122,095 research outputs found

    A Consent-based Workflow System for Healthcare Systems

    No full text
    In this paper, we describe a new framework for healthcare systems where patients are able to control the disclosure of their medical data. In our framework, the patient's consent has a pivotal role in granting or removing access rights to subjects accessing patient's medical data. Depending on the context in which the access is being executed, different consent policies can be applied. Context is expressed in terms of workflows. The execution of a task in a given workflow carries the necessary information to infer whether the consent can be implicitly retrieved or should be explicitly requested from a patient. However, patients are always able to enforce their own decisions and withdraw consent if necessary. Additionally, the use of workflows enables us to apply the need-to-know principle. Even when the patient's consent is obtained, a subject should access medical data only if it is required by the actual situation. For example, if the subject is assigned to the execution of a medical diagnosis workflow requiring access to the patient's medical record. We also provide a complex medical case study to highlight the design principles behind our framework. Finally, the implementation of the framework is outlined

    xDUCON: Cross Domain Usage Control through Shared Data Spaces

    No full text
    In this paper, we present a preliminary design of a framework for coordinating and enforcing usage control policies across different collaborating organisations. We named our framework xDUCON. The main goal of xDUCON is the specification of usage control policies that concisely capture conditions, authorisations, and obligations on both providers and consumers of resources. The novelty of xDUCON is its enforcement design that is based on the Shared Data Space (SDS) abstraction. The SDS allows the coordination of the decision and enforcement points abstracting from the details of the actual deployment of the framework. Moreover, the SDS abstraction caters for the necessary synchronisation facilities necessary to realise a concrete implementation of control usage framework such as support for entity mutability and control over long-lived sessions to evaluate the access rights of a subject while the access is being executed

    An Architectural Approach for Self-Managing Security Services

    No full text
    Self-managing systems are the focus of an increasing research activity since can provide a more robust way of building software artifacts. In this paper, we focus on self-managing systems for adapting the security concern. Providing security as a one-size-fits-all solution results in a system that is far too rigid to accommodate the needs of different application domains. Security mechanisms can depend on the hardware that is available and can be changed over time. Offering a system that can cope with such change without the need of major re-engineering is a major challenge. Moreover, not at all time the same security level has to be maintained. A system that can adapt its security mechanisms to the actual threat level can deliver better performance. In this paper, we provide an architecture for self-adapting the security concern to the actual context. Context is provided in terms of trust and threat values. Moreover, contextual information on resource consumption (e.g., memory and bandwidth) and system status (e.g., availability) can be provided

    xDUCON: Coordinating Usage Control Policies in Distributed Domains

    No full text
    In this paper, we present xDUCON a framework for coordinating and enforcing usage control policies across different collaborating organisations. xDUCON allows the specification of usage control policies that concisely capture conditions, authorisations, and obligations on both providers and consumers of resources. The xDUCON framework is based on the Shared Data Space (SDS) abstraction, where collaborating organisations share a data space containing tuples representing subjects, resources and usage policies. The SDS allows the coordination of the decision and enforcement points abstracting from the details of the actual deployment of the framework. As a consequence, xDUCON supports policies able to express richer and finer constraints compared to previous usage control models. Policies support entity mutability that is the changing of related subject and target attributes due to accesses being executed. The decision and enforcement points support ongoing control over long-lived sessions to evaluate the access rights of a subject while the access is being executed. If the context under which the rights were granted changes, xDUCON is able to revoke the access rights preventing the subject to use any longer the resource

    Policies for Self Tuning Home Networks

    No full text
    A home network (HN) is usually managed by a user who does not possess knowledge and skills required to perform management tasks. When abnormalities are detected, it is desirable to let the network tune itself under the direction of certain policies. However, self tuning tasks usually require coordination between several network components and most of the network management policies can only specify local tasks. In this paper, we propose a state machine based policy framework to address the problem of fault and performance management in the context of HN. Policies can be specified for complex management tasks as global state machines which incorporate global system behaviour monitoring and reactions. We demonstrate the policy framework through a case study in which policies are specified for dynamic selection of frequency channel in order to improve wireless link quality in the presence of RF interference

    A workflow-based access control framework for e-health applications

    No full text
    In this paper, we present a framework where access rights are provided to entities on the basis of the actual task that the entities must fulfill as part of their duties. For capturing the requirements of entities' duties we use the notion of workflow. Our main aim is to provide an access control mechanism that is able to balance the competing goals of flexibility and security. As the main beneficiary of our approach we consider e-Health Applications, where flexibility and security are major requirements. We also provide an implementation of a medical case study to illustrate the framework

    Shared and Searchable Encrypted Data for Untrusted Servers

    No full text
    Current security mechanisms pose a risk for organisations that outsource their data management to untrusted servers. Encrypting and decrypting sensitive data at the client side is the normal approach in this situation but has high communication and computation overheads if only a subset of the data is required, for example, selecting records in a database table based on a keyword search. New cryptographic schemes have been proposed that support encrypted queries over encrypted data but all depend on a single set of secret keys, which implies single user access or sharing keys among multiple users, with key revocation requiring costly data re-encryption. In this paper, we propose an encryption scheme where each authorised user in the system has his own keys to encrypt and decrypt data. The scheme supports keyword search which enables the server to return only the encrypted data that satisfies an encrypted query without decrypting it. We provide two constructions of the scheme giving formal proofs of their security. We also report on the results of a prototype implementation

    Flexible security policies for mobile agent systems

    No full text
    Mobile Agent (MA) technology raises significant security concerns and requires a thorough security framework with a wide range of strategies and mechanisms for the protection of both agent platform and MA against possibly malicious reciprocal behaviour. The security infrastructure should have the ability to flexibly and dynamically offer different solutions to achieve different qualities of security service depending on application requirements. Modern inter-organisational environments require sophisticated security policies that are difficult to implement in current MA platforms where policies are often directly hard-coded into applications, thus making difficult the reconfiguration required at any policy change. The paper proposes to integrate a policy-based framework within an MA system in order to flexibly model and control agent behaviour according to application specific requirements. © 2001 Elsevier Science B.V
    corecore