Using a process algebraic approach of verifying access control in XML-based healthcare systems

Ji Yeon Lee, Jin Young Choi, Il Gon Kim, Ki Seok Bang

Research output: Contribution to journalArticle

Abstract

Healthcare information and its secure management has become an active research topic along with an increase in the usage of XML documents and the importance of access control in maintaining patient records. In this paper, we present a methodology to describe a formal specification for an authorized view of an XML-based healthcare system having a schema-level access control by assigning well-established concurrency semantics to the system. To achieve this goal, we translate the semantics of the schema, query, access control for XML-based health records, and XPath expressions, into a CSP-like process algebra language through an illustrative example. Finally, our experimental results show the possibility to reason about security properties of an XML-based access control model with the support of automated model checking tools, because it provides the formal semantics for access control policies and XML documents with the tree structure.

Original languageEnglish
Pages (from-to)107-117
Number of pages11
JournalJournal of Research and Practice in Information Technology
Volume46
Issue number2-3
Publication statusPublished - 2014 Aug 1

Fingerprint

Access control
XML
Semantics
Model checking
Algebra
Health care system
Process approach
Health

Keywords

  • Authorized view
  • CSP
  • Formal specification
  • Health records
  • Process algebra
  • XPath

ASJC Scopus subject areas

  • Management Information Systems
  • Software
  • Information Systems
  • Hardware and Architecture
  • Computer Networks and Communications

Cite this

Using a process algebraic approach of verifying access control in XML-based healthcare systems. / Lee, Ji Yeon; Choi, Jin Young; Kim, Il Gon; Bang, Ki Seok.

In: Journal of Research and Practice in Information Technology, Vol. 46, No. 2-3, 01.08.2014, p. 107-117.

Research output: Contribution to journalArticle

@article{2f6bc3917b2840779fe347dbf081ac6d,
title = "Using a process algebraic approach of verifying access control in XML-based healthcare systems",
abstract = "Healthcare information and its secure management has become an active research topic along with an increase in the usage of XML documents and the importance of access control in maintaining patient records. In this paper, we present a methodology to describe a formal specification for an authorized view of an XML-based healthcare system having a schema-level access control by assigning well-established concurrency semantics to the system. To achieve this goal, we translate the semantics of the schema, query, access control for XML-based health records, and XPath expressions, into a CSP-like process algebra language through an illustrative example. Finally, our experimental results show the possibility to reason about security properties of an XML-based access control model with the support of automated model checking tools, because it provides the formal semantics for access control policies and XML documents with the tree structure.",
keywords = "Authorized view, CSP, Formal specification, Health records, Process algebra, XPath",
author = "Lee, {Ji Yeon} and Choi, {Jin Young} and Kim, {Il Gon} and Bang, {Ki Seok}",
year = "2014",
month = "8",
day = "1",
language = "English",
volume = "46",
pages = "107--117",
journal = "Journal of Research and Practice in Information Technology",
issn = "1443-458X",
publisher = "Australian Computer Society",
number = "2-3",

}

TY - JOUR

T1 - Using a process algebraic approach of verifying access control in XML-based healthcare systems

AU - Lee, Ji Yeon

AU - Choi, Jin Young

AU - Kim, Il Gon

AU - Bang, Ki Seok

PY - 2014/8/1

Y1 - 2014/8/1

N2 - Healthcare information and its secure management has become an active research topic along with an increase in the usage of XML documents and the importance of access control in maintaining patient records. In this paper, we present a methodology to describe a formal specification for an authorized view of an XML-based healthcare system having a schema-level access control by assigning well-established concurrency semantics to the system. To achieve this goal, we translate the semantics of the schema, query, access control for XML-based health records, and XPath expressions, into a CSP-like process algebra language through an illustrative example. Finally, our experimental results show the possibility to reason about security properties of an XML-based access control model with the support of automated model checking tools, because it provides the formal semantics for access control policies and XML documents with the tree structure.

AB - Healthcare information and its secure management has become an active research topic along with an increase in the usage of XML documents and the importance of access control in maintaining patient records. In this paper, we present a methodology to describe a formal specification for an authorized view of an XML-based healthcare system having a schema-level access control by assigning well-established concurrency semantics to the system. To achieve this goal, we translate the semantics of the schema, query, access control for XML-based health records, and XPath expressions, into a CSP-like process algebra language through an illustrative example. Finally, our experimental results show the possibility to reason about security properties of an XML-based access control model with the support of automated model checking tools, because it provides the formal semantics for access control policies and XML documents with the tree structure.

KW - Authorized view

KW - CSP

KW - Formal specification

KW - Health records

KW - Process algebra

KW - XPath

UR - http://www.scopus.com/inward/record.url?scp=85017032343&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85017032343&partnerID=8YFLogxK

M3 - Article

VL - 46

SP - 107

EP - 117

JO - Journal of Research and Practice in Information Technology

JF - Journal of Research and Practice in Information Technology

SN - 1443-458X

IS - 2-3

ER -