Healthcare teams over the Internet: programming a certificate-based approach
|
|
- Kerry Nash
- 8 years ago
- Views:
Transcription
1 International Journal of Medical Informatics (2003) 70, 161 /171 Healthcare teams over the Internet: programming a certificate-based approach Christos K. Georgiadis*, Ioannis K. Mavridis, George I. Pangalos Informatics Laboratory, Computers Division, Faculty of Technology, Aristotle University of Thessaloniki, Egnatia Str., Thessaloniki, Greece Received 9 December 2002; accepted 21 March 2003 KEYWORDS Health information systems; Information systems security; Healthcare teams; Internet; Digital certificates; Access control systems Summary Healthcare environments are a representative case of collaborative environments since individuals (e.g. doctors) in many cases collaborate in order to provide care to patients in a more proficient way. At the same time modern healthcare institutions are increasingly interested in sharing access of their information resources in the networked environment. Healthcare applications over the Internet offer an attractive communication infrastructure at worldwide level but with a noticeably great factor of risk. Security has, therefore, become a major concern. However, although an adequate level of security can be relied upon digital certificates, if an appropriate security model is used, additional security considerations are needed in order to deal efficiently with the above team-work concerns. The already known Hybrid Access Control (HAC) security model supports and handles efficiently healthcare teams with active security capabilities and is capable to exploit the benefits of certificate technology. In this paper we present the way for encoding the appropriate authoritative information in various types of certificates, as well as the overall operational architecture of the implemented access control system for healthcare collaborative environments over the Internet. A pilot implementation of the proposed methodology in a major Greek hospital has shown the applicability of the proposals and the flexibility of the access control provided Elsevier Ireland Ltd. All rights reserved. 1. Introduction A significant change regarding the functioning of healthcare information systems (HIS) is the transition from the conventional model of isolated HIS, *Corresponding author. Tel.: / ; fax: / addresses: gxri@auth.gr (C.K. Georgiadis), mavridis@uom.gr (I.K. Mavridis), pangalos@auth.gr (G.I. Pangalos). to the networked one [1]. Internet technologies provide unique opportunities for interaction and data sharing among doctors, patients, researchers and healthcare establishments (HCEs). However, these benefits come with a considerably greater factor of danger to the security [2]. This is because Internet s underlying protocols were not designed to offer secure communication services. As a consequence, additional security technologies are needed to tackle the significant security concerns for satisfying an increasing demand of modern HIS: in which ways these systems have to grow, in order /03/$ - see front matter 2003 Elsevier Ireland Ltd. All rights reserved. doi: /s (03)
2 162 C.K. Georgiadis et al. to become a well-trusted health information network. Latest efforts to maintain an acceptable level of Internet security rely on public-key cryptography (PKC) and digital certificates. A Public-Key Infrastructure (PKI) supports the management of digital certificates suitable for identification and authentication purposes. In addition, the emerging complementary Privilege Management Infrastructure (PMI) can provide other types of certificates that are particularly suitable for authorization purposes [3]. Therefore, in order to fully exploit digital certificates to shield transport and sharing of medical data and protect healthcare applications over the Internet there is a need of a suitable security model with appropriate structure, compatibility with the PKI and PMI environments [4] and ability to be propagated within distributed systems that spread on different healthcare institutions. A fundamental issue regarding access control management in HCEs is their co-operative nature. Healthcare environments are a representative case of collaborative environments since the individuals (e.g. doctors and nurses) in many cases do not act in isolation, but they collaborate with others in order to provide care to patients in a more proficient way (e.g. by forming care-teams [5]). The access privileges of each member of a team must conform to the current access requirements in order to accomplish the specific task of the team. As a result, in dynamically changing clinical workflow environments there is a need for active security permission activation [6,7]. In order to deal with the above issues, we propose in this paper the use of the already known Hybrid Access Control (HAC) security model, which supports and handles efficiently the concepts and structures of healthcare teams and is capable to exploit the benefits of certificate technology, as expressed in PKI and PMI environments, in distributed healthcare applications over the Internet. The resulting access control system is a particularly suitable security tool for healthcare collaborative environments. 2. Protection requirements in distributed HIS The increased mobility of the patient populations and the changes in the structure of HIS has resulted in a patient s computerized medical information being accumulated in a variety of locations. Today s HCEs use clinical electronic records that usually contain data that are shared between source systems that are involved in healthcare distributed applications, in order to provide information to internal users as well as external requests, payers, etc. Data may be accessed via remote workstations and complex networks supporting one or more organizations, and potentially within a national information infrastructure [8]. Distributed healthcare systems that are geographically dispersed over wide-area networks to support data sharing in restricted collaborations give rise to a range of requirements for distributed control of access. Among other things administration of such resources need to be handled by a programmed authorization infrastructure so that management of data availability and enforcement of access rules can be accomplished automatically. Security of HIS requires the use of special security policies that are able to preserve all the security components at the same time: confidentiality, integrity, availability and accountability. In addition, the way the medical and ward services are provided in HCEs can be characterized as patient-centred. This means that every new patient initiates a new case. Such a case is consisted of a different number of particular tasks according to the patient needs for care. As a consequence, the case of a patient is the main target of a group of doctors and nurses who are qualified to play specific roles in order to provide efficiently their services. Not only across