Use this URL to cite or link to this record in EThOS:
Title: CASSANDRA : flexible trust management and its application to electronic health records
Author: Becker, M. Y. W.-Y.
Awarding Body: University of Cambridge
Current Institution: University of Cambridge
Date of Award: 2005
Availability of Full Text:
Full text unavailable from EThOS.
Please contact the current institution’s library for further details.
The emergence of distributed applications operating on large-scale, heterogeneous and decentralised networks poses new and challenging problems of concern to society as a whole, in particular for data security, privacy and confidentiality.  Trust management and authorisation policy language have been proposed to address access control and authorisation in this context. Still, many key problems have remained unsolved. Existing systems are often not expressive enough, or are so expressive that access control becomes undecidable; their semantics is not formally specified; and they have not been shown to meet the requirements set by actual real-world applications. This dissertation addresses these problems. We present CASSANDRA, a role-based language and system for expressing authorisation policy, and the results of a substantial case study, a policy for a national electronic health record (HER) system, based on the requirements of the UK National Health Service’s National Programme for Information Technology (NPfIT). CASSANDRA policies are expressed in a language derived from Datalog with constraints. CASSANDRA supports credential-based authorisation (e.g. between administrative domains), and rules can refer to remote policies (for credential retrieval and trust negotiation). The expressiveness of the language (and its computational complexity) can be tuned by choosing an appropriate constraint domain. The language is small and has a formal semantics for both query evaluation and the access control engine. There has been a lack of real-world examples of complex security policies: our NPfIT case study fills this gap. The resulting CASSANDRA policy (with 375 rules) demonstrates that the policy language is expressive enough for a real-world application. We thus demonstrate that a general-purpose trust management system can be designed to be highly flexible, expressive, formally founded and meet the complex requirements of real-world applications.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID:  DOI: Not available