TY  - CHAP
T3  - Lecture Notes in Computer Science
SP  - 55
A1  - Masi, Massimiliano
A1  - Pugliese, Rosario
A1  - Tiezzi, Francesco
PB  - Springer
Y1  - 2009///
ED  - Prakash, Atul
ED  - Gupta, Indranil
N2  - The importance of the Electronic Health Record (EHR) has been addressed in recent years by governments and institutions.Many large scale projects have been funded with the aim to allow healthcare professionals to consult patients data. Properties such as confidentiality, authentication and authorization are the key for the success for these projects. The Integrating the Healthcare Enterprise (IHE) initiative promotes the coordinated use of established standards for authenticated and secure EHR exchanges among clinics and hospitals. In particular, the IHE integration profile named XUA permits to attest user identities by relying on SAML assertions, i.e. XML documents containing authentication statements. In this paper, we provide a formal model for the secure issuance of such an assertion. We first specify the scenario using the process calculus COWS and then analyse it using the model checker CMC. Our analysis reveals a potential flaw in the XUA profile when using a SAML assertion in an unprotected network. We then suggest a solution for this flaw, and model check and implement this solution to show that it is secure and feasible. 
M1  - 5905
SN  - 978-3-642-10771-9
UR  - http://dx.doi.org/10.1007/978-3-642-10772-6_6
TI  - On Secure Implementation of an IHE XUA-Based Protocol for Authenticating Healthcare Professionals
AV  - public
EP  - 70
T2  - Information Systems Security (ICISS 2009)
ID  - eprints406
N1  - ©Springer-Verlag Berlin Heidelberg 2009. The original publication is available at www.springerlink.com
ER  -