75,872 research outputs found
Privacy in an Ambient World
Privacy is a prime concern in today's information society. To protect\ud
the privacy of individuals, enterprises must follow certain privacy practices, while\ud
collecting or processing personal data. In this chapter we look at the setting where an\ud
enterprise collects private data on its website, processes it inside the enterprise and\ud
shares it with partner enterprises. In particular, we analyse three different privacy\ud
systems that can be used in the different stages of this lifecycle. One of them is the\ud
Audit Logic, recently introduced, which can be used to keep data private when it\ud
travels across enterprise boundaries. We conclude with an analysis of the features\ud
and shortcomings of these systems
Audit-based Compliance Control (AC2) for EHR Systems
Traditionally, medical data is stored and processed using paper-based files. Recently, medical facilities have started to store, access and exchange medical data in digital form. The drivers for this change are mainly demands for cost reduction, and higher quality of health care. The main concerns when dealing with medical data are availability and confidentiality. Unavailability (even temporary) of medical data is expensive. Physicians may not be able to diagnose patients correctly, or they may have to repeat exams, adding to the overall costs of health care. In extreme cases availability of medical data can even be a matter of life or death. On the other hand, confidentiality of medical data is also important. Legislation requires medical facilities to observe the privacy of the patients, and states that patients have a final say on whether or not their medical data can be processed or not. Moreover, if physicians, or their EHR systems, are not trusted by the patients, for instance because of frequent privacy breaches, then patients may refuse to submit (correct) information, complicating the work of the physicians greatly. \ud
\ud
In traditional data protection systems, confidentiality and availability are conflicting requirements. The more data protection methods are applied to shield data from outsiders the more likely it becomes that authorized persons will not get access to the data in time. Consider for example, a password verification service that is temporarily not available, an access pass that someone forgot to bring, and so on. In this report we discuss a novel approach to data protection, Audit-based Compliance Control (AC2), and we argue that it is particularly suited for application in EHR systems. In AC2, a-priori access control is minimized to the mere authentication of users and objects, and their basic authorizations. More complex security procedures, such as checking user compliance to policies, are performed a-posteriori by using a formal and automated auditing mechanism. To support our claim we discuss legislation concerning the processing of health records, and we formalize a scenario involving medical personnel and a basic EHR system to show how AC2 can be used in practice. \ud
\ud
This report is based on previous work (Dekker & Etalle 2006) where we assessed the applicability of a-posteriori access control in a health care scenario. A more technically detailed article about AC2 recently appeared in the IJIS journal, where we focussed however on collaborative work environments (Cederquist, Corin, Dekker, Etalle, & Hartog, 2007). In this report we first provide background and related work before explaining the principal components of the AC2 framework. Moreover we model a detailed EHR case study to show its operation in practice. We conclude by discussing how this framework meets current trends in healthcare and by highlighting the main advantages and drawbacks of using an a-posteriori access control mechanism as opposed to more traditional access control mechanisms
CamFlow: Managed Data-sharing for Cloud Services
A model of cloud services is emerging whereby a few trusted providers manage
the underlying hardware and communications whereas many companies build on this
infrastructure to offer higher level, cloud-hosted PaaS services and/or SaaS
applications. From the start, strong isolation between cloud tenants was seen
to be of paramount importance, provided first by virtual machines (VM) and
later by containers, which share the operating system (OS) kernel. Increasingly
it is the case that applications also require facilities to effect isolation
and protection of data managed by those applications. They also require
flexible data sharing with other applications, often across the traditional
cloud-isolation boundaries; for example, when government provides many related
services for its citizens on a common platform. Similar considerations apply to
the end-users of applications. But in particular, the incorporation of cloud
services within `Internet of Things' architectures is driving the requirements
for both protection and cross-application data sharing.
These concerns relate to the management of data. Traditional access control
is application and principal/role specific, applied at policy enforcement
points, after which there is no subsequent control over where data flows; a
crucial issue once data has left its owner's control by cloud-hosted
applications and within cloud-services. Information Flow Control (IFC), in
addition, offers system-wide, end-to-end, flow control based on the properties
of the data. We discuss the potential of cloud-deployed IFC for enforcing
owners' dataflow policy with regard to protection and sharing, as well as
safeguarding against malicious or buggy software. In addition, the audit log
associated with IFC provides transparency, giving configurable system-wide
visibility over data flows. [...]Comment: 14 pages, 8 figure
Recommended from our members
Generating citizen trust in e-government using a trust verification agent: A research note
Generating Citizen Trust in e-Government using a Trust Verification AgentThis is an eGISE network paper. It is motivated by a concern about the extent to which trust issues inhibit a citizenâs take-up of online public sector services or engagement with public decision and
policy making. A citizenâs decision to use online systems is influenced by their willingness to trust the environment and agency involved. This project addresses one aspect of individual âtrustâ decisions by
providing support for citizens trying to evaluate the implications of the security infrastructure provided by the agency. Based on studies of the way both groups (citizens and agencies) express their concerns and concepts in the security area, the project will develop a software tool â a trust
verification agent (TVA) - that can take an agencyâs security statements (or security audit) and infer how effectively this meets the security concerns of a particular citizen. This will enable citizens to state
their concerns and obtain an evaluation of the agencyâs provision in appropriate âcitizen friendlyâ language. Further, by employing rule-based expert systems techniques the TVA will also be able to explain its evaluation.Engineering and Physical Sciences Research Council, UK (grant GR/T27020/01
Recommended from our members
Generating citizen trust in e-government using a trust verification agent: A research note
Generating Citizen Trust in e-Government using a Trust Verification AgentThis is an eGISE network paper. It is motivated by a concern about the extent to which trust issues inhibit a citizenâs take-up of online public sector services or engagement with public decision and policy making. A citizenâs decision to use online systems is influenced by their willingness to trust the environment and agency involved. This project addresses one aspect of individual âtrustâ decisions by
providing support for citizens trying to evaluate the implications of the security infrastructure provided by the agency. Based on studies of the way both groups (citizens and agencies) express their concerns and concepts in the security area, the project will develop a software tool â a trust
verification agent (TVA) - that can take an agencyâs security statements (or security audit) and infer how effectively this meets the security concerns of a particular citizen. This will enable citizens to state
their concerns and obtain an evaluation of the agencyâs provision in appropriate âcitizen friendlyâ
language. Further, by employing rule-based expert systems techniques the TVA will also be able to explain its evaluation.Engineering and Physical Sciences Research Council-UK (grant GR/T27020/01
The NPFIT strategy for information security of care record service
The National Programme for IT in England doesnât have a one-document strategy for its information security of the Care Records Service, which is the national EHR system. This paper provides a comprehensive understanding of the information security strategy of Englandâs EHR system by presenting its different information security issues such as consent mechanisms, access control, sharing level, and related legal and regulations documents
- âŚ