different domains, but even within the same healthcare unit, the single doctor /patient relationship is being replaced by one in which the patient is managed by a team of health care professionals each specializing in one aspect of care. All the more, in the case of large HCEs, there is a significant turnover of staff as doctors, nurses and trainees undertake rotations in each of the different departments and units. As a result, user authentication and authorization procedures become heavy in such situations [9]. The already known HAC model [10], which is based on the RBAC [11] and emedac [12] models, satisfies the above mentioned protection requirements for HIS. In more detail, it provides a differentiated role-based [11] authorization mechanism for accessing medical records, depending on the particular values of the context parameters of users that form teams. The HAC model proposes that clinical tasks can be characterized during the runtime with a number of context factors, such as patient (a user gains additional permissions for a specific patient he is in care of), location (the collaborative activity depends on the specific area wherein the users of a particular team are working)
3 Healthcare teams over the Internet: programming a certificate-based approach 163 and time (all permissions are valid during a certain time interval). Furthermore, it provides mandatory security features [10,12]. 3. An overview of HAC model The HAC model is based on five sets of entities called users, roles, permissions, teams and contexts, as well as a collection of sessions (Fig. 1). A user (U) is simply a person (doctor or nurse). A role (R) is a job function within the organization with some associated semantics regarding the authority and responsibility conferred on a member of the role. Permissions (P), which are equivalent to privileges, authorizations and access rights are approvals of a particular mode of access to one or more data objects. The nature of permission depends on the implementation details of a system and the kind of system that it is. Thus, for a relational database management system, the objects of protection may be relations, tuples, attributes and views using modes of access operations such as SELECT, INSERT and UPDATE. User assignment (URS) and permission assignment (PRS) are both many-to-many relations. A user can be a member of many roles, and a role can be assigned to many users. Similarly, a role may have many permissions and the same permission can be assigned to many roles. These relations are the fundamentals concepts in RBAC [13]. Therefore, it is a user who exercises permissions. Using roles as intermediaries to enable users to exercise permissions provides more control advantages than directly relating users to permissions. An important property of a session (S) is that the user associated with a session, via the session-user function defined below, cannot change. The association remains constant for the life of a session. Sessions are also considered under the control of individual users. The distinction between a user and a session is useful only if users exercise discipline regarding the roles they normally invoke. A user should be allowed to login to a system with only those roles appropriate for a given occasion, in order to support the principle of least privilege [13]. So, each session is a mapping of one user to a set of roles, i.e. a user establishes a session during which the user activates some subset of roles that Fig. 1 The HAC access control model.
4 164 C.K. Georgiadis et al. he is a member of. The permissions available to the user are the union of permissions from all roles activated in that session. In addition, active roles in a session can be changed at the user s discretion. Ongoing activities, processes or tasks are related to some additional context (C) information, which defines mainly the involved users and data objects. In addition, other factors such as location and time may also be taken into consideration. The team (T) term is used as a concept that sums up a group of users in specific roles with the objective of completing a specific activity in a particular context. However, the team concept is more useful as a grouping mechanism that associates users with contexts. The placement of a team as an intermediary to enable a user to obtain a context is similar to the role usage. Even when a user is acting alone, we may consider him as the only member of his private team. During a session, a user can participate in a number of teams. So, each session is also a mapping of one user to a subset of teams that he is a member of. The contexts available to the user are the union of contexts from all teams that he participates in. Moreover, active teams in a session can be changed at the user s discretion, just like his active roles. A team can also be seen as a mapping to multiple users. The roles activated by these users identify the permission set available to the team as the union of permissions from all roles participating in that team. Context assignment (CTS) and team assignment (UTS) are both many-to-many relations. A team may have many contexts and the same context can be assigned to many teams. Similarly, a user can be a member of many teams, and a team may have many users. However, there are constraints when assigning user to teams. An obvious constraint is related to the roles already assigned to the user. There are mutually exclusive roles and teams, e.g. a user that has been assigned the roles Physician and Director cannot participate into a care-team as a Director Formal definition The following definition, which is based on the definitions of RBAC 0 [13] and emedac [12], provides some formalization to the above discussion Definition The HAC model has the following components [10]:. U, R, P, S, T, C, stand for users, roles, permissions, sessions, teams and contexts, respectively.. PRS /P /R, is a many-to-many permission to role assignment relation.. URS /U /R, is a many-to-many user to role assignment relation.. CTS /C /T, is a many-to-many context to team assignment relation.. UTS /U /T, is a many-to-many user to team assignment relation.. session-user: S 0/U, is a function mapping each session s i to the single user user(s i ) that is constant for the session s lifetime.. session-teams: S 0/2 T, is a function mapping each session s i to a set of teams teams(s i ) / {tj(user(s i ), t) /UTS}, which can change with time, and session s i has the contexts U t teams(si ) {cj(c, t) /CTS}.. team-users: T 0/2 U, is a function mapping each team t i to a set of users users(t i ) /{uj(u, t i ) / UTS}ffl/ / s j : user(s j )/u}, which can change with time.. HNH mechanism (construction of hierarchies): N, C, are sets of nodes and connections, respectively. HN /N /C, each hyper node HN is a double {N, C}. HNH /HN /HN, is a totally ordered hyper node hierarchy. HN and DN, disjoint sets of (regular) hyper nodes and dummy nodes, respectively. BC and LC, disjoint sets of branches and links, respectively. a node N i has a level (depth in the hierarchy) of number i. BC: N i 0/N i91?, branch is a function mapping a node to its ancestor node at the above level. LC: N i 0/N i?, link is a function mapping each node to its ancestor (hyper) node at the same level. Implementation of the security level and the category set in a HNH: a hyper node HN i has a security level of number i; the category set of a hyper node HN i is consisted of all its possible first ancestors. Implementation of a role hierarchy, as a HNH: URH /UR/UR, is a totally ordered hyper node hierarchy of roles (UR) that is also known as a dominance relation (written as ]/ in infix notation).. session-roles: S 0/2 R, is a function mapping each session s i to a set of roles roles(s i ) / {rj(( / r?]/r) [(user(s i ), r?) /URS]}, which can change with time. Session s i has the permissions U r {pj( / roles(si ) rƒ5/r) [(p, rƒ) /PRS]} and a security level that is the maximum of security
