140 research outputs found

    Safeguarding health data with enhanced accountability and patient awareness

    Get PDF
    Several factors are driving the transition from paper-based health records to electronic health record systems. In the United States, the adoption rate of electronic health record systems significantly increased after "Meaningful Use" incentive program was started in 2009. While increased use of electronic health record systems could improve the efficiency and quality of healthcare services, it can also lead to a number of security and privacy issues, such as identity theft and healthcare fraud. Such incidents could have negative impact on trustworthiness of electronic health record technology itself and thereby could limit its benefits. In this dissertation, we tackle three challenges that we believe are important to improve the security and privacy in electronic health record systems. Our approach is based on an analysis of real-world incidents, namely theft and misuse of patient identity, unauthorized usage and update of electronic health records, and threats from insiders in healthcare organizations. Our contributions include design and development of a user-centric monitoring agent system that works on behalf of a patient (i.e., an end user) and securely monitors usage of the patient's identity credentials as well as access to her electronic health records. Such a monitoring agent can enhance patient's awareness and control and improve accountability for health records even in a distributed, multi-domain environment, which is typical in an e-healthcare setting. This will reduce the risk and loss caused by misuse of stolen data. In addition to the solution from a patient's perspective, we also propose a secure system architecture that can be used in healthcare organizations to enable robust auditing and management over client devices. This helps us further enhance patients' confidence in secure use of their health data.PhDCommittee Chair: Mustaque Ahamad; Committee Member: Douglas M. Blough; Committee Member: Ling Liu; Committee Member: Mark Braunstein; Committee Member: Wenke Le

    The use of data-mining for the automatic formation of tactics

    Get PDF
    This paper discusses the usse of data-mining for the automatic formation of tactics. It was presented at the Workshop on Computer-Supported Mathematical Theory Development held at IJCAR in 2004. The aim of this project is to evaluate the applicability of data-mining techniques to the automatic formation of tactics from large corpuses of proofs. We data-mine information from large proof corpuses to find commonly occurring patterns. These patterns are then evolved into tactics using genetic programming techniques

    Guess my vote : a study of opacity and information flow in voting systems

    Get PDF
    With an overall theme of information flow, this thesis has two main strands. In the first part of the thesis, I review existing information flow properties, highlighting a recent definition known as opacity [25]. Intuitively, a predicate cP is opaque if for every run in which cP is true, there exists an indistinguishable run in which it is false, where a run can be regarded as a sequence of events. Hence, the observer is never able to establish the truth of cPo The predicate cP can be defined according to requirements of the system, giving opacity a great deal of flexibility and versatility. Opacity is then studied in relation to several well-known definitions for information flow. As will be shown, several of these properties can be cast as variations of opacity, while others have a relationship by implication with the opacity property [139]. This demonstrates the flexibility of opacity, at the same time establishing its distinct character. In the second part of the thesis, I investigate information flow in voting systems. Pret a Voter [36] is the main exemplar, and is compared to other schemes in the case study. I first analyse information flow in Pret a Voter and the FOO scheme [59], concentrating on the core protocols. The aim is to investigate the security requirements of each scheme, and the extent to which they can be captured using opacity. I then discuss a systems-based analysis of Pret a Voter [163], which adapts and extends an earlier analysis of the Chaum [35] and Neff [131]' [132]' [133] schemes in [92]. Although this analysis has identified several potential vulnerabilities, it cannot be regarded as systematic, and a more rigorous approach may be necessary. It is possible that a combination of the information flow and systems- based analyses might be the answer. The analysis of coercion-resistance, which is performed on Pret a Voter and the FOO scheme, may exemplify this more systematic approach. Receipt-freeness usually means that the voter is unable to construct a proof of her vote. Coercion-resistance is a stronger property in that it accounts for the possibility of interaction between the coercer and the voter during protocol execution. It appears that the opacity property is ideally suited to expressing the requirements for coercion-resistance in each scheme. A formal definition of receipt-freeness cast as a variation of opacity is proposed [138], together with suggestions on how it might be reinforced to capture coercion-resistance. In total, the thesis demonstrates the remarkable flexibility of opacity, both in expressing differing security requirements and as a tool for security analysis. This work lays the groundwork for future enhancement of the opacity framework.EThOS - Electronic Theses Online ServiceDSTL : EPSRCGBUnited Kingdo

