Computer-Aided Generation of Enforcement Mechanisms for Error-Tolerant Policies

摘要

The basic tenet of security management when actions violate policies is that the former must be forbidden or amended. This requires to specify precisely all possible exceptions and corrections to the default workflow. In many practical e-health business processes this is not feasible: the default clinical or administrative protocol is simple and well understood by clinicians but the precise codification of all possible amendable errors into the policy would transform it from a straight-line to an unreadable spaghetti-graph. In this paper we propose a more practical alternative: the clinician only specifies the default protocol and marks for each protocol step the venial errors and their possible corrections. Given a global bound on the amount of errors in a trace that can be tolerated for each workflow execution, we can automatically generate an edit-automata that can provably enforce the policy with a sufficient degree of predictability (a policy metric for error correction). We illustrate our approach with a concrete e-health workflow from the Italian region of Lombardy.