5 Healthcare teams over the Internet: programming a certificate-based approach 165 levels of roles(s i ) and a category set that is the union of category sets of roles(s i ).. team-roles: T 0/2 R, is a function mapping each team t i to a set of roles roles(t i ) /{rj(( / r?]/r) [(users(t i ), r?) /URS]}, which can change with time. Team t i has the permissions U r roles(ti ) {pj( / rƒ5/r) [(p, rƒ) /PRS]} and a security level that is the maximum of security levels of roles(t i ) and a category set that is the union of category sets of roles(t i ) Derivation of permission set The HAC model provides role-based permission assignment and team-based permission activation in order to access particular objects in a short period of time. After the completion of the user identification and authentication process, the user has to select a subset of roles from the set of roles already assigned to him. According to this selection, a particular set of role-based permissions is activated, called session-roles permissions. After the role selection, the user has to select a subset of teams to participate and gains the additional permissions from the roles activated by other users that are currently participating in the same teams. As already mentioned, teams can be seen as groups of current task contexts. As a result, by selecting a team, the user obtains also the context of his task. The team context consists of particular data objects and conditions, expressed in terms of ranges of values such as time, patients and location [10]. For every team there are available system variables, capable to hold sets of values of chosen factors. The binding of these variables to actual values is accomplished during the runtime by the administration staff of the hospital. Team contexts can be seen also as limitations or restrictions on objects and/or on conditions concerning the filtering of the access request, providing in such a way selections of the result sets. The final permission set of a user is filtered by using the context of the current task of his team. Any subsequent user access request is permitted only for the objects included in the context and during the period of his current task. In this way only the medical records of the patients charged to the user s team are accessible during the teamwork. In a more formal way, the expression u i / user(s i ) /U refers to a user u i who has been logged in the system during a session s i /S. Supposed that user u i has made the following choices for roles and teams: roles(s i )fr=(u i ; r) URSg teams(s i )ft=(u i ; t) UTSg Then, the following expressions are valid: users(t k t k teams(s i ) ug fu=(u; t k ) UTS ffl s j :user(s j ) The term users(t k ) stands for the set of users who are members of team t k, where t k /teams(s i ). This set of users is defined as the union of every team s individual user set. In other words, it is the union of team-users mappings: roles(t k t k teams(s i ) fr=users(t k ); r) URSg The function roles(t k ) stands for the set of roles, which are given to the members of every team t k, where t k /teams(s i ). This set of roles is defined as the union of every team s individual role set. In other words, it is the union of the team-roles function mappings. contexts(t k t k teams(s i ) fc=(c; t); r) CTSg The function contexts(t k ) stands for the set of contexts, which are attached to every team t k, where t k /teams(s i ). This set of contexts is defined as the union of every team s individual context. Then, according to the previous expressions, the two-steps permissions activation procedure is expressed as follows: Step 1: Initially, the role-based permissions of user u i (who has activated a subset of roles and participates in a subset of teams) are derived as follows: Role-based Permissions (u i )/Session-Roles Permissions (s i ) Team-Roles Permissions (teams(s i ))/Session-Roles Permissions (s i ) Team-Roles Permissions (t k )/@ r roles(si ) fp=(p; r) PRSg [/@ r roles(tk ) fp=(p; r) PRSg]//@ r roles(tk ) fp=/ /(p; r) PRSg:/ Step 2: The final permissions activated are the context-based permissions, which are derived from role-based permissions (step 1) with the following definition, where œ/ means filtered by : Context-based Permissions (u i )/Role-based Permissions (u i ) œ/ Team-Context (teams(s i ))/Rolebased Permissions (u i ) œ/ contexts(t k r roles(tk ) fp=(p; r) PRSg [/@ œ/ t k teams(s i ) fc=(c; t)/ / CTSg]:/ 4. Certificate-based security mechanisms In order to control the use of a networked resource, access management systems must make
6 166 C.K. Georgiadis et al. use of suitable authentication, authorization and policy handling services Authentication, PKI and identity certificates According to [3], two levels of authentication can be distinguished:. Simple authentication, using a password as a verification of claimed identity. It offers limited protection against unauthorized access.. Strong authentication, involving credentials formed using cryptographic techniques. A significant issue about implementing security over the Internet is that the concept and application of security is emerging in conjunction with the rapid development of the distributed networks (and their underlying technologies) it is tasked to secure. This is the case of PKI: it is essentially evolved as a management infrastructure surrounding PKC. Currently, there are two standards evolving in the field of PKI. This paper focus on the PKI using X.509 certificates (PKIX) implementation that has been more widely adapted and has earned the most commercial acceptance. The arrival of PKC was a breakthrough for distributed system security. Before PKC was available, users that wanted to confidentially exchange information required a secret key be shared between the two users. While the technology of secret (also known as symmetric, private or shared secret) keys was well established and had achieved pervasive acceptance, the main concern associated with using secret keys was key distribution, the method in which the keys would be exchanged. This problem still exists today. If