SlideShare ist ein Scribd-Unternehmen logo

Bell-La Padula Healthcare

R
ruiquelhas

A brief overview on the application of the Bell-La Padula security model in healthcare access control systems (with a proposed lattice).

1 von 9
Access Control in Healthcare Bell-LaPadula model application scenario Rui Filipe Pedro Quelhas PG15590 Tiago Costa Oliveira PG15384
Context (BLP) security model, not policy - a policy describes a security system requirement - a model it’s a mechanism that formally implements a policy developed from the confidentiality point of view hybrid model that combines both DAC/IBAC and MAC policy specifications static model, not allowing labels/clearances flexibility basis of several standards including DoD’s TCSEC aka “Orange Book” biggest concerns involving the information flow on a system between different levels (Multi- level Security concept) relies on the principle “information can’t flow downwards” which it implements with two clear rules: - simple security property -> forces a “no read up” approach - * property -> forces a “no write down” approach
Context (healthcare) considerable group of subjects, like nurses, practicers, doctors, administrators and other technical staff restrict set of objects, with special relevance over the patient’s medical record (as of today, on technological environments, the EMR) models like BLP were developed with military purposes which’s static and rigid approaches are in contrast with the healthcare system’s emergency character conflict of interests is not a critical problem but... ...patient confidentiality, authentication of records and integrity are ethic compliance policies are strictly demanded the system needs to adapt itself to the subjects, not the other way around emergency situations require more flexible mechanisms
Proposed lattice (part 1) the security set b x M x f captures all current permissions and all current instances of subjects accessing objects defining security states - b represents the set of current accesses defined by tuples (s,o,a) indicating that the subject s performs an operation a on the object o - M is a set of the access control lists or matrices (DAC ideology) - f is a set of security level assignments defined by tuples (fs,fc,fo) where fs indicates the maximum security level (clearance) and fc the current security level of a subject, fo gives the classification of each object (MAC ideology) as for BLP, an object can be public, confidential, secret and at-most top-secret, and the access to it is restricted by a certain match to the subject’s security levels the “no read up” and the “no write down” properties implemented by BLP on a MLS system are enforced considering these concepts and can be formally represented as a lattice the lattice determines a partial order and defines the dominance of each element in the system representing clearly the allowed operations (read, write) and the direction of the information flow
Proposed lattice (part 2) Figure: lattice of security labels for a Bell-LaPadula compliant healthcare system
Considerations the existence of a “break the glass” mechanism it’s of vital importance, but... ...flexibility introduces bigger costs, control mechanisms need to be more efficient, more reports and alerts need to be generated studies show that most of “healthcare information environments” tend to follow some standard and generic trends looks like there’s no much concern about some case-specific scenarios on this kind of environments BLP is one in many, and it’s roots make it a very rigid and complex mechanism the RBAC philosophy gives the “freedom” that we were looking for with the introduction of a role-based control that can make the task of outlining security/clearance levels more easy fancy models like CISSP are becoming a very strong pattern
References (bibliographic) D. Bell, Looking Back at the Bell-LaPadula Model, Reston VA 20191. December 2005. D. Aspinall, Security Models: Computer Security Lecture, School of Informatics University of Edinburgh. February 2009. W. Farmer, CS 31S3 Fall 2007: Security Policies, Department of Computing and Software McMaster University. November 2009. L. Viganò, Access Control and Security Policies II, Department of Computer Science ETH Zurich. January 2004. C. Clifton, CS525: Information Security Bell-LaPadula Model, Purdue University. September 2004. A. Ferreira, R. Cruz-Correia, L. Antunes, D. Chadwick, Access Control: how can it improve patients' healthcare? A. Ferreira, R. Cruz-Correia, L. Antunes, P. Farinha, E. Oliveira-Palhares, D. Chadwick, A. Costa-Pereira, How to break access control in a controlled manner.
References (www) en.wikipedia.org/wiki/Bell-La_Padula_model computer-security-art-and-science.org.ua/ch07lev1sec2.htm www.iwar.org.uk/comsec/resources/security-lecture/showb1a7.html www.redhatpartners.com/docs/manuals/enterprise/RHEL-5-manual/en-US/RHEL510/ Deployment_Guide/sec-mls-blp.html www.cs.unc.edu/~dewan/242/s04/notes/prot/node15.html courses.cs.vt.edu/~cs5204/fall99/protection/harsh/ www.cryptosmith.com/archives/36
Q&A

Empfohlen

Visual Api Training
Visual Api TrainingVisual Api Training
Visual Api TrainingSpark Summit
 