    Die Integration von Verifikation und Test in Übersetzungssysteme

    Get PDF
    In dieser Arbeit wird die Architektur für einen Compiler vorgestellt, der die Korrektheit der übersetzten Quellen als Teil des Übersetzungsvorgangs überprüfen kann. Dabei soll es möglich sein, verschiedene Methoden, wie etwa formaler Test und formaler Beweis, einzusetzen, um die Korrektheit nachzuweisen. Ein vollautomatischer Nachweis ist sehr aufwendig und häufig auch gar nicht möglich. Es ist also nicht praktikabel, aus Spezifikation und Programm die Korrektheit automatisch abzuleiten. Wir erweitern daher die Sprache um Korrektheitsnachweise (justifications), die der Benutzer in den Quelltext einfügen muß ("literate justification"). Je nach gewählter Methode muß der Benutzer den Korrektheitsnachweis mehr oder weniger genau ausführen. Durch die Einführung der Korrektheitsnachweise muß der Übersetzer Beweise nur noch überprüfen anstatt sie automatisch abzuleiten. Die Überprüfung der Korrektheitsnachweise kann in den Übersetzer integriert werden oder an ein externes Werkzeug delegiert werden. Ein externes Werkzeug erlaubt die Einbindung bereits existierender Werkzeuge, aber auch eine Neuentwicklung eigener Werkzeuge ist möglich. Wir zeigen am Beispiel eines taktischen Theorembeweisers, daß eine Eigenentwicklung nicht unbedingt aufwendiger ist als die Anpassung eines vorhandenen Werkzeugs. Um Tests während der Übersetzung durchführen zu können, muß ein Interpreter zur Verfügung stehen. Die Ausführung ungetesteten Codes birgt allerdings auch Sicherheitsprobleme. Wir diskutieren verschiedene Möglichkeiten, mit diesem Problem umzugehen. Der Korrektheit einer Übersetzungseinheit entspricht in der Semantik die Konsistenz einer algebraischen Spezifikation. Wir betrachten zwei Beweismethoden: zum einen durch Konstruktion eines Modells und zum andern durch Nachweis einer korrektheitserhaltenden Relation. Die Beweisverpflichtungen ergeben sich zunächst aus der Beweismethode, außerdem werden Beweisverpflichtungen eingeführt, um die Korrektheit von zusammengesetzten (modularen) Programmen zuzusichern. Die in dieser Arbeit beschriebene Architektur ist prototypisch implementiert worden. Dazu wurde das Opal-System um Elemente zur Spezifikation und zur Beschreibung von Korektheitsnachweisen erweitert. In der Arbeit werden einige kurze Beispiele vorgeführt. Der Opal/J-Prototyp ist seit Version 2.3e Teil der Opal-Distribution.In this thesis we present a compiler architecture that enables the compiler to check the correctness of the source code as part of the compilation process. It allows to perform these correctness checks with different methods, in particular formal testing and formal proof. A fully automated check is very expensive and often impossible. Hence, it is not feasible to check correctness automatically with the help of specification and implementation. We extend the programming language by (correctness) justifications that the user must insert into the source code ("literate justification"). Depending on the chosen justification method the user must work out the justification in more or less detail. The introduction of justifications changes the compiler's task from deriving a correctness proof by itself to checking a correctness proof provided by the user. The correctness check for justifications can be integrated into the compiler or delegated to an external tool. An external tool allows the integration of existing tools but the development of specialized tools is also possible. The example development of a specialized tactical theorem-prover shows that the development of a specialized tool is not necessarily more expensive than the adaptation of an existing tool. For test execution during the compilation an interpreter must be available. The execution of untested code causes security risks. We discuss different possibilities to deal with this problem. The correctnessof a compilation unit corresponds to the consistency of an algebraic specification. We study two proof methods: either by construction of a model or by establishing a correctness-preserving relation. The proofo bligations result from the proof method, in addition proof obligations arei ntroduced to ensure the correctness of modular programs. The compiler architecture described in this thesis has been prototypically implemented. The Opal system has been extended with language elements to denote specifications and (correctness) justifications. The thesis presents some short examples. The Opal/J prototype is part of the Opal distribution since version 2.3e

    Engineering Trustworthy Systems by Minimizing and Strengthening their TCBs using Trusted Computing

    Get PDF
    The Trusted Computing Base (TCB) describes the part of an IT system that is responsible for enforcing a certain security property of the system. In order to engineer a trustworthy system, the TCB must be as secure as possible. This can be achieved by reducing the number, size and complexity of components that are part of the TCB and by using hardened components as part of the TCB. Worst case scenario is for the TCB to span the complete IT system. Best case is for the TCB to be reduced to only a strengthened Root of Trust such as a Hardware Security Module (HSM). One such very secure HSMs with many capabilities is the Trusted Platform Module (TPM). This thesis demonstrates how the TCB of a system can be largely or even solely reduced to the TPM for a variety of security policies, especially in the embedded domain. The examined scenarios include the policies for securing of device resident data at rest also during firmware updates, the enforcement of firmware product lines at runtime, the securing of payment credentials in Plug and Charge controllers, the recording of audit trails over attestation data and a very generic role-based access management. In order to allow evaluating these different solutions, the notion of a dynamic lifecycle dimension for a TCB is introduced. Furthermore, an approach towards engineering such systems based on a formal framework is presented. These scenarios provide evidence for the potential to enforce even complex security policies in small and thus strong TCBs. The approach for implementing those policies can often be inspired by a formal methods based engineering process or by means of additive functional engineering, where a base system is expanded by increased functionality in each step. In either case, a trustworthy system with high assurance capabilities can be achieved

    Journal of Telecommunications and Information Technology, 2002, nr 4

    Get PDF
    kwartalni

    On Efficient Zero-Knowledge Arguments

    Get PDF

    Programming Languages and Systems

    Get PDF
    This open access book constitutes the proceedings of the 28th European Symposium on Programming, ESOP 2019, which took place in Prague, Czech Republic, in April 2019, held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2019

    A Machine-Checked, Type-Safe Model of Java Concurrency : Language, Virtual Machine, Memory Model, and Verified Compiler

    Get PDF
    The Java programming language provides safety and security guarantees such as type safety and its security architecture. They distinguish it from other mainstream programming languages like C and C++. In this work, we develop a machine-checked model of concurrent Java and the Java memory model and investigate the impact of concurrency on these guarantees. From the formal model, we automatically obtain an executable verified compiler to bytecode and a validated virtual machine
    corecore