POPE: Partial Order Preserving Encoding

Recently there has been much interest in performing search queries over encrypted data to enable functionality while protecting sensitive data. One particularly efficient mechanism for executing such queries is order-preserving encryption/encoding (OPE) which results in ciphertexts that preserve the relative order of the underlying plaintexts thus allowing range and comparison queries to be performed directly on ciphertexts. In this paper, we propose an alternative approach to range queries over encrypted data that is optimized to support insert-heavy workloads as are common in "big data" applications while still maintaining search functionality and achieving stronger security. Specifically, we propose a new primitive called partial order preserving encoding (POPE) that achieves ideal OPE security with frequency hiding and also leaves a sizable fraction of the data pairwise incomparable. Using only O(1) persistent and $O(n^\epsilon)$ non-persistent client storage for $0<\epsilon<1$, our POPE scheme provides extremely fast batch insertion consisting of a single round, and efficient search with O(1) amortized cost for up to $O(n^{1-\epsilon})$ search queries. This improved security and performance makes our scheme better suited for today's insert-heavy databases.Comment: Appears in ACM CCS 2016 Proceeding

Computerized patient records--role-based information security in a federated environment

Thesis (M.S.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1994.Includes bibliographical references (p. 117-125).by Thomas Y. Lee.M.S

Semantic role-based access control

In this thesis we propose two semantic ontological role-based access control (RBAC) reasoning processes. These processes infer user authorisations according to a set of role permission and denial assignments, together with user role assignments. The first process, SO-RBAC (Semantic Ontological Role-Based Access Control) uses OWL-DL to store the ontology, and SWRL to perform reasoning. It is based mainly on RBAC models previously described using Prolog. This demonstrates the feasibility of writing an RBAC model in OWL and performing reasoning inside it, but is still tied closely to descriptive logic concepts, and does not effectively exploit OWL features such as the class hierarchy. To fully exploit the capabilities of OWL, it was necessary to enhance the SO-RBAC model by programming it in OWL-Full. The resulting OWL-Full model, ESO-RBAC (Enhanced Semantic Ontological Role-Based Access Control), uses Jena for performing reasoning, and allows an object-oriented definition of roles and of data items. The definitions of roles as classes, and users as members of classes representing roles, allows user-role assignments to be defined in a way that is natural to OWL. All information relevant to determining authorisations is stored in the ontology. The resulting RBAC model is more flexible than models based on predicate logic and relational database systems. There are three motivations for this research. First, we found that relational database systems do not implement all of the features of RBAC that we modelled in Prolog. Furthermore, implementations of RBAC in database management systems is always vendor-specific, so the user is dependent on a particular vendor's procedures when granting permissions and denials. Second, Prolog and relational database systems cannot naturally represent hierarchical data, which is the backbone of any semantic representation of RBAC models. An RBAC model should be able to infer user authorisations from a hierarchy of both roles and data types, that is, determine permission or denial from not just the type of role (which may include sub-roles), but also the type of data (which may include sub-types). Third, OWL reasoner-enabled ontologies allow us to describe and manipulate the semantics of RBAC differently, and consequently to address the previous two problems efficiently. The contribution of this thesis is twofold. First, we propose semantic ontological reasoning processes, which are domain and implementation independent, and can be run from any distributed computing environment. This can be developed through integrated development environments such as NetBeans and using OWL APIs. Second, we have pioneered a way of exploiting OWL and its reasoners for the purpose of defining and manipulating the semantics of RBAC. Therefore, we automatically infer OWL concepts according to a specific stage that we define in our proposed reasoning processes. OWL ontologies are not static vocabularies of terms and constraints that define the semantics of RBAC. They are repositories of concepts that allow ad-hoc inference, with the ultimate goal in RBAC of granting permissions and denials

The development and evaluation of a patient workstation

The objectives of this study were primarily to investigate the design and the use of a patient workstation in a gastro-enterology clinic. In particular, to investigate a more interactive form of patient-computer interviewing by combining computer interrogation of the patient with patient interrogation of the computer. The main question that this study addressed was whether or not patients should be offered more 'freedom' in their interaction with the computer such that they could stop or 'interrupt' the computer interview to find out more information. A subordinate question to the main question was whether or not, within the combined system, a 'tailored' or an adaptive type of information provision is 'better' than a more general type. A patient workstation was developed and evaluated to combine computer interrogation of the patient and patient interrogation of the computer. A new version of the existing GLAsgow diagnostic system for DYSpepsia-GLADYS was developed. This version allowed the combination of the 'pure' interviewing system GLADYS and an interactive health information system focused on the health needs of dyspeptic patients. Evaluation studies compared three situations for the system, where patients were automatically randomised to use on the of the three styles. (1) Style A: Computer interview or interrogation of the patient followed by patient interrogation of the computer, where the patient can seek general health information in gastro-enterology after the computer interview. (2) Style B: Same as style A but allows the patients to interrupt the computer interview to seek health information in gastro-enterology. (3) Style C: half of the patients from style B were presented with a selected range of information in gastro-enterology adapted to some degree to their own characteristics and to their interview responses

