Evaluating ISO 14441 privacy requirements on role based access control (RBAC) restrict mode via Colored Petri Nets (CPN) modeling

Objective: This article objective is to model authorization process from role-based access control (RBAC) using restrict mode features (separation of duties (SoD) implementation) via Colored Petri Nets (CPN) simulations to map security concerns or limitations of this access control while addressing ISO 14441 requirements for Electronic Health Records (EHR) systems. Method: We have mapped the two separation of duties access control resources from RBAC (static and dynamic) according with National Institute of Standards and Technology (NIST) documentation into a representative process flow using Petri Net formalism. The test scenario included two different physician roles with access permission grants labeled as in conflict if used altogether. Then, we have implemented this flow into a Colored Petri Net simulator (CPN Tools) in order to check RBAC SoD capability to address ISO 14441 privacy requirements to segregate conflicted grants from authenticated users on a general EHR system. The simulations considered conflicts either from a single user or from two users accessing shared patient's private EHR. Conclusion: Colored tokens on Petri Nets models simulating RBAC authorization are useful to demonstrate security policy conflicts during access control authorization process. Tested ISO 14441 privacy demands could be addressed only by including RBAC's dynamic SoD property.