Creating access control maps and defining a security policy for a healthcare communication system

University essay from Linköpings universitet/Institutionen för datavetenskapLinköpings universitet/Tekniska fakulteten; Linköpings universitet/Institutionen för datavetenskapLinköpings universitet/Tekniska fakulteten

Abstract: This report handles the creation of an access control map and the dening of asecurity policy for a healthcare communication system. An access control mapis a graphical way to describe the access controls of the subjects and objects ina system. We use a three step method to produce a graphical overview of theparts in the system, the interactions between them and the permissions of thesubjects. Regarding the security policy we create a read up and read down policylike the so called Ring policy, but adapt a write sideways approach. We alsoapply a mandatory access control which has a centralized authority that denesthe permissions of the subjects. Attribute restrictions is also included to thesecurity levels, to set an under limit for reading permissions.

  AT THIS PAGE YOU CAN DOWNLOAD THE WHOLE ESSAY. (follow the link to the next page)