, Utilizing fuzzy logic and neural networks for effective, preventative intrusion detection in a wireless environment, Proceedings of the 2007 annual research conference of the South African institute of computer scientists and information technologists on IT research in developing countries , SAICSIT '07, pp.29-35, 2007.
DOI : 10.1145/1292491.1292495
, Rewriting-based techniques for runtime verification, Automated Software Engineering, pp.151-197, 2005.
, Web services access negociation, 2008.
, Access control in an open distributed environment, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186), 1998.
DOI : 10.1109/SECPRI.1998.674819
, XeNA: an access negotiation framework using XACML, Annals of telecommunications, pp.155-169, 2009.
DOI : 10.1007/s12243-008-0050-5
URL : https://hal.archives-ouvertes.fr/hal-00448945
, Enhancing security and privacy in traffic-monitoring systems, IEEE Pervasive Computing, pp.38-46, 2006.
, Formal specification and verification of modular security policy based on colored petri nets, IEEE Transactions on Dependable and Secure Computing, 2010.
, Integrated System Interoperability Testing With Applications to VoIP, IEEE/ACM Transactions on Networking, vol.12, issue.5, pp.823-836, 2004.
DOI : 10.1109/TNET.2004.836136
, Access control meets public key infrastructure, or: assigning roles to strangers, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000, p.2, 2000.
DOI : 10.1109/SECPRI.2000.848442
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.86.2687
, Spin model checker, the primer and reference manual
, Systematic structural testing of firewall policies, IEEE Transactions on Network and Service Management, pp.1-11, 2012.
, A generalized temporal role-based access control model, IEEE Transactions on Knowledge and Data Engineering, vol.17, issue.1, pp.4-23, 2005.
DOI : 10.1109/TKDE.2005.1
, TGV: theory, principles and algorithms, The International Journal on Software Tools for Technology Transfer, pp.297-315, 2005.
DOI : 10.1007/s10009-004-0153-x
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.1.4262
, Organization based access control, Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY '03, p.120, 2003.
URL : https://hal.archives-ouvertes.fr/hal-01483818
, A policy description language American Association for Artificial Intelligence, Proceedings of the sixteenth national conference on Artificial intelligence and the eleventh Innovative applications of artificial intelligence conference innovative applications of artificial intelligence, AAAI '99/IAAI '99, pp.291-298, 1999.
, Test generation for the distributed test architecture, Networks, 1993. International Conference on Information Engineering '93. 'Communications and Networks for the Year Proceedings of IEEE Singapore International Conference on, pp.670-674, 1993.
, Security Rules Specification and Analysis Based on Passive Testing, IEEE GLOBECOM 2008, 2008 IEEE Global Telecommunications Conference, 2008.
DOI : 10.1109/GLOCOM.2008.ECP.400
URL : https://hal.archives-ouvertes.fr/hal-01378696
, A formal approach for testing security rules, Proceedings of the 12th ACM symposium on Access control models and technologies , SACMAT '07, pp.127-132, 2007.
DOI : 10.1145/1266840.1266860
, Extending hp identity management solutions to enforce privacy policies and obligations for regulatory compliance by enterprises, 12th HP OpenView University Association Workshop, 2005.
, Formal supervision of mobile ad hoc networks for security flaws detection, Book chapterSecurity Engineering Techniques and Solutions for Information Systems: Management and Implementation, 2010.
URL : https://hal.archives-ouvertes.fr/hal-00690721
, A Security Model for OLSR MANET Protocol, 7th International Conference on Mobile Data Management (MDM'06), p.122, 2006.
DOI : 10.1109/MDM.2006.17
, Snort: Lightweight intrusion detection for networks, Proceedings of USENIX LISA99, 1999.
, Spl: An access control language for security policies with complex constraints, Proceedings of the Network and Distributed System Security Symposium, pp.89-107, 1999.
, Firewall Conformance Testing, Int. Conference on Testing of Communicating Systems (Test- Com), pp.226-241, 2005.
DOI : 10.1016/0169-7552(88)90064-5
, Formal specification of role-based security policies for clinical information systems, Proceedings of the 2005 ACM symposium on Applied computing , SAC '05, pp.332-339, 2005.
DOI : 10.1145/1066677.1066756
, Analyzing and Managing Role-Based Access Control Policies, IEEE Transactions on Knowledge and Data Engineering, vol.20, issue.7, pp.924-939, 2008.
DOI : 10.1109/TKDE.2008.28
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.126.907
, Fsm based interoperability testing methods for multi stimuli model, Lecture Notes in Computer Science, vol.2978, pp.60-75, 2004.
, Interoperability Test Generation and Minimization for Communication Protocols Based on the Multiple Stimuli Principle, IEEE Journal on Selected Areas in Communications, vol.22, issue.10, pp.2062-2074, 2004.
DOI : 10.1109/JSAC.2004.836015
, Message Confidentiality Testing of Security Protocols ??? Passive Monitoring and Active Checking, International Conference on Testing of Communicating Systems (TestCom), pp.357-372, 2006.
DOI : 10.1007/11754008_23
, Policy driven management for distributed systems, Journal of Network and Systems Management, pp.333-360, 1994.
DOI : 10.1007/BF02283186
, Role based interoperability security policies in collaborative systems, 2012 International Conference on Collaboration Technologies and Systems (CTS), 2012.
DOI : 10.1109/CTS.2012.6261092
URL : https://hal.archives-ouvertes.fr/hal-00738970
, Mutation-Based Evaluation of Weighted Test Case Selection for Firewall Testing, 2011 Fifth International Conference on Secure Software Integration and Reliability Improvement, pp.157-164, 2011.
DOI : 10.1109/SSIRI.2011.22
, Testing techniques The Netherlands, Lecture notes, 2002.
, Theorem Proving for Modeling and Conflict Checking of Authorization Policies, 2006 International Symposium on Computer Networks, pp.146-151, 2006.
DOI : 10.1109/ISCN.2006.1662524
, Robbing the Bank with a Theorem Prover, 2005.
DOI : 10.1007/978-3-642-17773-6_21
, Modeling Chinese Wall Policy Using Colored Petri Nets, The Sixth IEEE International Conference on Computer and Information Technology (CIT'06), p.162, 2006.
DOI : 10.1109/CIT.2006.123