Security challenges in adaptive e-Health processes

E-health scenarios demand system-based support of process-oriented information systems. As most of the processes in this domain have to be flexibly adapted to meet exceptional or unforeseen situations, flexible process-oriented information systems (POIS) are needed which support ad-hoc deviations at the process instance level. However, e-health scenarios are also very sensitive with regard to privacy issues. Therefore, an adequate access rights management is essential as well. The paper addresses challenges which occur when flexible POIS and adequate rights management have to be put together

Architecture for Provenance Systems

This document covers the logical and process architectures of provenance systems. The logical architecture identifies key roles and their interactions, whereas the process architecture discusses distribution and security. A fundamental aspect of our presentation is its technology-independent nature, which makes it reusable: the principles that are exposed in this document may be applied to different technologies

An Approach for Managing Access to Personal Information Using Ontology-Based Chains

The importance of electronic healthcare has caused numerous changes in both substantive and procedural aspects of healthcare processes. These changes have produced new challenges to patient privacy and information secrecy. Traditional privacy policies cannot respond to rapidly increased privacy needs of patients in electronic healthcare. Technically enforceable privacy policies are needed in order to protect patient privacy in modern healthcare with its cross organisational information sharing and decision making. This thesis proposes a personal information flow model that specifies a limited number of acts on this type of information. Ontology classified Chains of these acts can be used instead of the "intended/business purposes" used in privacy access control to seamlessly imbuing current healthcare applications and their supporting infrastructure with security and privacy functionality. In this thesis, we first introduce an integrated basic architecture, design principles, and implementation techniques for privacy-preserving data mining systems. We then discuss the key methods of privacypreserving data mining systems which include four main methods: Role based access control (RBAC), Hippocratic database, Chain method and eXtensible Access Control Markup Language (XACML). We found out that the traditional methods suffer from two main problems: complexity of privacy policy design and the lack of context flexibility that is needed while working in critical situations such as the one we find in hospitals. We present and compare strategies for realising these methods. Theoretical analysis and experimental evaluation show that our new method can generate accurate data mining models and safe data access management while protecting the privacy of the data being mined. The experiments followed comparative kind of experiments, to show the ease of the design first and then follow real scenarios to show the context flexibility in saving personal information privacy of our investigated method

An Architecture for Provenance Systems

This document covers the logical and process architectures of provenance systems. The logical architecture identifies key roles and their interactions, whereas the process architecture discusses distribution and security. A fundamental aspect of our presentation is its technology-independent nature, which makes it reusable: the principles that are exposed in this document may be applied to different technologies

Self-adaptive Authorisation Infrastructures

Traditional approaches in access control rely on immutable criteria in which to decide and award access. These approaches are limited, notably when handling changes in an organisation’s protected resources, resulting in the inability to accommodate the dynamic aspects of risk at runtime. An example of such risk is a user abusing their privileged access to perform insider attacks. This thesis proposes self-adaptive authorisation, an approach that enables dynamic access control. A framework for developing self-adaptive authorisation is defined, where autonomic controllers are deployed within legacy based authorisation infrastructures to enable the runtime management of access control. Essential to the approach is the use of models and model driven engineering (MDE). Models enable a controller to abstract from the authorisation infrastructure it seeks to control, reason about state, and provide assurances over change to access. For example, a modelled state of access may represent an active access control policy. Given the diverse nature in implementations of authorisation infrastructures, MDE enables the creation and transformation of such models, whereby assets (e.g., policies) can be automatically generated and deployed at runtime. A prototype of the framework was developed, whereby management of access control is focused on the mitigation of abuse of access rights. The prototype implements a feedback loop to monitor an authorisation infrastructure in terms of modelling the state of access control and user behaviour, analyse potential solutions for handling malicious behaviour, and act upon the infrastructure to control future access control decisions. The framework was evaluated against mitigation of simulated insider attacks, involving the abuse of access rights governed by access control methodologies. In addition, to investigate the framework’s approach in a diverse and unpredictable environment, a live experiment was conducted. This evaluated the mitigation of abuse performed by real users as well as demonstrating the consequence of self-adaptation through observation of user response

Success and failure factors in ICT projects: a Dutch perspective.

This thesis examines the success and failure factors in ICT projects. The low success rate of software projects in terms of reliability, meeting due dates and working within assigned budgets is widely recognised and topical. International as well as Dutch publications and the procedures in Tarek Abdel-Hamid's work on Software Project Management/Dynamics are discussed. A SUFFI Chart (SUFFI = SUccess and Failure Factors in ICT projects) is developed. The management of a portfolio of projects is compared with the SUFFI Chart. A number of Dutch projects with which the author was directly involved are examnined to show how they compare with the factors identified from the literature. These do show considerable correlation between important SUFFI factors and project success. The portfolio consists of nine ICT projects and four ICT project audits. Projects such as SAP, RBAC, EAI, charging method, PABX, financial building adrnmistration, information retrieval, book reservations, traffic data collection, introduction of the Internet functionality and SOX, for different companies/organisations (Delft University of Technology, National Police Services Agency, KPN - Dutch Telecom Company, University of Amsterdam, government, banking). This work shows that for a successful project 4 of the 5 most important SUFFIs have to be absent