Recent data breaches in domains such as healthcare where confidentiality of data is crucial indicate that breaches often originate from misuses, not only from vulnerabilities in the technical (software or hardware) architecture. Current requirements engineering (RE) approaches determine what access control mechanisms are needed to protect sensitive resources (assets). However, current RE approaches inadequately characterize how a user is expected to interact with others in relation to the relevant assets. Consequently, a requirements analyst can not readily identify misuses by legitimate users. We adopt social norms as a natural, formal means of characterizing user interactions whereby potential misuses map to norm violations. Our research goal is to help analysts identify misuse cases by formal reasoning about norm enactments. We propose NANE, a formal framework for identifying such misuse cases using a semiautomated process. We demonstrate how NANE enables monitoring of potential misuses on a healthcare scenario

Data breaches pose a major threat to stakeholders of modern software systems. Healthcare IT systems are no exception, and millions of patients have suffered from compromised health records in the recent years [22], [26]. Although some breaches arise due to vulnerabilities in the software, an increasing number of them are caused by misuse. For example, a failure to erase patient data contained on photocopiers' hard drives led to the disclosure of 350,000 patient files, and resulted in a fine of $ 1.2 million from the US Department of Health and Human Services (HHS). Example 1 describes a typical misuse

For More Details:Animated Video Cost 

Коментарии (0)
Чтобы добавить комментарий, войдите через свой аккаунт в соцсети
или зарегистрируйтесь на сайте
Добавить комментарий
отслеживать обновления