| Cassandra is a role-based trust management language that utilizes Datalog extended with constraints to materialize security policies. A policy in Cassandra is a set of rules that controls activations and deactivations of roles, and regulates users' access to different information. This thesis considers a formal policy written in Cassandra for the proposed electronic health record (EHR) system of U.K. The policy was developed for ease of understanding and analysis. However, due to lack of real data and implementation, people cannot test and put their trust on the line. Patients often reject the ideas of sharing their information via a system if they cannot control access to their own data. Doctors, in addition, will not use the system if it takes too long to respond, or has too many restrictions and ends up being hard to use. In this project, we focus on analyses of the policy rules for completeness, consistency, and types based on the structures and the interaction between rules. Our analysis program automatically determines a number of errors and outputs types of policy's elements. |
