Modèles et politiques de sécurité des systèmes d'information et de communication en santé et social

Since they manage a great number of sensitive assets, information and communication systems in health care and social (called SICSS) are quite good targets for malicious people. The MP61 project aims to face the lack of information security for SICSS, since classical access control models cannot deal with dynamic use of contexts and complexity of user organizations. One objective of MP6 is to define a tool to enable users to express security policies for SICSS, which satisfy expected security policies. This paper suggests a number of concepts which are relevant and necessary to define such policies. And last it shows how the expressiveness and deductive mechanisms of first order logical languages make it possible to model SICSS security policies, and then to reason about them.