secret keys are exchanged over an insecure network, any individual watching the network could gain access to the key and consequently, have the ability to pose as a legitimate user. PKC eases these problems, by allowing secure communication to occur without requiring any previous key exchange. Instead, when a user wants to communicate securely with another individual (either inside or outside the organization, permissible so long as binding trust relationship is established), the sender simply obtains a copy of the recipient s publicly available public key, typically in the form of a digital certificate. Identity Certificates (IC) or public key certificates [3] are widely used as a secure means for identification purposes in network environments. Using an IC to support a user s public key allows the certification authority (CA), which is implicitly trusted by all users, to sign the user s public key in order to maintain the integrity of the public key, expiration information and other important information contained within the IC. Once the sender has access to the intended recipient s IC, the sender would be able to encrypt messages for the recipient using recipient s public key. Only the holder of the private key associated with the IC (in this case, the recipient), would be able to decrypt the contents. The reverse is true for digital signatures, where the sender would sign a document or transaction with his/her private key, which could then be verified by the recipient using the sender s public key. Actually, it is more complicated, because the digital signature is applied to a hash of the message or transaction. In summary, public-key certificate framework or PKI allows for public key encryption and digital signature services and it may be utilized by applications with requirements for authentication, integrity, confidentiality and non-repudiation Authorization, PMI and attribute certificates Not all access control decisions are identitybased. For example, information about a user s current role may be more important than his identity. Modern research efforts [3,4,14] in this area conclude in a second kind of digital certificate, namely attribute certificate (AC). Attribute authority (AA) is the authority which assigns attributes (permissions or privileges) by signing the ACs. An AC is a separate structure from a subject s IC. A subject may have multiple ACs associated with each of its ICs. An AC certifies that its holder possesses specific authorizations (like group membership, role etc.). The use of ACs provides the required network-oriented protection, since in fact they are digitally signed sets of attributes. Revocation of ACs may or may not be needed. For example, in some environments, the AC validity periods may be very short (e.g. minutes), negating the need for a revocation scheme. Digital signatures are used in both PKI and PMI as the mechanism by which the authority that issues a certificate certifies the binding in the certificate. In PKI the digital signature of the issuing CA on an IC certifies the binding between the public-key material and the subject of the certificate. In PMI the digital signature of the issuing AA certifies the binding between the attributes and the holder of the certificate. The necessity for this different type of certificate is resulted by the fact that entity attributes
7 Healthcare teams over the Internet: programming a certificate-based approach 167 have lifetimes that do not match the validity period for an IC. Privileges often have a much shorter lifetime. The authority (AA) for assigning privileges is frequently other than the authority (CA) for issuing ICs and different privileges may be assigned by different AAs. Privileges may also be assigned based on a temporal context and the turn on/turn off aspect of privileges may well be asynchronous with the lifetime of the IC. The use of ACs provides a flexible PMI, which can be established and managed independently from a PKI. Although PKI and PMI are separate infrastructures and may be established independently from one another, they are related. The ITU-T specification [3], recommends that holders and issuers of AC be identified within AC by pointers to their appropriate IC. Authentication of the AC issuers and holders, to ensure that entities claiming attribute and issuing attribute are who they claim to be, is done using the normal processes of the PKI to authenticate identities. This authentication process is not duplicated within the AC framework. In summary, PMI may be utilized by applications with requirements for access control and authorizations Policy handling and access rule certificates Traditionally, authorization policies are managed in a relatively centralized manner. In distributed computing environments, however, policy control has to be decentralized because there are multiple, independent and geographically spread entities (individuals, organizations, institutes, notaries etc.) with authority to control access. Each of these parties is responsible to define access-rules for the protected resources and brings its own set of concerns [14]. So, many information security systems need to rely on the evaluation of upcoming rules to determine access permissions. This approach requires continuous connectivity and sophisticated directory services to contain and manage the relationships of information and most importantly its terms of use. In order to address authorizations distribution problems, we use a third type of digital certificate, namely the Access-Rule Certificate (RC). An RC is a data structure comparable to an IC and AC. It enables policy responsible parties to distribute access control rules remotely and securely, authorizing in this way access to specific resources. RCs are in fact, digitally signed sets of rules. In a fashion similar to an AA and a CA, a Rule Authority (RA) is considered as an entity trusted by one or more users to sign access-rule certificates. 5. Certificate-based implementation of HAC Certificate-based access management provides authentication strength, fine-grained access control and user accountability, so that if improper use is discovered, the administrator knows where to begin investigating. In our implementation approach, the scope is to demonstrate the benefits of digital certificates by using them as a safe means for communicating reliably critical security metadata. Therefore, their contribution becomes considerable concerning the flexibility of the implementation of the security policy that is in force. As we have seen previously, our approach exploits three types of certificates: identity, attribute and access-rule certificates. In the following implementation example, we use these three types of certificates in order to transmit securely via the Internet the critical security metadata that influence the behavior of the access control system in use Structure of AC and RC certificates To support the HAC model, we propose to use ACs for encoding the assigned roles and the assigned teams during a particular session. In general, the attributes component contained in a certain AC depends on the overall security policy that is in force. In our case, the role attribute (as it is described in [3]) may be utilized as follows: individuals are issued role assignment certificates that assign one or more roles to them through the role attribute contained in every one certificate. Besides the role attribute, an additional entry is required to contain the team attribute, in accordance to the HAC security model. The structure of our proposed role/team attribute certificate is presented in Fig. 2. It is worth mentioning that only in special situations a single AA signs attribute of both role and team type, as it is shown in Fig. 2. It is more likely that different AAs are authorized to encode role and team assignments. Thus, a privilege asserter (holder of a set of role/team ACs), may present his ACs to the privilege verifier (HAC system), demonstrating that he has particular roles and that he belongs to particular teams. HAC
