Accessing Patient Records in Virtual Healthcare Organisations

The ARTEMIS project is developing a semantic web service based P2P interoperability infrastructure for healthcare information systems that will allow healthcare providers to securely share patient records within virtual healthcare organisations. Authorisation decisions to access patient records across organisation boundaries can be very dynamic and must occur within a strict legislative framework. In ARTEMIS we are developing a dynamic authorisation mechanism called PBAC that provides a means of contextual and process oriented access control to enforce healthcare business processes. PBAC demonstrates how healthcare providers can dynamically share patient records for care pathways across organisation boundaries

Extended role-based access control model for enterprise systems and web services

This thesis intends to develop application-level access control models to address several major security issues in enterprise environments. The first goal is to provide simple and efficient authorization specifications to reduce the complexity of security management. The second goal is to provide dynamic access control for Web service applications. The third goal is to provide an access control framework for Semantic Web services. In this thesis, an Authorization-Function-Based Role-based Access Control (FB-RBAC) model is proposed for controlling enterprise systems at the application level. The unique features of the proposed model are authorization-function-based access control and constraint-based finegrained access control. This model significantly simplifies the management of an access control system by adopting roles and authorization-functions in authorization specifications. An extension of FB-RBAC, Extended FB-RBAC (ERBAC), is applied to Web service applications. New features such as credential-based access control and dynamic role assignment are added to FB-RBAC in order to address user heterogeneity and dynamicity in the Web environment. The proposed ERBAC model is then extended to support Semantic Web services. Each component of the ERBAC model is described by security ontologies. These correlated security ontologies are integrated with Semantic Web services to form a complete ontology network. Ontology-based role assignment is facilitated so that security information can be queries and discovered through a network of ontologies

A SEMANTIC BASED POLICY MANAGEMENT FRAMEWORK FOR CLOUD COMPUTING ENVIRONMENTS

Cloud computing paradigm has gained tremendous momentum and generated intensive interest. Although security issues are delaying its fast adoption, cloud computing is an unstoppable force and we need to provide security mechanisms to ensure its secure adoption. In this dissertation, we mainly focus on issues related to policy management and access control in the cloud. Currently, users have to use diverse access control mechanisms to protect their data when stored on the cloud service providers (CSPs). Access control policies may be specified in different policy languages and heterogeneity of access policies pose significant problems.An ideal policy management system should be able to work with all data regardless of where they are stored. Semantic Web technologies when used for policy management, can help address the crucial issues of interoperability of heterogeneous CSPs. In this dissertation, we propose a semantic based policy management framework for cloud computing environments which consists of two main components, namely policy management and specification component and policy evolution component. In the policy management and specification component, we first introduce policy management as a service (PMaaS), a cloud based policy management framework that give cloud users a unified control point for specifying authorization policies, regardless of where the data is stored. Then, we present semantic based policy management framework which enables users to specify access control policies using semantic web technologies and helps address heterogeneity issues of cloud computing environments. We also model temporal constraints and restrictions in GTRBAC using OWL and show how ontologies can be used to specify temporal constraints. We present a proof of concept implementation of the proposed framework and provide some performance evaluation. In the policy evolution component, we propose to use role mining techniques to deal with policy evolution issues and present StateMiner, a heuristic algorithm to find an RBAC state as close as possible to both the deployed RBAC state and the optimal state. We also implement the proposed algorithm and perform some experiments to demonstrate its effectiveness

Application of Nonparametric Techniques to Collaborative Recommender Systems

The introduction of the World Wide Web dramatically impacted our fundamental notion of information sharing, providing unparalleled awareness of both the power of information access and the penalty of information overload. Today’s research on Semantic Web techniques focuses on the next step, a Service Oriented Architecture supporting automated sharing of services as well as data. Personalized service/source recommendation tools, utilizing user preference data, would be extremely valuable in tailoring information access to the user. Much can be learned from the Recommender community about incorporating preference data into the retrieval process. However, it is critical that rigorous statistical techniques be maintained in combining results across data and service sources that are not under the control of a single developer. In this paper we explore the extension of nonparametric techniques to the development of Collaborative Recommenders and its impact on establishing a generalized recommendation service within a Service Oriented Architecture

