Michael Drouineaud

Learn More
—Today, more and more sensitive data is stored on computer systems; security-critical business processes are mapped to their digital counterparts. This situation applies to institutes that have different security requirements, such as the healthcare industry, digital government, and financial service institutes. Authorization constraints help the policy(More)
Security policies play an important role in today's computer systems. We show some severe limitations of the widespread standard role-based access control (RBAC) model, namely that object-based dynamic separation of duty as introduced by Nash and Poland cannot be expressed with it. We suggest to overcome these limitations by extending the RBAC model with an(More)
Considering the current expansion of IT-infrastructure the security of the data inside this infrastructure becomes increasingly important. Therefore assuring certain security properties of IT-systems by formal methods is desirable. So far in security formal methods have mostly been used to prove properties of security protocols. However, access control is(More)
Many healthcare organizations have transited from their old and disparate business models based on ink and paper to a new, consolidated ones based on electronic patient records. There are significant demands on secure mechanisms for collaboration and data sharing among clinicians, patients and researchers through clinical information systems. In order to(More)
Employing flexible access control mechanisms, formally specifying and correctly implementing relevant security properties, and ensuring that the implementation satisfies its formal specification, are some of the important aspects towards achieving higher-level organization-wide access control that maintains the characteristics of software quality. In the(More)
  • 1