8 168 C.K. Georgiadis et al.. PLE: each one entry of policy entity encodes (Fig. 4): short-name: the short-name of a user role, data set, team or user location that is going to be created or altered; value: the binding value or description of the previously mentioned short-name field.. CTS: the mechanism of context to team assignments (CTS), which can be further analyzed as (Fig. 5): patient to team, location to team and timezones to team assignments. In any case, all these assignments are encoded with the same format. The distribution of access-rule certificates is performed according to the push model, which involves the RA supplying the RCs directly to every security server [4]. Having already distributed the appropriate RCs, the authentication and authorization process is performed according to the following operational architecture. Fig. 2 Role/team attribute certificate. system may know a priori (e.g. may be locally configured), or may have to discover by some other means, the privileges associated with the asserted roles and teams, in order to make a deny/allow authorization decision. Apart from the solution of the role specification certificate, which is proposed in [3], we suggest a more complete answer for policy handling issues. As we have referred in previous section, we utilize a third type of certificates, the Access-Rule Certificate (RC). Below, we describe the structure of RCs. Then, the privileges and the contexts associated with the asserted roles and teams may be expressed through its PRS and CTS components, as it will be shown in the next paragraph. For the propagation of a security policy based on the HAC model, an RC must encode entries relative with at least one of the following types of control data:. PRS: a sequence of three items (user role, data set and access mode) that express an authorization rule, which is a tuple in the permission-toroles assignment (PRS) relation (Fig. 3).. HNH: the entries to construct the appropriate user role (URH) and data set (DSH) hierarchies, according to the HNH mechanism [10] Operational architecture The security system we have developed provides three types of security services: policy propagation, network-level identification and authorization, as well as access control services (Fig. 6) Policy handling services In distributed computing environments the process of propagating the access control mechanisms and authorization rules among different organizations is accomplished with Access-Rule Certificates. The inherited mechanisms are stored in the local base of access control metadata of HAC security server by accepting and validating the new coming access-rule certificates (according to the push model) from trusted Access-Rule Authorities Network-level identification and authorization services When a user initiates a new session, he must be first identified and authenticated, using his network-level credentials that could have the form of an X.509 IC. Then the user activates a subset of user roles (URs) and teams (UTs), in order to form his session-dependent user profile. His choices are used for the preparation and issuance of an AC request, which is then submitted to a trusted AA. The AA authenticates the information included in the user profile, sets the AC and issues it to the
9 Healthcare teams over the Internet: programming a certificate-based approach 169 Fig. 3 Example of recording PRS entries in an access rule certificate. user. Issued ACs are then used in subsequent access requests during the same session. An AC is sessiondependent and is valid only during the current session [4,7] Access control services The user places an access request and pushes it to the medical database server along with his session dependent profile. Then, the user profile, along with the user access request are examined by the access control server, which contains the required access control mechanisms, as well as the policy engine for the implementation of the HAC security mechanisms. The particular query of the user may be modified, if permitted according to the specific HAC security considerations that are in effect, or denied. 6. Results of experimental implementation The AHEPA University Hospital has been used as our test-bed for defining and implementing a minor access control system according to the proposed operational architecture. Our experimental implementation gives strong evidences that the most likely exposure areas in HCEs are satisfactory confronted. Indeed, the integration of a HAC-based policy with ACs and RCs, introduces great improve- Fig. 4 Example of recording PLE entries in an access rule certificate.
10 170 C.K. Georgiadis et al. Fig. 5 Example of recording CTS entries in an access rule certificate. ments in key-problematic issues such as: the accidental mistreatment of patient medical information, the lack of appropriate employee screening and supervision in healthcare domain, the failure to act properly in order to prevent, detect or correct privacy breaches, the inconsistencies in the implementation of security policies across affiliate healthcare organizations, the discrimination in the application of personnel task-procedures and the informal, undocumented or out-ofdate user authorizations. Moreover, the access control mechanisms of distributed HIS, are able to collect all the relevant user qualifications and statements (rules) and make an explicit access decision, without requiring static configuration information that must be centrally administered. 7. Conclusion The inability to share information across systems and between care organizations has been one of the impediments in the HCE s progress towards efficiency. Internet technology can be the answer for this problem, as it is expected to have an evergrowing impact on the delivery of medical information across all domains. However, the Internet has caused significant concerns about security. A significant segment of the challenge is the selection Fig. 6 Operational architecture.
