Extensions and Experimental Evaluation of SAT-based solvers for the UAQ problem

Nowadays, most of the health organizations make use of Health Information Systems (HIS) to support the staff to provide patients with proper care service. In this context, security and privacy are key to establish trust between the actors involved in the healthcare process, including the patient. However, patients' privacy cannot jeopardize their safety: as a consequence, a compromise between the two must eventually be found. Privilege management and access control are necessary elements to provide security and privacy. In this thesis, we first present the main features that make the Role Based Access Control suitable for permissions management and access control in HIS. We then address the User Authorization Query (UAQ) problem for RBAC, namely the problem of determining the optimum set of roles to activate to provide the user with the requested permissions (if the user is authorized) while satisfying a set of Dynamic Mutually Exclusive Roles (DMER) constraints and achieving some optimization objective (least privilege versus availability). As a first contribution, we show how DMER can be used to support the enforcement of SoD. The UAQ problem is known to be NP-hard. Most of the techniques proposed in the literature to solve it have been experimentally evaluated by running them against different benchmark problems. However, the adequacy of the latter is seldom discussed. In this thesis, we propose a methodology for evaluating existing benchmarks or designing new ones: the methodology leverages the asymptotic complexity analysis of the solving procedures provided in other works to forsee the benchmarks complexity given the values of the most significant RBAC dimensions. First, we use our methodology to demonstrate that the state-of-the-art benchmarks are unsatisfactory. We then introduce UAQ-Solve, a tool that works both as generator of benchmarks and as UAQ solver leveraging existing PMAXSAT complete solvers. By using UAQ-Solve, we apply our methodology to generate a novel suite of parametric benchmarks that allows for the systematic assessment of UAQ solvers over a number of relevant dimensions. These include problems for which no polynomial-time algorithm is known as well as problems for which polynomial-time algorithms do exist. We then execute UAQ-Solve over our benchmarks to compare the performance of different complete and incomplete PMAXSAT solvers

Benchmarking UAQ solvers

The User Authorization Query (UAQ) Problem is key for RBAC systems that aim to offer permission level user-system interaction, where the system automatically determines the roles to activate in order to enable the requested permissions. Finding a solution to a UAQ problem amounts to determining an optimum set of roles to activate in a given session so to obtain some permissions while satisfying a collection of authorization constraints, most notably Dynamic Mutually-Exclusive Roles (DMER) constraints. Although the UAQ Problem is NP-hard, a number of techniques to solve the UAQ problem have been put forward along with encouraging, albeit inconclusive, experimental results. We propose a methodology for designing parametric benchmarks for the UAQ problem and make a novel suite of parametric benchmarks publicly available that allows for the systematic assessment of UAQ solvers over a number of relevant dimensions. By running three prominent UAQ solvers against our benchmarks, we provide a very comprehensive analysis showing (i) the shortcomings of currently available benchmarks, (ii) the adequacy of the proposed methodology and (iii) that the reduction to PMaxSAT is currently the most effective approach to tackling the UAQ problem

A case study on Service-Oriented Architecture for Serious Games

Service-Oriented Architecture (SOA) is a set of practices for architectural design of software that exploits services as loosely coupled components orchestrated to deliver various functionalities. The SOA paradigm is not well established in the Serious Games (SG) domain, but it is expected to provide benefits, particularly in reducing the conceptual and technological complexity of the development. In this paper, we propose and study the application of a SOA approach to SG development. We have used the SOA approach to develop an adaptive Serious Game for teaching basic elements of probability to high school and entry-level university students, called The Journey. Details of the architecture implementation are offered, as well as the results of an evaluation of the system using the Architecture Tradeoff Analysis Method (ATAM). Based on our experience, we argue that the SOA approach can make SG development shorter, more flexible and more focused

A SOA Based Solution for MDRO Surveillance and Improved Antibiotic Prescription in the Abruzzo Region

Prevention and control of hospital and community acquired infections caused by multi drug resistant organisms (MDROs) are one major priority nowadays for health care systems worldwide. To improve actions and plans to tackle this problem, the creation of automated regional, national and international MDRO surveillance networks is a mandatory path for international health Institutions and Ministries. In this paper, the authors report on the surveillance system designed for the Abruzzo Region (Central Italy) to monitor the prevalence of MDROs in both infected and colonized patients, to verify appropriateness of antibiotic prescription in hospitalized patients and to interact with other national and sovra-national networks. Service Oriented Architecture (SOA) approach, different Healthcare Service Specification Project (HSSP) standards, local, national and international terminology and Clinical Document Architecture Release 2 (CDA R2) were adopted to design the overall architecture of this regional surveillance system. The Authors discuss the state of implementation of the project, itemizing specific design and implementation choices adopted so far and sketching next steps and reasons of some design and implementation choices, and indicate the next steps