Medical Database Security

This paper shall restrict its focus to just the first component, but only because it serves as a foundation for all three aspects. The concept of confidentiality in the medical record is a long standing one, to say the least. Indeed, one of the oldest portions of the medical literature is the Hippocratic oath, which states in par

David B. Hill Medical Database Security

p

A STUDY ON IMPLEMENTATION PROBLEMS OF DISTRIBUTED SYSTEMS

ΣΤΗΝ ΕΡΓΑΣΙΑ ΑΥΤΗ ΜΕΛΕΤΩΝΤΑΙ ΚΑΙ ΠΡΟΤΕΙΝΟΝΤΑΙ ΛΥΣΕΙΣ ΓΙΑ ΤΑ ΠΡΟΒΛΗΜΑΤΑ ΥΛΟΠΟΙΗΣΗΣ ΤΩΝ ΚΑΤΑΝΕΜΗΜΕΝΩΝ ΥΠΟΛΟΓΙΣΤΙΚΩΝ ΣΥΣΤΗΜΑΤΩΝ ΜΕ ΙΔΙΑΙΤΕΡΗ ΕΜΦΑΣΗ ΣΤΑ ΚΑΤΑΝΕΜΗΜΕΝΑ ΠΛΗΡΟΦΟΡΙΑΚΑ ΣΥΣΤΗΜΑΤΑ ΝΟΣΟΚΟΜΕΙΩΝ (ΠΣΝ). ΕΝΤΑΣΣΕΤΑΙ ΣΤΟ ΠΛΑΙΣΙΟ ΤΗΣ ΕΙΣΑΓΩΓΗΣ ΠΛΗΡΟΦΟΡΙΑΚΩΝ ΣΥΣΤΗΜΑΤΩΝ ΣΤΟΥΣ ΕΛΛΗΝΙΚΟΥΣ ΝΟΣΗΛΕΥΤΙΚΟΥΣ ΟΡΓΑΝΙΣΜΟΥΣ ΚΑΙ ΙΔΙΑΙΤΕΡΑ ΣΤΟ ΝΟΣΟΚΟΜΕΙΟ ΑΝΑΦΟΡΑΣ, ΣΤΟ ΠΛΗΡΟΦΟΡΙΑΚΟ ΣΥΣΤΗΜΑ ΤΟΥ ΟΠΟΙΟΥ ΕΝΣΩΜΑΤΩΝΟΝΤΑΙ ΟΙ ΠΡΟΤΕΙΝΟΜΕΝΕΣ ΛΥΣΕΙΣ. ΣΤΗ ΔΙΑΤΡΙΒΗ ΑΥΤΗ ΠΡΟΤΕΙΝΟΝΤΑΙ: - ΜΙΑ ΕΝΑΛΛΑΚΤΙΚΗ ΜΕΘΟΔΟΣ ΑΝΑΠΤΥΞΗΣ ΤΗΣ ΥΠΟΛΟΓΙΣΤΙΚΗΣ ΚΑΙ ΕΠΙΚΟΙΝΩΝΙΑΚΗΣ ΥΠΟΔΟΜΗΣ, ΚΑΘΩΣ ΚΑΙ ΤΩΝ ΔΙΑΔΙΚΑΣΙΩΝ ΟΛΟΚΛΗΡΩΣΗΣ ΤΩΝ ΚΑΤΑΝΕΜΗΜΕΝΩΝ ΠΣΝ ΜΕ ΣΤΟΧΟ ΤΗΝ ΑΥΞΗΜΕΝΗ ΛΕΙΤΟΥΡΓΙΚΟΤΗΤΑ, ΦΙΛΙΚΟΤΗΤΑ, ΑΣΦΑΛΕΙΑ ΚΑΙ ΣΥΜΒΑΤΟΤΗΤΑ ΜΕ ΤΙΣ ΗΔΗ ΕΓΚΑΤΕΣΤΗΜΕΝΕΣ ΥΠΟΔΟΜΕΣ, ΕΠΕΚΤΑΣΙΜΟΤΗΤΑ, ΣΕ ΣΥΝΔΥΑΣΜΟ ΜΕ ΤΟ ΜΕΙΩΜΕΝΟ ΚΟΣΤΟΣ ΤΗΣ ΑΡΧΙΚΗΣΕΠΕΝΔΥΣΗΣ ΚΑΙ ΤΗ ΜΑΚΡΟΧΡΟΝΗ ΔΥΝΑΤΟΤΗΤΑ ΑΠΟΣΒΕΣΗΣ. - ΟΙ ΑΝΑΓΚΑΙΕΣ ΤΡΟΠΟΠΟΙΗΣΕΙΣ ΣΤΟΥΣ ΜΗΧΑΝΙΣΜΟΥΣ ΤΩΝ ΠΡΩΤΟΚΟΛΛΩΝ ΣΥΝΟΔΟΥ ΜΕ ΣΤΟΧΟ ΤΗ ΔΙΑΤΗΡΗΣΗ ΤΟΥ ΣΥΓΧΡΟΝΙΣΜΟΥ ΤΩΝ ΔΕΔΟΜΕΝΩΝ ΣΕ ΚΑΤΑΝΕΜΗΜΕΝΟ ΠΕΡΙΒΑΛΛΟΝ ΔΙΑΧΕΙΡΙΣΗΣ. - ΟΙ ΑΠΑΡΑΙΤΗΤΟΙ ΜΗΧΑΝΙΣΜΟΙ ΔΙΑΤΗΡΗΣΗΣ ΣΥΝΕΠΕΙΑΣ ΚΑΙ ΣΥΝΔΡΟΜΙΚΟΤΗΤΑΣ ΣΤΙΣ ΚΑΤΑΝΕΜΗΜΕΝΕΣ ΒΑΣΕΙΣΔΕΔΟΜΕΝΩΝ ΜΕ ΧΡΗΣΗ ΕΝΕΡΓΩΝ ΑΝΤΙΓΡΑΦΩΝ ΑΜΕΣΗΣ ΠΡΟΣΒΑΣΗΣ. - ΕΝΑ ΠΛΑΙΣΙΟ ΑΝΑΠΤΥΞΗΣ ΤΩΝ ΜΗΧΑΝΙΣΜΩΝ ΑΣΦΑΛΕΙΑΣ ΣΕ ΚΑΤΑΝΕΜΗΜΕΝΑ ΥΠΟΛΟΓΙΣΤΙΚΑ ΣΥΣΤΗΜΑΤΑ, ΛΑΜΒΑΝΟΝΤΑΣ ΥΠΟΨΗ ΤΙΣ ΙΔΙΑΙΤΕΡΟΤΗΤΕΣ ΤΗΣ ΔΙΑΧΕΙΡΗΣΗΣ ΤΩΝ ΙΑΤΡΙΚΩΝ ΠΛΗΡΟΦΟΡΙΩΝ.THIS THESIS IS A STUDY OF THE IMPLEMENTATION PROBLEMS OF DISTRIBUTED SYSTEMS. PARTICULAR ATTENTION HAS BEEN PAID TO THE PROBLEMS RELATED TO THE INTRODUCTION OF MULTIMEDIA TECHNOLOGY IN INTERHOSPITAL DISTRIBUTED INFORMATION AND COMMUNICATION SYSTEMS. IT PRESENTS AND DISCUSSES THE RESULTS OF A NUMBER OF TESTS UNDERTAKEN IN A REAL LIFE HOSPITAL ENVIRONMENT ON THE TRANSFER OF OBJECTS SIMULATING MULTIMEDIA INFORMATION IN INTERCONNECTED IEEE 802.3 NETWORKS. VARIOUSCOMPUTATIONAL ENVIRONMENT SCENARIOS HAVE BEEN CONSIDERED FOR THIS PURPOSE. THE OPERATIONAL PARAMETERS OF THE NETWORK HAVE BEEN MEASURED IN DETAIL. THE RESULTS OBTAINED AND THEIR INTERPRETATION ARE USED FOR THE ANALYSIS OF THE PROBLEMS THAT APPEAR. A NUMBER OF ALTERNATIVE WAYS FOR MANAGING MULTIMEDIA OBJECTSWITHIN HOSPITAL INFORMATION SYSTEMS ARE PRESENTED INCLUDING AN ALTERNATIVE COMMUNICATION ARCHITECTURE. WE ALSO TOUCH UPON OTHER ISSUES, AS THE IMPLEMENTATION OF TRAFFIC ISOLATION IN A DISTRIBUTED MEDICAL DATABASE ENVIRONMENT SUPPORTING MULTIMEDIA, THE CRITICAL ROLE OF THE NETWORK ACTIVE ELEMENTS IN THE OVERALL NETWORK STRUCTURE, THE REQUIRED SYNCHRONISATION MECHANISMS AND THE ROLE OFDISTRIBUTED MEDICAL DATABASE SYSTEMS WHICH SUPPORT REPLICA'S. THE GENERAL FRAMEWORK AND REQUIREMENTS FOR MEDICAL DATABASE SECURITY AND THE MAJOR SECURE DATABASE DEVELOPMENT METHODOLOGIES ARE DISCUSSED. AN EXPERIMENTAL IMPLEMENTATION WHICH AIMS TO IMPROVE MEDICAL DATABASE SECURITY IS THEN PRESENTED AND DISCUSSED