@InProceedings{	  brucker.ea:approach:2011,
  abstract	= {We present a generic modular policy modelling framework
		  and instantiate it with a substantial case study for
		  model-based testing of some key security mechanisms of
		  applications and services of the NPfIT. NPfIT, the National
		  Programme for IT, is a very large-scale development project
		  aiming to modernise the IT infrastructure of the NHS in
		  England. Consisting of heterogeneous and distributed
		  applications, it is an ideal target for model-based testing
		  techniques of a large system exhibiting critical security
		  features. We model the four information governance
		  principles, comprising a role-based access control model,
		  as well as policy rules governing the concepts of patient
		  consent, sealed envelopes and legitimate relationship. The
		  model is given in HOL and processed together with suitable
		  test specifications in the HOL-TestGen system, that
		  generates test sequences according to them. Particular
		  emphasis is put on the modular description of security
		  policies and their generic combination and its consequences
		  model-based testing.},
  address	= {New York, NY, USA},
  author	= {Achim D. Brucker and Lukas Br{\"u}gger and Paul Kearney
		  and Burkhart Wolff},
  booktitle	= {ACM symposium on access control models and technologies
		  (SACMAT)},
  language	= {UKenglish},
  month		= 5,
  pdf		= {papers/2011/sacmat.pdf},
  publisher	= {ACM Press},
  title		= {An Approach to Modular and Testable Security Models of
		  Real-world Health-Care Applications},
  year		= 2011,
  user		= {lukasbru}
}