Adding X-security to Carrel: security for agent-based healthcare applications

The high growth of Multi-Agent Systems (MAS) in Open Networks with initiatives such as Agentcities1 requires development in many different areas such as scalable and secure agent platforms, location services, directory services, and systems management. In our case we have focused our effort on security for agent systems. The driving force of this paper is provide a practical vision of how security mechanisms could be introduced for multi-agent applications. Our case study for this experiment is Carrel [9]: an Agent-based application in the Organ and Tissue transplant domain. The selection of this application is due to its characteristics as a real scenario and use of high-risk data for example, a study of the 21 most visited health-related web sites on the Internet discovered that personal information provided at many of the sites was being inadvertently leaked for unauthorized persons. These factors indicate to us that Carrel would be a suitable environment in order to test existing security safeguards. Furthermore, we believe that the experience gathered will be useful for other MAS. In order to achieve our purpose we describe the design, architecture and implementation of security elements on MAS for the Carrel System.Postprint (published version

Data privacy by design: digital infrastructures for clinical collaborations

The clinical sciences have arguably the most stringent security demands on the adoption and roll-out of collaborative e-Infrastructure solutions such as those based upon Grid-based middleware. Experiences from the Medical Research Council (MRC) funded Virtual Organisations for Trials and Epidemiological Studies (VOTES) project and numerous other real world security driven projects at the UK e-Science National e-Science Centre (NeSC – www.nesc.ac.uk) have shown that whilst advanced Grid security and middleware solutions now offer capabilities to address many of the distributed data and security challenges in the clinical domain, the real clinical world as typified by organizations such as the National Health Service (NHS) in the UK are extremely wary of adoption of such technologies: firewalls; ethics; information governance, software validation, and the actual realities of existing infrastructures need to be considered from the outset. Based on these experiences we present a novel data linkage and anonymisation infrastructure that has been developed with close co-operation of the various stakeholders in the clinical domain (including the NHS) that addresses their concerns and satisfies the needs of the academic clinical research community. We demonstrate the implementation of this infrastructure through a representative clinical study on chronic diseases in Scotland