Exploratory data analysis
Exploratory data analysisExploratory data analysis
Exploratory data analysisgokulprasath06
 
Introduction to Web Mining and Spatial Data Mining
Introduction to Web Mining and Spatial Data MiningIntroduction to Web Mining and Spatial Data Mining
Introduction to Web Mining and Spatial Data MiningAarshDhokai
 
Data Mining: Concepts and Techniques (3rd ed.) - Chapter 3 preprocessing
Data Mining: Concepts and Techniques (3rd ed.) - Chapter 3 preprocessingData Mining: Concepts and Techniques (3rd ed.) - Chapter 3 preprocessing
Data Mining: Concepts and Techniques (3rd ed.) - Chapter 3 preprocessingSalah Amean
 
Open Targets, identifying targets for drug development in the treatment of di...
Open Targets, identifying targets for drug development in the treatment of di...Open Targets, identifying targets for drug development in the treatment of di...
Open Targets, identifying targets for drug development in the treatment of di...Denise Carvalho-Silva, PhD
 
Introduction to RDF
Introduction to RDFIntroduction to RDF
Introduction to RDFNarni Rajesh
 
The bell la padula model
The bell la padula modelThe bell la padula model
The bell la padula modelShaishav Dahal
 
Seeing families through whose eyes?
Seeing families through whose eyes?Seeing families through whose eyes?
Seeing families through whose eyes?BASPCAN
 

Empfohlen

Visual Api Training
Visual Api TrainingVisual Api Training
Visual Api TrainingSpark Summit
 
Exploratory data analysis
Exploratory data analysisExploratory data analysis
Exploratory data analysisgokulprasath06
 
Introduction to Web Mining and Spatial Data Mining
Introduction to Web Mining and Spatial Data MiningIntroduction to Web Mining and Spatial Data Mining
Introduction to Web Mining and Spatial Data MiningAarshDhokai
 
Data Mining: Concepts and Techniques (3rd ed.) - Chapter 3 preprocessing
Data Mining: Concepts and Techniques (3rd ed.) - Chapter 3 preprocessingData Mining: Concepts and Techniques (3rd ed.) - Chapter 3 preprocessing
Data Mining: Concepts and Techniques (3rd ed.) - Chapter 3 preprocessingSalah Amean
 
Open Targets, identifying targets for drug development in the treatment of di...
Open Targets, identifying targets for drug development in the treatment of di...Open Targets, identifying targets for drug development in the treatment of di...
Open Targets, identifying targets for drug development in the treatment of di...Denise Carvalho-Silva, PhD
 
Introduction to RDF
Introduction to RDFIntroduction to RDF
Introduction to RDFNarni Rajesh
 
The bell la padula model
The bell la padula modelThe bell la padula model
The bell la padula modelShaishav Dahal
 
Seeing families through whose eyes?
Seeing families through whose eyes?Seeing families through whose eyes?
Seeing families through whose eyes?BASPCAN
 
Analysis of N Category Privacy Models
Analysis of N Category Privacy ModelsAnalysis of N Category Privacy Models
Analysis of N Category Privacy ModelsCSCJournals
 
Bell-LaPadula (1).ppt
Bell-LaPadula (1).pptBell-LaPadula (1).ppt
Bell-LaPadula (1).pptKhushiAgarwal193641
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architectureamiable_indian
 
AccessControl.ppt
AccessControl.pptAccessControl.ppt
AccessControl.pptDAKSHATAPANCHAL2
 
A Survey on Context Security Policies in the Cloud
A Survey on Context Security Policies in the CloudA Survey on Context Security Policies in the Cloud
A Survey on Context Security Policies in the CloudPaaSword EU Project
 
Ch20
Ch20Ch20
Ch20Joe Christensen
 
Security models
Security models Security models
Security models LJ PROJECTS
 
DISTRIBUTED DATABASE
DISTRIBUTED DATABASEDISTRIBUTED DATABASE
DISTRIBUTED DATABASEMohamed Zeinelabdeen Abdelgader Farh jber
 
Design for security in operating system
Design for security in operating systemDesign for security in operating system
Design for security in operating systemBhagyashree Barde
 
Operating_System_Concepts_8th_EditionA4.pdf
Operating_System_Concepts_8th_EditionA4.pdfOperating_System_Concepts_8th_EditionA4.pdf
Operating_System_Concepts_8th_EditionA4.pdfDrAmarNathDhebla
 
Database security
Database securityDatabase security
Database securitykeerthusandeepreddy
 
