CEN/TR 15300:2006
Current
The latest, up-to-date edition.
Health informatics - Framework for formal modelling of healthcare security policies
11-10-2006
Foreword
Introduction
1 Scope
2 Normative References
3 Terms and definitions
4 Symbols and abbreviations
5 Introduction to FM_HSP
6 Historical security policies
7 A generic formal modelling approach
8 Healthcare current needs & future trends
9 Healthcare applications of FM_HSP
Annex A Bell LaPadula's and Biba's models
Annex B Non-deduction/Non-inference models
Annex C HRU/Take-Grant/TAM-ATAM models
Annex D Chinese Wall model
Annex E Modal logic-based models
Annex F Deontic logic-based models
Bibliography
This CEN report specifies the starting point for working on some formalising tools that could be used by the healthcare actors to express, compare and validate local and/or network security policies.Defining and validating a correct security policy encompass different activities such as expressing correctly(i.e. without any ambiguity), formulating correctly (i.e. without any misinterpretation) and proving the correctness (i.e. without known failures or major lack) of the [to be formally modelled] security policy.This CEN report does NOT intend at all to specify a UNIQUE or UNIVERSAL formal model that need to be used by the European healthcare community: it only indicates, as a first working step, some ways that could be followed to help that healthcare community to correctly and fruitfully manipulate the security policy concept(s) and the formal modelling techniques.This CEN report does NOT intend to indicate an EXHAUSTIVE spectrum of all the published formal security policy models: it only gives a readable and understandable flavour of the most well-known formal models and also of the [maybe] most interesting ones from the healthcare activity and needs point of view. This CEN report is, in this very first version, divided in five parts:oPart #1 - Introduction to formal modelling: this clause summarises and justifies the following needs:i.need for policies, in general and for any context;ii.need for security policies, in any data processing context;iii.need for models (or modelling facilities) of security policies, in some generic system environments;iv.need for formal models (or formal modelling facilities) of security policies, in some sensitive areas;v.need for healthcare-oriented formal models of security policies, specialized to healthcare specificities.oPart #2 - Historical security policies and models: this clause explains and introduces the main objectives and concepts of the security policy modelling activity that seems to be of
| Committee |
CEN/TC 251
|
| DocumentType |
Technical Report
|
| PublisherName |
Comite Europeen de Normalisation
|
| Status |
Current
|
| Standards | Relationship |
| I.S. CEN TR 15300:2006 | Identical |
| NEN NPR CEN/TR 15300 : 2006 | Identical |
| ENV 13606-3 : DRAFT 2000 | HEALTH INFORMATICS - ELECTRONIC HEALTHCARE RECORD COMMUNICATION - PART 3: DISTRIBUTION RULES |
| ECMA/TR 46 : 1ED 88 | SECURITY IN OPEN SYSTEMS - A SECURITY FRAMEWORK |
| ISO/IEC 10181-1:1996 | Information technology Open Systems Interconnection Security frameworks for open systems: Overview |
| ISO/IEC 9594-8:2017 | Information technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks |
| ISO 7498-2:1989 | Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture |
| ISO/IEC 2382-8:1998 | Information technology Vocabulary Part 8: Security |
| ENV 12924 : DRAFT 1997 | MEDICAL INFORMATICS - SECURITY CATEGORISATION AND PROTECTION FOR HEALTHCARE INFORMATION SYSTEMS |
| ENV 13608-1:2000 | Health informatics - Security for healthcare communication - Part 1: Concepts and terminology |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.