A metadata calculus for secure information sharing,”

ABSTRACT In both commercial and defense sectors a compelling need is emerging for rapid, yet secure, dissemination of information to the concerned actors. Traditional approaches to information sharing that rely on security labels (e.g., Multi-Level Security (MLS)) suffer from at least two major drawbacks. First, static security labels do not account for tactical information whose value decays over time. Second, MLS-like approaches have often ignored information transform semantics when deducing security labels (e.g., output security label = max over all input security labels). While MLS-like label deduction appears to be conservative, we argue that this approach can result in both underestimation and overestimation of security labels. We contend that overestimation may adversely throttle information flows, while underestimation incites information misuse and leakage. In this paper we present a novel calculus approach to securely share tactical information. We model security metadata as a vector half-space (as against a lattice in a MLS-like approach) that supports three operators: Γ, + and ·. The value operator Γ maps a metadata vector into a time sensitive scalar value. The operators + and · support arithmetic on the metadata vector space that are homomorphic with the semantics of information transforms. We show that it is unfortunately impossible to achieve strong homomorphism without incurring exponential metadata expansion. We use B-splines (a class of compact parametric curves) to develop concrete realizations of our metadata calculus that satisfy weak homomorphism without suffering from metadata expansion and quantify the tightness of values estimates in the proposed approach

A standard-driven communication protocol for disconnected clinics in rural areas

The importance of the Electronic Health Record (EHR), which stores all healthcare-related data belonging to a patient, has been recognized in recent years by governments, institutions, and industry. Initiatives like Integrating the Healthcare Enterprise (IHE) have been developed for the definition of standard methodologies for secure and interoperable EHR exchanges among clinics and hospitals. Using the requisites specified by these initiatives, many large-scale projects have been set up to enable healthcare professionals to handle patients' EHRs. Applications deployed in these settings are often considered safety-critical, thus ensuring such security properties as confidentiality, authentication, and authorization is crucial for their success. In this paper, we propose a communication protocol, based on the IHE specifications, for authenticating healthcare professionals and assuring patients' safety in settings where no network connection is available, such as in rural areas of some developing countries. We define a specific threat model, driven by the experience of use cases covered by international projects, and prove that an intruder cannot cause damages to the safety of patients and their data by performing any of the attacks falling within this threat model. To demonstrate the feasibility and effectiveness of our protocol, we have fully implemented it

On Secure Implementation of an IHE XUA-Based Protocol for Authenticating Healthcare Professionals

The importance of the Electronic Health Record (EHR) has been addressed in recent years by governments and institutions.Many large scale projects have been funded with the aim to allow healthcare professionals to consult patients data. Properties such as confidentiality, authentication and authorization are the key for the success for these projects. The Integrating the Healthcare Enterprise (IHE) initiative promotes the coordinated use of established standards for authenticated and secure EHR exchanges among clinics and hospitals. In particular, the IHE integration profile named XUA permits to attest user identities by relying on SAML assertions, i.e. XML documents containing authentication statements. In this paper, we provide a formal model for the secure issuance of such an assertion. We first specify the scenario using the process calculus COWS and then analyse it using the model checker CMC. Our analysis reveals a potential flaw in the XUA profile when using a SAML assertion in an unprotected network. We then suggest a solution for this flaw, and model check and implement this solution to show that it is secure and feasible

e-Health for Rural Areas in Developing Countries: Lessons from the Sebokeng Experience

We report the experience gained in an e-Health project in the Gauteng province, in South Africa. A Proof-of-Concept of the project has been already installed in 3 clinics in the Sebokeng township. The project is now going to be applied to 300 clinics in the whole province. This extension of the Proof-of-Concept can however give rise to security aws because of the inclusion of rural areas with unreliable Internet connection. We address this problem and propose a safe solution

Metadata and ontologies for organizing students’ memories and learning: standards and convergence models for context awareness

Este artículo trata de las ontologías que sirven para la comprensión en contexto y la Gestión de la Información Personal (PIM)y su aplicabilidad al proyecto Memex Metadata(M2). M2 es un proyecto de investigación de la Universidad de Carolina del Norte en Chapel Hill para mejorar la memoria digital de los alumnos utilizando tablet PC, la tecnología SenseCam de Microsoft y otras tecnologías móviles(p.ej. un dispositivo de GPS) para capturar el contexto del aprendizaje. Este artículo presenta el proyecto M2, dicute el concepto de los portafolios digitales en las actuales tendencias educativas, relacionándolos con las tecnologías emergentes, revisa las ontologías relevantes y su relación con el proyecto CAF (Context Awareness Framework), y concluye identificando las líneas de investigación futuras.This paper focuses on ontologies supporting context awareness and Personal Information Management (PIM) and their applicability in Memex Metadata (M2) project. M2 is a research project of the University of North Carolina at Chapel Hill to improve student digital memories using the tablet PC, Microsoft’s SenseCam technology, and other mobile technologies (e.g., a GPS device) to capture context. The M2 project offers new opportunities studying students’ learning with digital technologies. This paper introduces the M2 project; discusses E-portfolios and current educational trends related to pervasive computing; reviews relevant ontologies and their relationship to the projects’ CAF (context awareness framework), and concludes by identifying future research directions