A survey in using ontologies and rules reasoning in access control system

In today’s heavily cloud distributed-service period, access control systems are primary components to guarantee security and con- fidentiality of resource repositories. However, access control systems most widely used were deigned before this period of generalized service based infrastructure. This creates important difficulties in the maintenance of such systems. New approach in access control system, based on a formal and logical approach of security rules have been proposed that makes use of the semantic web technologies. In this paper we propose a survey of these semantic approaches together with a comparison of their respective strength depending on the considered use case.Facultad de Informátic

Distributed Search in Semantic Web Service Discovery

This thesis presents a framework for semantic Web Service discovery using descriptive (non-functional) service characteristics in a large-scale, multi-domain setting. The framework uses Web Ontology Language for Services (OWL-S) to design a template for describing non-functional service parameters in a way that facilitates service discovery, and presents a layered scheme for organizing ontologies used in service description. This service description scheme serves as a core for desigining the four main functions of a service directory: a template-based user interface, semantic query expansion algorithms, a two-level indexing scheme that combines Bloom filters with a Distributed Hash Table, and a distributed approach for storing service description. The service directory is, in turn, implemented as an extension of the Open Service Discovery Architecture. The search algorithms presented in this thesis are designed to maximize precision and completeness of service discovery, while the distributed design of the directory allows individual administrative domains to retain a high degree of independence and maintain access control to information about their services

Distributed service environment (smart spaces) security model development

Access control mechanisms play a key role in many areas of computer science, however, for the information provided on the basis of semantic web and established solutions don't exist. This work focuses on the research in this area, in particular to ensure the information security in distributed service environments (smart spaces), which are the most promising application of standards and technologies of semantic web. The main focus of this paper will be devoted to the analysis and investigation solutions to develop security model and mechanisms for a smart space platform, as well as its comprehensive testing. As a test platform was chosen Smart-M3 platform, which has the highest degree of elaboration and maximum prospects for further applications

Remote control service system architecture and dynamic web user interface generation

According to current development of internet technology, remote control over the internet becomes a heated discussed topic. Some recent technologies such as Service-Oriented Architecture (SOA), web service and ontology offer great opportunity for remote control over the internet and a lot of research has been done into this topic. However, there are still many challenges in architecture design and dynamic user interface generation. Architectures in this research field lack clear description of controlled machine model as well as related knowledge support. Also, there is little system support further control service development. There is little research on web user interface design for remote control system over the internet. The design of web user interface has the challenge of overcoming the limitations of web technology to satisfactorily support different machines, users and control process requirements. This work overcomes the limitations on architecture by offering a SOA based design which allows both multiple users and distributed machine access. The system applies a machine model for the description of the machine structure and functions, which help the system to reason about machine components and their relationships with instructions. With a web service based design, different machines can be connected via the system and execute user commands. Using semantic description and ontology based methods the system can automatically retrieve machine information and generate the structure and function descriptions for different machines. Moreover, the system provides services which can support further development in remote control services. The proposed architecture improves on former designs, and offers a flexible architecture for remote control services over the internet. An intelligent web user interface is also introduced in this work. The design separates the interface data structure from the data representation. Supported by the remote control service development environment, the user interface could adapt to the control sessions. Semantic descriptions are used to describe the page data structure, session context as well as control command. Therefore, control page content can be adapted by the computer to real time control session. At the same time, a session dependent navigation is designed to resolve the problem of changeable requirements for multiple-machine web user interface. With a message driven model and a session dependent semantic data structure, the required machine data can be analysed by the system and categorised according to user s requirements. Compare with other designs, this service offers a method for web user interface generation for different machines, users and can adapt to different control processes. The design is demonstrated in five evaluation scenarios aimed at testing different aspects of the system. Evaluation demonstrates the design proposed in this thesis is feasible. It also shows the design can be applied to different areas and adapted to different control related requirements well.EThOS - Electronic Theses Online ServiceGBUnited Kingdo