On a Formal and User-friendly Linguistic Approach to Access Control of Electronic Health Data

The importance of the exchange of Electronic Health Records (EHRs) between hospitals has been recognized by governments and institutions. Due to the sensitivity of data exchanged, only mature standards and implementations can be chosen to operate. This exchange process is of course under the control of the patient, who decides who has the rights to access her personal healthcare data and who has not, by giving her personal privacy consent. Patients’ privacy consent is regulated by local legislations, which can vary frequently from region to region. The technology implementing such privacy aspects must be highly adaptable, often resulting in complex security scenarios that cannot be easily managed by patients and software designers. To overcome such security problems, we advocate the use of a linguistic approach that relies on languages for expressing policies with solid mathematical foundations. Our approach bases on FACPL, a policy language we have intentionally designed by taking inspiration from OASIS XACML, the de-facto standard used in all projects covering secure EHRs transmission protected by patients’ privacy consent. FACPL can express policies similar to those expressible by XACML but, differently from XACML, it has an intuitive syntax, a formal semantics and easy to use software tools supporting policy development and enforcement. In this paper, we present the potentialities of our approach and outline ongoing work

Towards Model-Driven Development of Access Control Policies for Web Applications

We introduce a UML-based notation for graphically modeling systems’ security aspects in a simple and intuitive way and a model-driven process that transforms graphical specifications of access control policies in XACML. These XACML policies are then translated in FACPL, a policy language with a formal semantics, and the resulting policies are evaluated by means of a Java-based software tool

Privacy in an Ambient World

Privacy is a prime concern in today's information society. To protect\ud the privacy of individuals, enterprises must follow certain privacy practices, while\ud collecting or processing personal data. In this chapter we look at the setting where an\ud enterprise collects private data on its website, processes it inside the enterprise and\ud shares it with partner enterprises. In particular, we analyse three different privacy\ud systems that can be used in the different stages of this lifecycle. One of them is the\ud Audit Logic, recently introduced, which can be used to keep data private when it\ud travels across enterprise boundaries. We conclude with an analysis of the features\ud and shortcomings of these systems