15 Pages (3pages-section) References Choose a topic that re.docx
15 Pages (3pages-section) References Choose a topic that re.docx15 Pages (3pages-section) References Choose a topic that re.docx
15 Pages (3pages-section) References Choose a topic that re.docxjesusamckone
 
Army Study: Ontology-based Adaptive Systems of Cyber Defense
Army Study: Ontology-based Adaptive Systems of Cyber DefenseArmy Study: Ontology-based Adaptive Systems of Cyber Defense
Army Study: Ontology-based Adaptive Systems of Cyber DefenseRDECOM
 
IN-DEPTH ANALYSIS AND SYSTEMATIC LITERATURE REVIEW ON RISK BASED ACCESS CONTR...
IN-DEPTH ANALYSIS AND SYSTEMATIC LITERATURE REVIEW ON RISK BASED ACCESS CONTR...IN-DEPTH ANALYSIS AND SYSTEMATIC LITERATURE REVIEW ON RISK BASED ACCESS CONTR...
IN-DEPTH ANALYSIS AND SYSTEMATIC LITERATURE REVIEW ON RISK BASED ACCESS CONTR...ijcseit
 
PLANT LEAF DISEASES IDENTIFICATION IN DEEP LEARNING
PLANT LEAF DISEASES IDENTIFICATION IN DEEP LEARNINGPLANT LEAF DISEASES IDENTIFICATION IN DEEP LEARNING
PLANT LEAF DISEASES IDENTIFICATION IN DEEP LEARNINGCSEIJJournal
 
Network Security Layers
Network Security LayersNetwork Security Layers
Network Security Layersnatarafonseca
 
Data and database security and controls
Data and database security and controlsData and database security and controls
Data and database security and controlsFITSFSd
 
Paper MIE2016 from Proceedings pags 122-126
Paper MIE2016 from Proceedings pags 122-126Paper MIE2016 from Proceedings pags 122-126
Paper MIE2016 from Proceedings pags 122-126vilaltajo
 
Executable Security Policies: Specification and Validation of Security Policies
Executable Security Policies: Specification and Validation of Security PoliciesExecutable Security Policies: Specification and Validation of Security Policies
Executable Security Policies: Specification and Validation of Security Policiesijwmn
 
Query Processing with k-Anonymity
Query Processing with k-AnonymityQuery Processing with k-Anonymity
Query Processing with k-AnonymityWaqas Tariq
 

Weitere ähnliche Inhalte

Ähnlich wie Bell-La Padula Healthcare

Analysis of N Category Privacy Models
Analysis of N Category Privacy ModelsAnalysis of N Category Privacy Models
Analysis of N Category Privacy ModelsCSCJournals
 
A Survey on Context Security Policies in the Cloud
A Survey on Context Security Policies in the CloudA Survey on Context Security Policies in the Cloud
A Survey on Context Security Policies in the CloudPaaSword EU Project
 
Security models
Security models Security models
Security models LJ PROJECTS
 
Design for security in operating system
Design for security in operating systemDesign for security in operating system
Design for security in operating systemBhagyashree Barde
 
Operating_System_Concepts_8th_EditionA4.pdf
Operating_System_Concepts_8th_EditionA4.pdfOperating_System_Concepts_8th_EditionA4.pdf
Operating_System_Concepts_8th_EditionA4.pdfDrAmarNathDhebla
 
15 Pages (3pages-section) References Choose a topic that re.docx
15 Pages (3pages-section) References Choose a topic that re.docx15 Pages (3pages-section) References Choose a topic that re.docx
15 Pages (3pages-section) References Choose a topic that re.docxjesusamckone
 
Army Study: Ontology-based Adaptive Systems of Cyber Defense
Army Study: Ontology-based Adaptive Systems of Cyber DefenseArmy Study: Ontology-based Adaptive Systems of Cyber Defense
Army Study: Ontology-based Adaptive Systems of Cyber DefenseRDECOM
 
IN-DEPTH ANALYSIS AND SYSTEMATIC LITERATURE REVIEW ON RISK BASED ACCESS CONTR...
IN-DEPTH ANALYSIS AND SYSTEMATIC LITERATURE REVIEW ON RISK BASED ACCESS CONTR...IN-DEPTH ANALYSIS AND SYSTEMATIC LITERATURE REVIEW ON RISK BASED ACCESS CONTR...
IN-DEPTH ANALYSIS AND SYSTEMATIC LITERATURE REVIEW ON RISK BASED ACCESS CONTR...ijcseit
 
