63 research outputs found
An Interoperable Access Control System based on Self-Sovereign Identities
The extreme growth of the World Wide Web in the last decade together with recent scandals related to theft or abusive use of personal information have left users unsatisfied withtheir digital identity providers and concerned about their online privacy. Self-SovereignIdentity (SSI) is a new identity management paradigm which gives back control over personal information to its rightful owner - the individual. However, adoption of SSI on theWeb is complicated by the high overhead costs for the service providers due to the lackinginteroperability of the various emerging SSI solutions. In this work, we propose an AccessControl System based on Self-Sovereign Identities with a semantically modelled AccessControl Logic. Our system relies on the Web Access Control authorization rules usedin the Solid project and extends them to additionally express requirements on VerifiableCredentials, i.e., digital credentials adhering to a standardized data model. Moreover,the system achieves interoperability across multiple DID Methods and types of VerifiableCredentials allowing for incremental extensibility of the supported SSI technologies bydesign. A Proof-of-Concept prototype is implemented and its performance as well as multiple system design choices are evaluated: The End-to-End latency of the authorizationprocess takes between 2-5 seconds depending on the used DID Methods and can theoretically be further optimized to 1.5-3 seconds. Evaluating the potential interoperabilityachieved by the system shows that multiple DID Methods and different types of VerifiableCredentials can be supported. Lastly, multiple approaches for modelling required Verifiable Credentials are compared and the suitability of the SHACL language for describingthe RDF graphs represented by the required Linked Data credentials is shown
Privacy Preservation and Analytical Utility of E-Learning Data Mashups in the Web of Data
Virtual learning environments contain valuable data about students that can be correlated and analyzed to optimize learning. Modern learning environments based on data mashups that collect and integrate data from multiple sources are relevant for learning analytics systems because they provide insights into students' learning. However, data sets involved in mashups may contain personal information of sensitive nature that raises legitimate privacy concerns. Average privacy preservation methods are based on preemptive approaches that limit the published data in a mashup based on access control and authentication schemes. Such limitations may reduce the analytical utility of the data exposed to gain students' learning insights. In order to reconcile utility and privacy preservation of published data, this research proposes a new data mashup protocol capable of merging and k-anonymizing data sets in cloud-based learning environments without jeopardizing the analytical utility of the information. The implementation of the protocol is based on linked data so that data sets involved in the mashups are semantically described, thereby enabling their combination with relevant educational data sources. The k-anonymized data sets returned by the protocol still retain essential information for supporting general data exploration and statistical analysis tasks. The analytical and empirical evaluation shows that the proposed protocol prevents individuals' sensitive information from re-identifying.The Spanish National Research Agency (AEI) funded this research through the project CREPES (ref. PID2020-115844RB-I00) with ERDF funds
Serviços de integração de dados para aplicaçÔes biomédicas
Doutoramento em InformĂĄtica (MAP-i)In the last decades, the field of biomedical science has fostered
unprecedented scientific advances. Research is stimulated by the
constant evolution of information technology, delivering novel and
diverse bioinformatics tools. Nevertheless, the proliferation of new and
disconnected solutions has resulted in massive amounts of resources
spread over heterogeneous and distributed platforms. Distinct
data types and formats are generated and stored in miscellaneous
repositories posing data interoperability challenges and delays in
discoveries. Data sharing and integrated access to these resources
are key features for successful knowledge extraction.
In this context, this thesis makes contributions towards accelerating
the semantic integration, linkage and reuse of biomedical resources.
The first contribution addresses the connection of distributed and
heterogeneous registries. The proposed methodology creates a
holistic view over the different registries, supporting semantic
data representation, integrated access and querying. The second
contribution addresses the integration of heterogeneous information
across scientific research, aiming to enable adequate data-sharing
services. The third contribution presents a modular architecture to
support the extraction and integration of textual information, enabling
the full exploitation of curated data. The last contribution lies
in providing a platform to accelerate the deployment of enhanced
semantic information systems. All the proposed solutions were
deployed and validated in the scope of rare diseases.Nas Ășltimas dĂ©cadas, o campo das ciĂȘncias biomĂ©dicas proporcionou
grandes avanços cientĂficos estimulados pela constante evolução das
tecnologias de informação. A criação de diversas ferramentas na
årea da bioinformåtica e a falta de integração entre novas soluçÔes
resultou em enormes quantidades de dados distribuĂdos por diferentes
plataformas. Dados de diferentes tipos e formatos sĂŁo gerados
e armazenados em vĂĄrios repositĂłrios, o que origina problemas de
interoperabilidade e atrasa a investigação. A partilha de informação
e o acesso integrado a esses recursos sĂŁo caracterĂsticas fundamentais
para a extração bem sucedida do conhecimento cientĂfico.
