Context-aware Authorization in Highly Dynamic Environments

Highly dynamic computing environments, like ubiquitous and pervasive computing environments, require frequent adaptation of applications. Context is a key to adapt suiting user needs. On the other hand, standard access control trusts users once they have authenticated, despite the fact that they may reach unauthorized contexts. We analyse how taking into account dynamic information like context in the authorization subsystem can improve security, and how this new access control applies to interaction patterns, like messaging or eventing. We experiment and validate our approach using context as an authorization factor for eventing in Web service for device (like UPnP or DPWS), in smart home security

EnvGuard: Guaranteeing Environment-Centric Safety and Security Properties in Web of Things

Web of Things (WoT) technology facilitates the standardized integration of IoT devices ubiquitously deployed in daily environments, promoting diverse WoT applications to automatically sense and regulate the environment. In WoT environment, heterogeneous applications, user activities, and environment changes collectively influence device behaviors, posing risks of unexpected violations of safety and security properties. Existing work on violation identification primarily focuses on the analysis of automated applications, lacking consideration of the intricate interactions in the environment. Moreover, users' intention for violation resolving strategy is much less investigated. To address these limitations, we introduce EnvGuard, an environment-centric approach for property customizing, violation identification and resolution execution in WoT environment. We evaluated EnvGuard in two typical WoT environments. By conducting user studies and analyzing collected real-world environment data, we assess the performance of EnvGuard, and construct a dataset from the collected data to support environment-level violation identification. The results demonstrate the superiority of EnvGuard compared to previous state-of-the-art work, and confirm its usability, feasibility and runtime efficiency

Protecting Health Privacy in an Era of Big Data Processing and Cloud Computing

This Article examines how new technologies generate privacy challenges for both healthcare providers and patients, and how American health privacy laws may be interpreted or amended to address these challenges. Given the current implementation of Meaningful Use rules for health information technology and the Omnibus HIPAA Rule in health care generally, the stage is now set for a distinctive law of “health information” to emerge. HIPAA has come of age of late, with more aggressive enforcement efforts targeting wayward healthcare providers and entities. Nevertheless, more needs to be done to assure that health privacy and all the values it is meant to protect are actually vindicated in an era of ever faster and more pervasive data transfer and analysis. After describing how cloud computing is now used in healthcare, this Article examines nascent and emerging cloud applications and big data processing methods. Current regulation addresses many of these scenarios, but also leaves some important decision points ahead. Business associate agreements between cloud service providers and covered entities will need to address new risks. To meaningfully consent to new uses of protected health information, patients will need access to more sophisticated and granular methods of monitoring data collection, analysis, and use. Policymakers should be concerned not only about medical records, but also about medical reputations used to deny opportunities. To implement these and other recommendations, more funding for technical assistance for health privacy regulators is essential

After the Gold Rush: The Boom of the Internet of Things, and the Busts of Data-Security and Privacy

This Article addresses the impact that the lack of oversight of the Internet of Things has on digital privacy. While the Internet of Things is but one vehicle for technological innovation, it has created a broad glimpse into domestic life, thus triggering several privacy issues that the law is attempting to keep pace with. What the Internet of Things can reveal is beyond the control of the individual, as it collects information about every practical aspect of an individual’s life, and provides essentially unfettered access into the mind of its users. This Article proposes that the federal government and the state governments bend toward consumer protection while creating a cogent and predictable body of law surrounding the Internet of Things. Through privacy-by-design or self-help, it is imperative that the Internet of Things—and any of its unforeseen progeny—develop with an eye toward safeguarding individual privacy while allowing technological development

Pandemic Influenza: Ethics, Law, and the Public\u27s Health

Highly pathogenic Influenza (HPAI) has captured the close attention of policy makers who regard pandemic influenza as a national security threat. Although the prevalence is currently very low, recent evidence that the 1918 pandemic was caused by an avian influenza virus lends credence to the theory that current outbreaks could have pandemic potential. If the threat becomes a reality, massive loss of life and economic disruption would ensue. Therapeutic countermeasures (e.g., vaccines and antiviral medications) and public health interventions (e.g., infection control, social separation, and quarantine) form the two principal strategies for prevention and response, both of which present formidable legal and ethical challenges that have yet to receive sufficient attention. In part II, we examine the major medical countermeasures being being considered as an intervention for an influenza pandemic. In this section, we will evaluate the known effectiveness of these interventions and analyze the ethical claims relating to distributive justice in the allocation of scarce resources. In part III, we will discuss public health interventions, exploring the hard tradeoffs between population health on the one hand and personal (e.g., autonomy, privacy, and liberty) and economic (e.g., trade, tourism, and business) interests on the other. This section will focus on the ethical and human rights issues inherent in population-based interventions. Pandemics can be deeply socially divisive, and the political response to these issues not only impacts public health preparedness, but also reflects profoundly on the kind of society we aspire to be

Going Rogue: Mobile Research Applications and the Right to Privacy

This Article investigates whether nonsectoral state laws may serve as a viable source of privacy and security standards for mobile health research participants and other health data subjects until new federal laws are created or enforced. In particular, this Article (1) catalogues and analyzes the nonsectoral data privacy, security, and breach notification statutes of all fifty states and the District of Columbia; (2) applies these statutes to mobile-app-mediated health research conducted by independent scientists, citizen scientists, and patient researchers; and (3) proposes substantive amendments to state law that could help protect the privacy and security of all health data subjects, including mobile-app-mediated health research participants