11 Healthcare teams over the Internet: programming a certificate-based approach 171 of the security technologies and their application and integration into a practical and scalable solution. Many of the current technologies attempt to address these issues but fall short in a practical application that would hold back their use in dynamic healthcare corporate environments. Careful application of specific security technologies can provide innovative approaches to these issues to yield more practical and operable solutions. It is not enough to say that PKC may considerably reduce security concerns, since it can play an essential role in addressing authentication and authorization issues. It is important to realize that access control policies in HCEs may get the best of an approach that integrates them with PKI and PMI, as long as it has been clear the advantages and the limitations of certificate technology. In this paper we demonstrate such an implementation example that is based on the already known HAC security model, which supports and handles efficiently the concepts and structures of healthcare teams. The resulting system provides active security capabilities, it increases independence from temporal and spatial factors and reflects in a computing-communication environment, the general principles that have been established in HCEs for policy-based access control. References [1] S.K. Katsikas, Health care management and information systems security: awareness, training or education, Int. J. Med. Informatics 60 (2000) 129/135. [2] Department of Health and Human Services (USA), The HCFA Internet Communications Security and Appropriate Use Policy and Guidelines, Health Care Financing Administration, Office of Information Services, Security and Standards Group, February 1999, isecplcy.htm. [3] ITU-T Recommendation X.509. Information Technology: Open Systems Interconnection*/The Directory: Public Key and Attribute Certificate Frameworks, 2000, ISO/IEC :2001. [4] I. Mavridis, C.K. Georgiadis, G. Pangalos, M. Khair, Using Digital Certificates for Access Control in Clinical Intranet Applications, book edition of J. Technol. Health Care, vol. 8, Nos. 3, 4 (2000), ISSN , IOS Press, pp. 173 / 174. [5] R.K. Thomas, Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments, in: Proceedings of the Second ACM Workshop on Role-Based Access Control (RBAC 97), Fairfax, VA, USA, 6 /7 November, 1997, pp. 13 /19. [6] C.K. Georgiadis, I. Mavridis, G. Pangalos, R.K. Thomas, Flexible team-based access control using contexts, in: Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies (SACMAT 2001), Chantilly, VA, USA, May 2001, pp. 21/27. [7] C.K. Georgiadis, I. Mavridis, G. Pangalos, Implementing Context and Team Based Access Control in Healthcare Intranets, International Journal of Health Care Engineering Technology and Health Care (book edition), vol. 9, Number 6 (2001), ISSN , IOS Press, Special Issue: Abstracts of the Sixth World Congress on the Internet in Medicine (MEDNET 2001), Udine, Italy, December [8] The Computer-based Patient Record Institute. Description of the Computer-Based Patient Record (CPR) and Computer-Based Patient Record System. Prepared by the CPRI Work Group on CPR Description (WDES). May [9] J. Grimson, W. Grimson, W. Hasselbring, The System Integration (SI) Challenge in Health Care, Communications of the ACM. June 2000, vol. 43, No. 6, pp. 49/55. [10] C.K. Georgiadis, I. Mavridis, G. Pangalos, Context and role based hybrid access control for collaborative environments, in: Proceedings of the Fifth Nordic Workshop on Secure IT Systems-Encouraging Co-operation (NORDSEC 2000), Reykjavik, Iceland, 12 /13 October 2000, pp. 225 / 238. [11] R. Sandhu, D. Ferraiolo, R. Kuhn, The NIST model for rolebased access control: towards a unified standard, in: Proceedings of the Fifth ACM Workshop on Role-Based Access Control (RBAC 2000), Technical University of Berlin, Berlin, Germany, 26/28 July 2000, pp. 47/63. [12] I. Mavridis, G. Pangalos, M. Khair, emedac: role-based access control supporting discretionary and mandatory features, in: Proceedings of 13th IFIP WG 11.3 Working Conference on Database Security, Seattle, WA, USA, 25 /28 July 1999, pp. 55/63. [13] R. Sandhu, Role-Based Access Control, Advances in Computers, vol. 46, Academic Press, [14] W. Johnston, S. Mudumbai, M. Thompson, Authorization and attribute certificates for widely distributed access control, in: Proceedings of IEEE Seventh International Workshop on Enabling Technologies: Infrastructures for Collaborative Enterprises (WETICE 98), Stanford, USA, 1998.
An Application of Integrating Role and Lattice Based Access Control in Database Engineering
An Application of Integrating Role and Lattice Based Access Control in Database Engineering Ioannis Mavridis 1, George Pangalos 2, Stavros Kortesis 2 and Isabella Kotini 3 1 Department of Applied Informatics
More informationAn Object Oriented Role-based Access Control Model for Secure Domain Environments
International Journal of Network Security, Vol.4, No.1, PP.10 16, Jan. 2007 10 An Object Oriented -based Access Control Model for Secure Domain Environments Cungang Yang Department of Electrical and Computer
More informationRole-Based Access Control Requirements Model with Purpose Extension
Role-Based Access Control Requirements Model with Purpose Extension Faranak Farzad 1, Eric Yu Faculty of Information Studies University of Toronto, Canada Patrick C. K. Hung Faculty of Business and Information
More informationChapter 23. Database Security. Security Issues. Database Security
Chapter 23 Database Security Security Issues Legal and ethical issues Policy issues System-related issues The need to identify multiple security levels 2 Database Security A DBMS typically includes a database
More informationAdministration of Access Control in Information Systems Using URBAC Model
JOURNAL OF APPLIED COMPUTER SCIENCE Vol. 19 No. 2 (2011), pp. 89-109 Administration of Access Control in Information Systems Using URBAC Model Aneta Poniszewska-Marańda Institute of Information Technology
More informationOpenHRE Security Architecture. (DRAFT v0.5)
OpenHRE Security Architecture (DRAFT v0.5) Table of Contents Introduction -----------------------------------------------------------------------------------------------------------------------2 Assumptions----------------------------------------------------------------------------------------------------------------------2
More informationDYNAMIC ACCESS CONTROL MANAGEMENT USING EXPERT SYSTEM TECHNOLOGY
DYNAMIC ACCESS CONTROL MANAGEMENT USING EXPERT SYSTEM TECHNOLOGY Prof. G. Pangalos (pangalos@auth.gr) G. Vakaros Ms.C. ( vakaros@arrow.com.gr), Ch. Georgiadis Ph.D. ( gxri@auth.gr) Informatics Lab, Faculty
More informationSituation, Team and Role based Access Control
Journal of Computer Science 7 (5): 629-637, 2011 ISSN 1549-3636 2011 Science Publications Situation, Team and Role based Access Control Kyoji Kawagoe and Keisuke Kasai Department of Information and Communication
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationBusiness Issues in the implementation of Digital signatures
Business Issues in the implementation of Digital signatures Much has been said about e-commerce, the growth of e-business and its advantages. The statistics are overwhelming and the advantages are so enormous
More informationInter-domain authorization and delegation for business-to-business e-commerce.
