48 research outputs found
Privacy in an Ambient World
Privacy is a prime concern in today's information society. To protect\ud
the privacy of individuals, enterprises must follow certain privacy practices, while\ud
collecting or processing personal data. In this chapter we look at the setting where an\ud
enterprise collects private data on its website, processes it inside the enterprise and\ud
shares it with partner enterprises. In particular, we analyse three different privacy\ud
systems that can be used in the different stages of this lifecycle. One of them is the\ud
Audit Logic, recently introduced, which can be used to keep data private when it\ud
travels across enterprise boundaries. We conclude with an analysis of the features\ud
and shortcomings of these systems
Audit-based Compliance Control (AC2) for EHR Systems
Traditionally, medical data is stored and processed using paper-based files. Recently, medical facilities have started to store, access and exchange medical data in digital form. The drivers for this change are mainly demands for cost reduction, and higher quality of health care. The main concerns when dealing with medical data are availability and confidentiality. Unavailability (even temporary) of medical data is expensive. Physicians may not be able to diagnose patients correctly, or they may have to repeat exams, adding to the overall costs of health care. In extreme cases availability of medical data can even be a matter of life or death. On the other hand, confidentiality of medical data is also important. Legislation requires medical facilities to observe the privacy of the patients, and states that patients have a final say on whether or not their medical data can be processed or not. Moreover, if physicians, or their EHR systems, are not trusted by the patients, for instance because of frequent privacy breaches, then patients may refuse to submit (correct) information, complicating the work of the physicians greatly. \ud
\ud
In traditional data protection systems, confidentiality and availability are conflicting requirements. The more data protection methods are applied to shield data from outsiders the more likely it becomes that authorized persons will not get access to the data in time. Consider for example, a password verification service that is temporarily not available, an access pass that someone forgot to bring, and so on. In this report we discuss a novel approach to data protection, Audit-based Compliance Control (AC2), and we argue that it is particularly suited for application in EHR systems. In AC2, a-priori access control is minimized to the mere authentication of users and objects, and their basic authorizations. More complex security procedures, such as checking user compliance to policies, are performed a-posteriori by using a formal and automated auditing mechanism. To support our claim we discuss legislation concerning the processing of health records, and we formalize a scenario involving medical personnel and a basic EHR system to show how AC2 can be used in practice. \ud
\ud
This report is based on previous work (Dekker & Etalle 2006) where we assessed the applicability of a-posteriori access control in a health care scenario. A more technically detailed article about AC2 recently appeared in the IJIS journal, where we focussed however on collaborative work environments (Cederquist, Corin, Dekker, Etalle, & Hartog, 2007). In this report we first provide background and related work before explaining the principal components of the AC2 framework. Moreover we model a detailed EHR case study to show its operation in practice. We conclude by discussing how this framework meets current trends in healthcare and by highlighting the main advantages and drawbacks of using an a-posteriori access control mechanism as opposed to more traditional access control mechanisms
An Audit Logic for Accountability
We describe and implement a policy language. In our system, agents can
distribute data along with usage policies in a decentralized architecture. Our
language supports the specification of conditions and obligations, and also the
possibility to refine policies. In our framework, the compliance with usage
policies is not actively enforced. However, agents are accountable for their
actions, and may be audited by an authority requiring justifications.Comment: To appear in Proceedings of IEEE Policy 200
Belief Semantics of Authorization Logic
Authorization logics have been used in the theory of computer security to
reason about access control decisions. In this work, a formal belief semantics
for authorization logics is given. The belief semantics is proved to subsume a
standard Kripke semantics. The belief semantics yields a direct representation
of principals' beliefs, without resorting to the technical machinery used in
Kripke semantics. A proof system is given for the logic; that system is proved
sound with respect to the belief and Kripke semantics. The soundness proof for
the belief semantics, and for a variant of the Kripke semantics, is mechanized
in Coq
The Audit Logic: Policy Compliance in Distributed Systems
We present a distributed framework where agents can share data along with usage policies. We use an expressive policy language including conditions, obligations and delegation. Our framework also supports the possibility to refine policies. Policies are not enforced a-priori. Instead policy compliance is checked using an a-posteriri auditing approach. Policy compliance is shown by a (logical) proof that the authority can systematically check for validity. Tools for automatically checking and generating proofs are also part of the framework.\u
The Design and Analysis of Context-Aware, Secure Workflow Systems
Workflows are set of activities that implement and realise business
goals. Modern business goals add extra requirements on workflow systems and their
management. Workflows may cross many organisations and utilise services on a
variety of devices and/or supported by different platforms. Current workflows are
therefore inherently context-aware. Each context is governed and constrained by its
own policies and rules to prevent unauthorised participants from executing sensitive
tasks and also to prevent tasks from accessing unauthorised services and/or data. We
present a sound and multi-layered design language for the design and analysis of
secure and context aware workflows systems
On Optimizing Compatible Security Policies in Wireless Networks
This paper deals with finding the maximum number of security policies without conflicts. By doing so we can remove security loophole that causes security violation. We present the problem of maximum compatible security policy and its relationship to the problem of maximum acyclic subgraph, which is proved to be NP-hard. Then we present a polynomial-time approximation algorithm and show that our result has approximation ratio for any integer with complexity
Context-Aware Analysis of Data Sharing Agreements
A Data Sharing Agreement is an agreement among contracting parties regulating how they share data under certain contextual conditions. Upon the definition phase, where the parties negotiate the respective authorizations on data covered by the agreement, the resulting policy may be analysed in order to identify possible conflicts or incompatibilities among authorizations clauses. In this paper, we propose a formal framework for Data Sharing Agreement analysis. Our proposal is built on a process algebra formalism dealing with contextual data, encoded into the Maude engine to make it executable. The effectiveness of the analysis is shown through a sensitive data sharing test bed. Furthermore, we present an implementation of the analyser exposed as a Web Service built on top of Maude. The Web Service technology allows the modularity of the whole architecture with respect to the analysis tool
IaaS-cloud security enhancement: an intelligent attribute-based access control model and implementation
The cloud computing paradigm introduces an efficient utilisation of huge computing
resources by multiple users with minimal expense and deployment effort
compared to traditional computing facilities. Although cloud computing has incredible
benefits, some governments and enterprises remain hesitant to transfer
their computing technology to the cloud as a consequence of the associated security
challenges. Security is, therefore, a significant factor in cloud computing
adoption. Cloud services consist of three layers: Software as a Service (SaaS), Platform
as a Service (PaaS), and Infrastructure as a Service (IaaS). Cloud computing
services are accessed through network connections and utilised by multi-users who
can share the resources through virtualisation technology. Accordingly, an efficient
access control system is crucial to prevent unauthorised access.
This thesis mainly investigates the IaaS security enhancement from an access
control point of view. [Continues.