Toward privacy-preserving emergency access in EHR systems with data auditing

Widespread adoption of health information sharing is claimed to improve healthcare quality at reduced cost due to the ability for providers to share healthcare information rapidly, reliably, and securely. During emergency access, however, such sharing may affect patient privacy adversely and steps must be taken to ensure privacy is preserved. Australia and the US have taken different approaches toward health information sharing. The Australian approach broadly uses a push model where a summary record is extracted from local health records, and pushed into a centralized system accessed by providers. Under the US approach, providers during emergency access generally pull health records from a centralized system that typically replicates local health records. On the other hand, the centralized repository most likely will be a third party cloud provider that offers on demand availability of high quality and cost effective services. These features make cloud computing a perfect infrastructure for EHR systems. The fact that medical data are handled and managed by a third party cloud provider, however, requires additional security mechanisms, i.e. auditing, to preserve data confidentiality, integrity, and privacy. This thesis contrasts the Australian and US approaches to information sharing during emergency access, focusing on patient privacy preservation. It develops a generalized approach to enhance patient privacy during emergency access using push and pull approaches. It presents an auditing service implementation over a multi-cloud data repository. It finally shows preliminary results from a proof-of-concept EHR system

Handling Confidential Data on the Untrusted Cloud: An Agent-based Approach

Cloud computing allows shared computer and storage facilities to be used by a multitude of clients. While cloud management is centralized, the information resides in the cloud and information sharing can be implemented via off-the-shelf techniques for multiuser databases. Users, however, are very diffident for not having full control over their sensitive data. Untrusted database-as-a-server techniques are neither readily extendable to the cloud environment nor easily understandable by non-technical users. To solve this problem, we present an approach where agents share reserved data in a secure manner by the use of simple grant-and-revoke permissions on shared data.Comment: 7 pages, 9 figures, Cloud Computing 201

TAXONOMY OF SECURITY AND PRIVACY ISSUES IN SERVERLESS COMPUTING

The advent of cloud computing has led to a new era of computer usage. Networking and physical security are some of the IT infrastructure concerns that IT administrators around the world had to worry about for their individual environments. Cloud computing took away that burden and redefined the meaning of IT administrators. Serverless computing as it relates to secure software development is creating the same kind of change. Developers can quickly spin up a secure development environment in a matter of minutes without having to worry about any of the underlying infrastructure setups. In the paper, we will look at the merits and demerits of serverless computing, what is drawing the demand for serverless computing among developers, the security and privacy issues of serverless technology, and detail the parameters to consider when setting up and using a secure development environment based on serverless computin

Methods and Applications of Synthetic Data Generation

The advent of data mining and machine learning has highlighted the value of large and varied sources of data, while increasing the demand for synthetic data captures the structural and statistical characteristics of the original data without revealing personal or proprietary information contained in the original dataset. In this dissertation, we use examples from original research to show that, using appropriate models and input parameters, synthetic data that mimics the characteristics of real data can be generated with sufficient rate and quality to address the volume, structural complexity, and statistical variation requirements of research and development of digital information processing systems. First, we present a progression of research studies using a variety of tools to generate synthetic network traffic patterns, enabling us to observe relationships between network latency and communication pattern benchmarks at all levels of the network stack. We then present a framework for synthesizing large scale IoT data with complex structural characteristics in a scalable extraction and synthesis framework, and demonstrate the use of generated data in the benchmarking of IoT middleware. Finally, we detail research on synthetic image generation for deep learning models using 3D modeling. We find that synthetic images can be an effective technique for augmenting limited sets of real training data, and in use cases that benefit from incremental training or model specialization, we find that pretraining on synthetic images provided a usable base model for transfer learning

Orchestration in the Cloud-to-Things Compute Continuum: Taxonomy, Survey and Future Directions

IoT systems are becoming an essential part of our environment. Smart cities, smart manufacturing, augmented reality, and self-driving cars are just some examples of the wide range of domains, where the applicability of such systems has been increasing rapidly. These IoT use cases often require simultaneous access to geographically distributed arrays of sensors, and heterogeneous remote, local as well as multi-cloud computational resources. This gives birth to the extended Cloud-to-Things computing paradigm. The emergence of this new paradigm raised the quintessential need to extend the orchestration requirements i.e., the automated deployment and run-time management) of applications from the centralised cloud-only environment to the entire spectrum of resources in the Cloud-to-Things continuum. In order to cope with this requirement, in the last few years, there has been a lot of attention to the development of orchestration systems in both industry and academic environments. This paper is an attempt to gather the research conducted in the orchestration for the Cloud-to-Things continuum landscape and to propose a detailed taxonomy, which is then used to critically review the landscape of existing research work. We finally discuss the key challenges that require further attention and also present a conceptual framework based on the conducted analysis.Comment: Journal of Cloud Computing Pages: 2