The medical science DMZ: a network design pattern for data-intensive medical science

Abstract: Objective We describe a detailed solution for maintaining high-capacity, data-intensive network flows (eg, 10, 40, 100 Gbps+) in a scientific, medical context while still adhering to security and privacy laws and regulations. Materials and Methods High-end networking, packet-filter firewalls, network intrusion-detection systems. Results We describe a “Medical Science DMZ” concept as an option for secure, high-volume transport of large, sensitive datasets between research institutions over national research networks, and give 3 detailed descriptions of implemented Medical Science DMZs. Discussion The exponentially increasing amounts of “omics” data, high-quality imaging, and other rapidly growing clinical datasets have resulted in the rise of biomedical research “Big Data.” The storage, analysis, and network resources required to process these data and integrate them into patient diagnoses and treatments have grown to scales that strain the capabilities of academic health centers. Some data are not generated locally and cannot be sustained locally, and shared data repositories such as those provided by the National Library of Medicine, the National Cancer Institute, and international partners such as the European Bioinformatics Institute are rapidly growing. The ability to store and compute using these data must therefore be addressed by a combination of local, national, and industry resources that exchange large datasets. Maintaining data-intensive flows that comply with the Health Insurance Portability and Accountability Act (HIPAA) and other regulations presents a new challenge for biomedical research. We describe a strategy that marries performance and security by borrowing from and redefining the concept of a Science DMZ, a framework that is used in physical sciences and engineering research to manage high-capacity data flows. Conclusion By implementing a Medical Science DMZ architecture, biomedical researchers can leverage the scale provided by high-performance computer and cloud storage facilities and national high-speed research networks while preserving privacy and meeting regulatory requirements

A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.The concept of cloud computing offers measurable computational or information resources as a service over the Internet. The major motivation behind the cloud setup is economic benefits, because it assures the reduction in expenditure for operational and infrastructural purposes. To transform it into a reality there are some impediments and hurdles which are required to be tackled, most profound of which are security, privacy and reliability issues. As the user data is revealed to the cloud, it departs the protection-sphere of the data owner. However, this brings partly new security and privacy concerns. This work focuses on these issues related to various cloud services and deployment models by spotlighting their major challenges. While the classical cryptography is an ancient discipline, modern cryptography, which has been mostly developed in the last few decades, is the subject of study which needs to be implemented so as to ensure strong security and privacy mechanisms in today’s real-world scenarios. The technological solutions, short and long term research goals of the cloud security will be described and addressed using various classical cryptographic mechanisms as well as modern ones. This work explores the new directions in cloud computing security, while highlighting the correct selection of these fundamental technologies from cryptographic point of view

Security architecture methodology for large net-centric systems

This thesis describes an over-arching security architecture methodology for large network enabled systems that can be scaled down for smaller network centric operations such as present at the University of Missouri-Rolla. By leveraging the five elements of security policy & standards, security risk management, security auditing, security federation and security management, of the proposed security architecture and addressing the specific needs of UMR, the methodology was used to determine places of improvement for UMR --Abstract, page iii

Identity in research infrastructure and scientific communication: Report from the 1st IRISC workshop, Helsinki Sep 12-13, 2011

Motivation for the IRISC workshop came from the observation that identity and digital identification are increasingly important factors in modern scientific research, especially with the now near-ubiquitous use of the Internet as a global medium for dissemination and debate of scientific knowledge and data, and as a platform for scientific collaborations and large-scale e-science activities.

The 1 1/2 day IRISC2011 workshop sought to explore a series of interrelated topics under two main themes: i) unambiguously identifying authors/creators & attributing their scholarly works, and ii) individual identification and access management in the context of identity federations. Specific aims of the workshop included:

• Raising overall awareness of key technical and non-technical challenges, opportunities and developments.
• Facilitating a dialogue, cross-pollination of ideas, collaboration and coordination between diverse – and largely unconnected – communities.
• Identifying & discussing existing/emerging technologies, best practices and requirements for researcher identification.

This report provides background information on key identification-related concepts & projects, describes workshop proceedings and summarizes key workshop findings

Securing Inter-Organizational Workflows in Highly Dynamic Environments through Biometric Authentication

High flexibility demands of business processes in an inter-organizational context potentially conflict with existing security needs, mainly implied by regulative and legal requirements. In order to comply with these it has to be ensured that access to information within the workflow is restricted to authorized participants. Furthermore, the system might be required to prove this retrospectively. In highly flexible environments, particularly when documents leave the owner’s security domain, the scope of trust must be expendable throughout the workflow. Usage control provides practical concepts. However, user authentication remains a major vulnerability. In order to ensure effective access control the possibility of process-wide enforcement of strong authentication is needed. Inherently, strong user authentication can be realized applying biometrics, though practical reasons still slow the broad application of biometric authentication methods in common workflow scenarios. This work proposes the combination of usage control and typing biometrics to secure interorganizational workflows in highly dynamic environments. On the one hand, usage control provides high flexibility for document-centric workflows but relies on the enforcement of strong authentication. On the other hand, authentication based on typing is flexible in both deployment and application. Furthermore, the inherent privacy problem of biometrics is significantly weakened by the proposed approach

D1.1 DEMAND ASSESSMENT FRAMEWORK

This report proposes the initial draft of the LeADS ADS Framework composed by three major elements; identification and definition of technologies in scope; skills included under those technologies, and definition of job roles, where other skills frameworks are considered for comparison and alignment. The report summarises the first workshop held by the project with external constituencies even though the feedback will be incorporated in the final version of the framework, where the layer of job roles will be completed, and the others revised according to additional input. This framework serves as reference for the next step in LeADS: the assessment of the demand and the supply