Nesta medida, esta tese fornece contribuiçÔes para acelerar a
integração, ligação e reutilização semùntica de dados biomédicos. A
primeira contribuição aborda a interconexĂŁo de registos distribuĂdos e
heterogĂ©neos. A metodologia proposta cria uma visĂŁo holĂstica sobre
os diferentes registos, suportando a representação semùntica de dados
e o acesso integrado. A segunda contribuição aborda a integração
de diversos dados para investigaçÔes cientĂficas, com o objetivo de
suportar serviços interoperåveis para a partilha de informação. O
terceiro contributo apresenta uma arquitetura modular que apoia a
extração e integração de informaçÔes textuais, permitindo a exploração
destes dados. A Ășltima contribuição consiste numa plataforma web
para acelerar a criação de sistemas de informação semùnticos. Todas
as soluçÔes propostas foram validadas no ùmbito das doenças raras
An ontology based approach in health information systems: Blood test ontology example
<span>Health domain is a complex and distributed research area, where different institutions and people take and provide service, at the same time. Therefore, the health data about a patient is completely distributed among doctors, clinics, hospitals, pharmacies and insurance companies. To share and reuse the distributed, well-structured and semantically rich clinical data with the appropriate permissions from anywhere is one of the major areas that the research of information systems focused in healthcare domain in recent years. The semantic web provides a technological infrastructure with representing the meaning of data and reasoning new information from the existing knowledge for the healthcare domain. The blood, as the life fluid, gives hints to the clinicians about a patient's general health status by analyzing the ingredients in. The results of blood tests contain lots of information that can be used by different clinics. In the diagnostic phase, analyzing the blood for the same tests repeatedly delays to start the treatment process and increases the cost. The Blood Test Ontology is developed to model the blood tests semantically that is done in the health field and also to define information related with the blood and the blood tests as well as the relationships between them. The ontology in this work is developed with the aim to be used in the health information system, which should provide the querying, sharing and reusing the personalized the blood test result of the patients, as a knowledge base. The Blood Test Ontology is supported by the medical information standards to be able to interoperable with the other medical ontologies that are developed in the health.</span
Data Segmentation in Electronic Health Information Exchange: Policy Considerations and Analysis
The issue of whether and, if so, to what extent patients should have control over the sharing or withholding of their health information represents one of the foremost policy challenges related to electronic health information exchange. It is widely acknowledged that patients\u27 health information should flow where and when it is needed to support the provision of appropriate and high-quality care. Equally significant, however, is the notion that patients want their needs and preferences to be considered in the determination of what information is shared with other parties, for what purposes, and under what conditions. Some patients may prefer to withhold or sequester certain elements of health information, often when it is deemed by them (or on their behalf) to be sensitive, whereas others may feel strongly that all of their health information should be shared under any circumstance.
This discussion raises the issue of data segmentation, which we define for the purposes of this paper as the process of sequestering from capture, access or view certain data elements that are perceived by a legal entity, institution, organization, or individual as being undesirable to share. This whitepaper explores key components of data segmentation, circumstances for its use, associated benefits and challenges, various applied approaches, and the current legal environment shaping these endeavors
An Approach for Managing Access to Personal Information Using Ontology-Based Chains
The importance of electronic healthcare has caused numerous
changes in both substantive and procedural aspects of healthcare
processes. These changes have produced new challenges to patient
privacy and information secrecy. Traditional privacy policies cannot
respond to rapidly increased privacy needs of patients in electronic
healthcare. Technically enforceable privacy policies are needed in
order to protect patient privacy in modern healthcare with its cross
organisational information sharing and decision making.
This thesis proposes a personal information flow model that specifies
a limited number of acts on this type of information. Ontology
classified Chains of these acts can be used instead of the
"intended/business purposes" used in privacy access control to
seamlessly imbuing current healthcare applications and their
supporting infrastructure with security and privacy functionality. In
this thesis, we first introduce an integrated basic architecture, design
principles, and implementation techniques for privacy-preserving
data mining systems. We then discuss the key methods of privacypreserving
data mining systems which include four main methods:
Role based access control (RBAC), Hippocratic database, Chain
method and eXtensible Access Control Markup Language (XACML).
We found out that the traditional methods suffer from two main
problems: complexity of privacy policy design and the lack of context
flexibility that is needed while working in critical situations such as the
one we find in hospitals. We present and compare strategies for
realising these methods. Theoretical analysis and experimental
evaluation show that our new method can generate accurate data
mining models and safe data access management while protecting
the privacy of the data being mined. The experiments followed
comparative kind of experiments, to show the ease of the design first
and then follow real scenarios to show the context flexibility in saving
personal information privacy of our investigated method
Security Management Framework for the Internet of Things
The increase in the design and development of wireless communication technologies
offers multiple opportunities for the management and control of cyber-physical systems
with connections between smart and autonomous devices, which provide the delivery
of simplified data through the use of cloud computing. Given this relationship with the
Internet of Things (IoT), it established the concept of pervasive computing that allows
any object to communicate with services, sensors, people, and objects without human
intervention. However, the rapid growth of connectivity with smart applications through
autonomous systems connected to the internet has allowed the exposure of numerous
vulnerabilities in IoT systems by malicious users.