Inter-domain authorization and delegation for business-to-business e-commerce. Pietro Michiardi and Refik Molva {First Name.Last Name}@eurecom.fr Institut Eurécom, 2229 Route des Crêtes BP 193 06904 Sophia-Antipolis
More informationSecurity Digital Certificate Manager
IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,
More informationJournal of Electronic Banking Systems
Journal of Electronic Banking Systems Vol. 2015 (2015), Article ID 614386, 44 minipages. DOI:10.5171/2015.614386 www.ibimapublishing.com Copyright 2015. Khaled Ahmed Nagaty. Distributed under Creative
More informationImplement role based access control with attribute certificates
Implement role based access control with attribute certificates Wei Zhou Computer Science Department University of Trier D-54286 Trier, Germany zhouwei48@hotmail.com Christoph Meinel Computer Science Department
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationAuthentication Application
Authentication Application KERBEROS In an open distributed environment servers to be able to restrict access to authorized users to be able to authenticate requests for service a workstation cannot be
More informationCHAPTER 1 INTRODUCTION
1 CHAPTER 1 INTRODUCTION 1.1 Introduction Cloud computing as a new paradigm of information technology that offers tremendous advantages in economic aspects such as reduced time to market, flexible computing
More informationCryptography and Network Security Chapter 14
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Key Management and Distribution No Singhalese, whether man or woman, would venture
More informationKey Management Interoperability Protocol (KMIP)
(KMIP) Addressing the Need for Standardization in Enterprise Key Management Version 1.0, May 20, 2009 Copyright 2009 by the Organization for the Advancement of Structured Information Standards (OASIS).
More informationA Semantic Approach for Access Control in Web Services
A Semantic Approach for Access Control in Web Services M. I. Yagüe, J. Mª Troya Computer Science Department, University of Málaga, Málaga, Spain {yague, troya}@lcc.uma.es Abstract One of the most important
More informationThe DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions
The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions May 3, 2004 TABLE OF CONTENTS GENERAL PKI QUESTIONS... 1 1. What is PKI?...1 2. What functionality is provided by a
More informationEricsson Group Certificate Value Statement - 2013
COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...
More informationTERMS OF USE FOR PUBLIC LAW CORPORATION PERSONAL CERTIFICATES FOR QUALIFIED DIGITAL SIGNATURE
TERMS OF USE FOR PUBLIC LAW CORPORATION PERSONAL CERTIFICATES FOR QUALIFIED DIGITAL SIGNATURE Prior to the verification of the electronic certificate, or to access or use the certificate status information
More informationImplementing XML-based Role and Schema Migration Scheme for Clouds
Implementing XML-based Role and Schema Migration Scheme for Clouds Gurleen Kaur 1, Sarbjeet Singh 2 Computer Science and Engineering, UIET Panjab University, Chandigarh, India 1 gurleenturka@gmail.com
More informationCryptography and Network Security Chapter 14. Key Distribution. Key Management and Distribution. Key Distribution Task 4/19/2010
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Key Management and Distribution No Singhalese, whether man or woman, would venture
More informationTERMS OF USE TITLE CERTIFICATES FOR ELECTRONIC SIGNATURE
TERMS OF USE FOR TITLE CERTIFICATES FOR ELECTRONIC SIGNATURE Prior to the verification of the electronic certificate, or to access or use the certificate status information and other information contained
More informationMeeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)
Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Executive Summary...3 Background...4 Internet Growth in the Pharmaceutical Industries...4 The Need for Security...4
More informationIntroduction to Network Security Key Management and Distribution
Introduction to Network Security Key Management and Distribution Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science and Technology cetinkayae@mst.edu http://web.mst.edu/~cetinkayae/teaching/cpe5420fall2015
More informationA Study on Secure Electronic Medical DB System in Hospital Environment
A Study on Secure Electronic Medical DB System in Hospital Environment Yvette E. Gelogo 1 and Sungwon Park 2 * 1 Catholic University of Daegu, Daegu, Korea 2 Department of Nursing, Hannam University, 133
More informationCS 356 Lecture 28 Internet Authentication. Spring 2013
CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationModule 7 Security CS655! 7-1!
Module 7 Security CS655! 7-1! Issues Separation of! Security policies! Precise definition of which entities in the system can take what actions! Security mechanism! Means of enforcing that policy! Distributed
More informationChapter 10. Cloud Security Mechanisms
Chapter 10. Cloud Security Mechanisms 10.1 Encryption 10.2 Hashing 10.3 Digital Signature 10.4 Public Key Infrastructure (PKI) 10.5 Identity and Access Management (IAM) 10.6 Single Sign-On (SSO) 10.7 Cloud-Based
More informationAN ENHANCED ATTRIBUTE BASED ENCRYPTION WITH MULTI PARTIES ACCESS IN CLOUD AREA
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 1, January 2014,
More informationPart III-a. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT
Part III-a Contents Part III-a Public-Key Infrastructure (PKI) Definition of a PKI and PKI components PKI Trust Models Digital Certificate, X.509 Certificate Management and Life Cycle Public Key Infrastructure
More informationNeutralus Certification Practices Statement
Neutralus Certification Practices Statement Version 2.8 April, 2013 INDEX INDEX...1 1.0 INTRODUCTION...3 1.1 Overview...3 1.2 Policy Identification...3 1.3 Community & Applicability...3 1.4 Contact Details...3
More informationCHAPTER 2 DATABASE MANAGEMENT SYSTEM AND SECURITY
CHAPTER 2 DATABASE MANAGEMENT SYSTEM AND SECURITY 2.1 Introduction In this chapter, I am going to introduce Database Management Systems (DBMS) and the Structured Query Language (SQL), its syntax and usage.
