We study the problem of enforcing information flow control (IFC) in eHealth systems. IFC mechanisms allow users to control the release and propagation of sensitive information so that confidential information is not observable to unintended principals while collaborating with other legitimate principals. We describe the methodology for modelling the information flow control requirements in a hospital domain using Pravah, a parameterised lattice-based IFC framework. The key advantage of using the parameterised security class lattice is greater precision in stating policies, enhanced usability and a reduced overhead in creating security tags. We can then use type-checking to statically verify that user programs do not violate stated security policies when accessing or manipulating data records. We discuss the main issues in designing the parameterised security class lattice.
Special Issue Papers