Abstract

In the health care sector, access to medical information is more and more electronically achieved. Therefore, it is very important to define security policies which restrict access to pieces of information in order to guarantee security properties like confidentiality or integrity properties. These security policies are not always free of conflicts, in particular in the presence of exceptional situations.This paper proposes tools for access control, based on the notion of roles, in the possibilistic logic framework. We first show how to formalize basic concepts of security policies. Then we present two approaches for dealing with conflicts based on a stratification of security policy's rules. Finally, an example of health care is presented.