PLANT LEAF DISEASES IDENTIFICATION IN DEEP LEARNING
PLANT LEAF DISEASES IDENTIFICATION IN DEEP LEARNINGPLANT LEAF DISEASES IDENTIFICATION IN DEEP LEARNING
PLANT LEAF DISEASES IDENTIFICATION IN DEEP LEARNINGCSEIJJournal
 
Network Security Layers
Network Security LayersNetwork Security Layers
Network Security Layersnatarafonseca
 
Data and database security and controls
Data and database security and controlsData and database security and controls
Data and database security and controlsFITSFSd
 
Paper MIE2016 from Proceedings pags 122-126
Paper MIE2016 from Proceedings pags 122-126Paper MIE2016 from Proceedings pags 122-126
Paper MIE2016 from Proceedings pags 122-126vilaltajo
 
Executable Security Policies: Specification and Validation of Security Policies
Executable Security Policies: Specification and Validation of Security PoliciesExecutable Security Policies: Specification and Validation of Security Policies
Executable Security Policies: Specification and Validation of Security Policiesijwmn
 
Query Processing with k-Anonymity
Query Processing with k-AnonymityQuery Processing with k-Anonymity
Query Processing with k-AnonymityWaqas Tariq
 

Ähnlich wie Bell-La Padula Healthcare (20)

Analysis of N Category Privacy Models
Analysis of N Category Privacy ModelsAnalysis of N Category Privacy Models
Analysis of N Category Privacy Models
 
Bell-LaPadula (1).ppt
Bell-LaPadula (1).pptBell-LaPadula (1).ppt
Bell-LaPadula (1).ppt
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
 
AccessControl.ppt
AccessControl.pptAccessControl.ppt
AccessControl.ppt
 
A Survey on Context Security Policies in the Cloud
A Survey on Context Security Policies in the CloudA Survey on Context Security Policies in the Cloud
A Survey on Context Security Policies in the Cloud
 
Ch20
Ch20Ch20
Ch20
 
Security models
Security models Security models
Security models
 
DISTRIBUTED DATABASE
DISTRIBUTED DATABASEDISTRIBUTED DATABASE
DISTRIBUTED DATABASE
 
Design for security in operating system
Design for security in operating systemDesign for security in operating system
Design for security in operating system
 
Operating_System_Concepts_8th_EditionA4.pdf
Operating_System_Concepts_8th_EditionA4.pdfOperating_System_Concepts_8th_EditionA4.pdf
Operating_System_Concepts_8th_EditionA4.pdf
 
Database security
Database securityDatabase security
Database security
 
15 Pages (3pages-section) References Choose a topic that re.docx
15 Pages (3pages-section) References Choose a topic that re.docx15 Pages (3pages-section) References Choose a topic that re.docx
15 Pages (3pages-section) References Choose a topic that re.docx
 
Army Study: Ontology-based Adaptive Systems of Cyber Defense
Army Study: Ontology-based Adaptive Systems of Cyber DefenseArmy Study: Ontology-based Adaptive Systems of Cyber Defense
Army Study: Ontology-based Adaptive Systems of Cyber Defense
 
IN-DEPTH ANALYSIS AND SYSTEMATIC LITERATURE REVIEW ON RISK BASED ACCESS CONTR...
IN-DEPTH ANALYSIS AND SYSTEMATIC LITERATURE REVIEW ON RISK BASED ACCESS CONTR...IN-DEPTH ANALYSIS AND SYSTEMATIC LITERATURE REVIEW ON RISK BASED ACCESS CONTR...
IN-DEPTH ANALYSIS AND SYSTEMATIC LITERATURE REVIEW ON RISK BASED ACCESS CONTR...
 
PLANT LEAF DISEASES IDENTIFICATION IN DEEP LEARNING
PLANT LEAF DISEASES IDENTIFICATION IN DEEP LEARNINGPLANT LEAF DISEASES IDENTIFICATION IN DEEP LEARNING
PLANT LEAF DISEASES IDENTIFICATION IN DEEP LEARNING
 
Network Security Layers
Network Security LayersNetwork Security Layers
Network Security Layers
 
Data and database security and controls
Data and database security and controlsData and database security and controls
Data and database security and controls
 
Paper MIE2016 from Proceedings pags 122-126
Paper MIE2016 from Proceedings pags 122-126Paper MIE2016 from Proceedings pags 122-126
Paper MIE2016 from Proceedings pags 122-126
 
Executable Security Policies: Specification and Validation of Security Policies
Executable Security Policies: Specification and Validation of Security PoliciesExecutable Security Policies: Specification and Validation of Security Policies
Executable Security Policies: Specification and Validation of Security Policies
 