This dissertation developed a novel ontology-based cybersecurity framework to
improve security in IoT systems using an ontological analysis to adapt appropriate
security services addressed to threats. The composition of this proposal explores
two approaches: (1) design time, which offers a dynamic method to build security
services through the application of a methodology directed to models considering
existing business processes; and (2) execution time, which involves monitoring the IoT
environment, classifying vulnerabilities and threats, and acting in the environment,
ensuring the correct adaptation of existing services.
The validation approach was used to demonstrate the feasibility of implementing the
proposed cybersecurity framework. It implies the evaluation of the ontology to offer
a qualitative evaluation based on the analysis of several criteria and also a proof of
concept implemented and tested using specific industrial scenarios. This dissertation
has been verified by adopting a methodology that follows the acceptance in the research
community through technical validation in the application of the concept in an industrial
setting.O aumento no projeto e desenvolvimento de tecnologias de comunicação sem fio oferece
mĂșltiplas oportunidades para a gestĂŁo e controle de sistemas ciber-fĂsicos com conexĂ”es
entre dispositivos inteligentes e autĂŽnomos, os quais proporcionam a entrega de dados
simplificados através do uso da computação em nuvem. Diante dessa relação com
a Internet das Coisas (IoT) estabeleceu-se o conceito de computação pervasiva que
permite que qualquer objeto possa comunicar com os serviços, sensores, pessoas e objetos
sem intervenção humana. Entretanto, o råpido crescimento da conectividade com as
aplicaçÔes inteligentes através de sistemas autÎnomos conectados com a internet permitiu
a exposição de inĂșmeras vulnerabilidades dos sistemas IoT para usuĂĄrios maliciosos.
Esta dissertação desenvolveu um novo framework de cibersegurança baseada em
ontologia para melhorar a segurança em sistemas IoT usando uma anålise ontológica
para a adaptação de serviços de segurança apropriados endereçados para as ameaças. A
composição dessa proposta explora duas abordagens: (1) tempo de projeto, o qual oferece
um método dinùmico para construir serviços de segurança através da aplicação de uma
metodologia dirigida a modelos, considerando processos empresariais existentes; e (2)
tempo de execução, o qual envolve o monitoramento do ambiente IoT, a classificação de
vulnerabilidades e ameaças, e a atuação no ambiente garantindo a correta adaptação dos
serviços existentes.
Duas abordagens de validação foram utilizadas para demonstrar a viabilidade da
implementação do framework de cibersegurança proposto. Isto implica na avaliação da
ontologia para oferecer uma avaliação qualitativa baseada na anålise de diversos critérios
e tambĂ©m uma prova de conceito implementada e testada usando cenĂĄrios especĂficos.
Esta dissertação foi validada adotando uma metodologia que segue a validação na
comunidade cientĂfica atravĂ©s da validação tĂ©cnica na aplicação do nosso conceito em
um cenĂĄrio industrial
Informed e-Consent Framework for Privacy Preservation in South African Health Information Systems
The South African Constitution advocates the protection of personal information. Everyone has the right to privacy. This includes the protection of special information that relates to an individualâs biometrics, health, religion, or sex life, to name a few. This special information may be processed if it is necessary in law; if it is being processed for historical purposes; or if it has already been disseminated in public by the data subject If the aforementioned conditions are not met, the processing of special information is prohibited, unless the data subject has provided consent.
Given that health information is regarded as special information, consent must be obtained from the data subject before it is processed. If the special information is accessed by unauthorised parties it may influence decisions about the data subjectâs employment, access to credit, and education, and may even cause reputational or personal harm.
This research proposes an e-consent management approach which preserves the privacy of health information. The utilisation of privacy laws and guidelines such as, but not limited to, the Protection of Personal Information Act and the General Data Protection Regulation are used to develop a privacy preserving e-consent model, architectural design and prototype.Dissertation (MSc (Computer Science))--University of Pretoria, 2020.Council for Scientific and Industrial Research (CSIR)Computer ScienceMSc (Computer Science)Unrestricte
Context-Aware Service Creation On The Semantic Web
With the increase of the computational power of mobile devices, their new capabilities and the addition of new context sensors, it is possible to obtain more information from mobile users and to offer new ways and tools to facilitate the content creation process. All this information can be exploited by the service creators to provide mobile services with higher degree of personalization that translate into better experiences. Currently on the web, many data sources containing UGC provide access to them through classical web mechanisms (built on a small set of standards), that is, custom web APIs that promote the fragmentation of the Web. To address this issue, Tim Berners-Lee proposed the Linked Data principles to provide guidelines for the use of standard web technologies, thus allowing the publication of structured on the Web that can be accessed using standard database mechanisms. The increase of Linked Data published on the web, increases opportunities for mobile services take advantage of it as a huge source of data, information and knowledge, either user-generated or not. This dissertation proposes a framework for creating mobile services that exploit the context information, generated content of its users and the data, information and knowledge present on the Web of Data. In addition we present, the cases of different mobile services created to take advantage of these elements and in which the proposed framework have been implemented (at least partially). Each of these services belong to different domains and each of them highlight the advantages provided to their end user
- âŠ