Abstract
We discuss the nature of security policies, particularly those that arise in the context of healthcare informatics, and the kind of mathematical framework needed to describe and reason about them. Various special purpose frameworks for this purpose have been presented over the years, many using bespoke logics and models of computation. We argue that the properties of interest can be expressed cleanly in a mainstream formal method, in particular in the process algebra CSP. This has a number of advantages: we have a well-established, uniform framework with well-defined semantics to work with and access to a number of well-established tools to verify and validate our models and implementations. By way of illustration we describe a CSP formulation of a policy for a clinical trials application drawn for the Framework 5 HARP Project.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35697-6_26
Chapter PDF
Similar content being viewed by others
References
M.J. Butler, csp2B: A practical approach to combining CSP and B (http://www.ecs.soton.ac.uk/mjb/csp2B/).
HARP Project (http://telecom.ntua.gr/ HARP/HARP/HARP.htm).
C.A.R. Hoare, Communicating Sequential Processes, Prentice Hall, 1985.
A.W. Roscoe, The Theory and Practice of Concurrency, Prentice-Hall, 1997.
P.Y.A. Ryan, Mathematical models of computer security, Proceedings of the FOSAD Summer School, LNCS 2171, R. Gorrieri (ed. ), Springer, 2000.
P.Y.A. Ryan et al., Modelling and Analysis of Security Protocols, Pearson Scientific, 2001.
P.Y.A. Ryan and S.A. Schneider, Process algebra and non-interference, Proceedings of the Computer Security Foundations Workshop, extended version in Journal of Computer Security, vol. 9 (1/2), 2001.
F. Schneider, Enforceable policies, ACM Transactions on Information and System Security vol. 3(1), pp. 30–50.
S.A. Schneider, Security properties and CSP, Proceedings of the IEEE Symposium on Security and Privacy, 1996.
S.A. Schneider, Concurrent and Real-Time Systems: The CSP Approach, Wiley, 2000.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Ryan, P., Arnesen, R.R. (2003). A Process Algebraic Approach to Security Policies. In: Gudes, E., Shenoi, S. (eds) Research Directions in Data and Applications Security. IFIP — The International Federation for Information Processing, vol 128. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35697-6_23
Download citation
DOI: https://doi.org/10.1007/978-0-387-35697-6_23
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-6413-0
Online ISBN: 978-0-387-35697-6
eBook Packages: Springer Book Archive