Query Processing with k-Anonymity
Query Processing with k-AnonymityQuery Processing with k-Anonymity
Query Processing with k-Anonymity
 

Bell-La Padula Healthcare

  • 1. Access Control in Healthcare Bell-LaPadula model application scenario Rui Filipe Pedro Quelhas PG15590 Tiago Costa Oliveira PG15384
  • 2. Context (BLP) security model, not policy - a policy describes a security system requirement - a model it’s a mechanism that formally implements a policy developed from the confidentiality point of view hybrid model that combines both DAC/IBAC and MAC policy specifications static model, not allowing labels/clearances flexibility basis of several standards including DoD’s TCSEC aka “Orange Book” biggest concerns involving the information flow on a system between different levels (Multi- level Security concept) relies on the principle “information can’t flow downwards” which it implements with two clear rules: - simple security property -> forces a “no read up” approach - * property -> forces a “no write down” approach
  • 3. Context (healthcare) considerable group of subjects, like nurses, practicers, doctors, administrators and other technical staff restrict set of objects, with special relevance over the patient’s medical record (as of today, on technological environments, the EMR) models like BLP were developed with military purposes which’s static and rigid approaches are in contrast with the healthcare system’s emergency character conflict of interests is not a critical problem but... ...patient confidentiality, authentication of records and integrity are ethic compliance policies are strictly demanded the system needs to adapt itself to the subjects, not the other way around emergency situations require more flexible mechanisms
  • 4. Proposed lattice (part 1) the security set b x M x f captures all current permissions and all current instances of subjects accessing objects defining security states - b represents the set of current accesses defined by tuples (s,o,a) indicating that the subject s performs an operation a on the object o - M is a set of the access control lists or matrices (DAC ideology) - f is a set of security level assignments defined by tuples (fs,fc,fo) where fs indicates the maximum security level (clearance) and fc the current security level of a subject, fo gives the classification of each object (MAC ideology) as for BLP, an object can be public, confidential, secret and at-most top-secret, and the access to it is restricted by a certain match to the subject’s security levels the “no read up” and the “no write down” properties implemented by BLP on a MLS system are enforced considering these concepts and can be formally represented as a lattice the lattice determines a partial order and defines the dominance of each element in the system representing clearly the allowed operations (read, write) and the direction of the information flow
  • 5. Proposed lattice (part 2) Figure: lattice of security labels for a Bell-LaPadula compliant healthcare system
  • 6. Considerations the existence of a “break the glass” mechanism it’s of vital importance, but... ...flexibility introduces bigger costs, control mechanisms need to be more efficient, more reports and alerts need to be generated studies show that most of “healthcare information environments” tend to follow some standard and generic trends looks like there’s no much concern about some case-specific scenarios on this kind of environments BLP is one in many, and it’s roots make it a very rigid and complex mechanism the RBAC philosophy gives the “freedom” that we were looking for with the introduction of a role-based control that can make the task of outlining security/clearance levels more easy fancy models like CISSP are becoming a very strong pattern
  • 7. References (bibliographic) D. Bell, Looking Back at the Bell-LaPadula Model, Reston VA 20191. December 2005. D. Aspinall, Security Models: Computer Security Lecture, School of Informatics University of Edinburgh. February 2009. W. Farmer, CS 31S3 Fall 2007: Security Policies, Department of Computing and Software McMaster University. November 2009. L. Viganò, Access Control and Security Policies II, Department of Computer Science ETH Zurich. January 2004. C. Clifton, CS525: Information Security Bell-LaPadula Model, Purdue University. September 2004. A. Ferreira, R. Cruz-Correia, L. Antunes, D. Chadwick, Access Control: how can it improve patients' healthcare? A. Ferreira, R. Cruz-Correia, L. Antunes, P. Farinha, E. Oliveira-Palhares, D. Chadwick, A. Costa-Pereira, How to break access control in a controlled manner.
  • 8. References (www) en.wikipedia.org/wiki/Bell-La_Padula_model computer-security-art-and-science.org.ua/ch07lev1sec2.htm www.iwar.org.uk/comsec/resources/security-lecture/showb1a7.html www.redhatpartners.com/docs/manuals/enterprise/RHEL-5-manual/en-US/RHEL510/ Deployment_Guide/sec-mls-blp.html www.cs.unc.edu/~dewan/242/s04/notes/prot/node15.html courses.cs.vt.edu/~cs5204/fall99/protection/harsh/ www.cryptosmith.com/archives/36
  • 9. Q&A