Security model for health care computing and communication systems

Health Care Computing and Communication Systems (HCCS) are characterized by the complexity of the organizations to take into account and the richness of properties that are required. To address this complexity and richness, we propose a security policy based on roles, groups of objects and context. Indeed, similarly to roles that structure the subjects, we introduce the new concept "group of objects,, which structures objects. Our major aim is to facilitate the security policy management, to cope with access right complexity, and to reduce administration errors. Then we develop a security model that covers the diversity of HCCS while achieving a good compromise between the respect of the least privilege principle and the flexibility of the access control. Following a logical approach, we design a formal system that extends the deontic logic, and we express the security policy in our language.