More informationPublic-Key Infrastructure
Public-Key Infrastructure Technology and Concepts Abstract This paper is intended to help explain general PKI technology and concepts. For the sake of orientation, it also touches on policies and standards
More informationPublic Key Infrastructure. A Brief Overview by Tim Sigmon
Public Key Infrastructure A Brief Overview by Tim Sigmon May, 2000 Fundamental Security Requirements (all addressed by PKI) X Authentication - verify identity of communicating parties X Access Control
More informationEntrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0
Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust
More informationRole-based Authorization Constraints Specification Using Object Constraint Language
Role-based Authorization Constraints Specification Using Object Constraint Language Gail-Joon Ahn Department of Computer Science University of North Carolina at Charlotte gahn@uncc.edu Michael. E. Shin
More informationRevocation in the privilege calculus
Revocation in the privilege calculus Babak Sadighi Firozabadi 1 and Marek Sergot 2 1 Swedish Institute of Computer Science (SICS) babak@sics.se 2 Imperial College of Science, Technology and Medicine mjs@doc.ic.ac.uk
More informationRole Based Encryption with Efficient Access Control in Cloud Storage
Role Based Encryption with Efficient Access Control in Cloud Storage G. V. Bandewar 1, R. H. Borhade 2 1 Department of Information Technology, Sinhgad Technical Education Society s SKNCOE, Pune, India
More informationAuthentication Applications
Authentication Applications CSCI 454/554 Authentication Applications will consider authentication functions developed to support application-level authentication & digital signatures Kerberos a symmetric-key
More informationLecture VII : Public Key Infrastructure (PKI)
Lecture VII : Public Key Infrastructure (PKI) Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Computer Science Department, National Chiao Tung University 2 Problems with Public
More informationSavitribai Phule Pune University
Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter
More informationHIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER
HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER With technology everywhere we look, the technical safeguards required by HIPAA are extremely important in ensuring that our information
More informationChapter 15 User Authentication
Chapter 15 User Authentication 2015. 04. 06 Jae Woong Joo SeoulTech (woong07@seoultech.ac.kr) Table of Contents 15.1 Remote User-Authentication Principles 15.2 Remote User-Authentication Using Symmetric
More informationSecure Role-Based Access Control on Encrypted Data in Cloud Storage using Raspberry PI
Volume: 2, Issue: 7, 20-27 July 2015 www.allsubjectjournal.com e-issn: 2349-4182 p-issn: 2349-5979 Impact Factor: 3.762 Miss Rohini Vidhate Savitribai Phule Pune University. Mr. V. D. Shinde Savitribai
More informationCHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS
70 CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS 4.1 INTRODUCTION In this research work, a new enhanced SGC-PKC has been proposed for improving the electronic commerce and
More informationCERTIFICATE. certifies that the. Info&AA v1.0 Attribute Service Provider Software. developed by InfoScope Ltd.
CERTIFICATE HUNGUARD Informatics and IT R&D and General Service Provider Ltd. as a certification authority assigned by the assignment document No. 001/2010 of the Minister of the Prime Minister s Office
More informationSecure cloud access system using JAR ABSTRACT:
Secure cloud access system using JAR ABSTRACT: Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis. A major feature of the cloud services is that
More informationUnderstanding digital certificates
Understanding digital certificates Mick O Brien and George R S Weir Department of Computer and Information Sciences, University of Strathclyde Glasgow G1 1XH mickobrien137@hotmail.co.uk, george.weir@cis.strath.ac.uk
More informationUnderstanding and Integrating KODAK Picture Authentication Cameras
Understanding and Integrating KODAK Picture Authentication Cameras Introduction Anyone familiar with imaging software such as ADOBE PHOTOSHOP can appreciate how easy it is manipulate digital still images.
More informationA Model for Context-dependent Access Control for Web-based Services with Role-based Approach
A Model for Context-dependent Access Control for Web-based Services with Role-based Approach Ruben Wolf, Thomas Keinz, Markus Schneider FhG Institute for Secure Telecooperation (SIT), 64293 Darmstadt,
More informationPostSignum CA Certification Policy applicable to qualified personal certificates
PostSignum CA Certification Policy applicable to qualified personal certificates Version 3.0 7565 Page 1/60 TABLE OF CONTENTS 1 Introduction... 5 1.1 Review... 5 1.2 Name and clear specification of a document...
More informationReference Guide for Security in Networks
Reference Guide for Security in Networks This reference guide is provided to aid in understanding security concepts and their application in various network architectures. It should not be used as a template
More informationNational Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016
National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy Version 1.1 February 2, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents TABLE OF CONTENTS I 1 INTRODUCTION
More informationDr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C
Cunsheng Ding, HKUST Lecture 06: Public-Key Infrastructure Main Topics of this Lecture 1. Digital certificate 2. Certificate authority (CA) 3. Public key infrastructure (PKI) Page 1 Part I: Digital Certificates
More informationSP 800-130 A Framework for Designing Cryptographic Key Management Systems. 5/25/2012 Lunch and Learn Scott Shorter
SP 800-130 A Framework for Designing Cryptographic Key Management Systems 5/25/2012 Lunch and Learn Scott Shorter Topics Follows the Sections of SP 800-130 draft 2: Introduction Framework Basics Goals
More informationDIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES
DIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES Saiprasad Dhumal * Prof. K.K. Joshi Prof Sowmiya Raksha VJTI, Mumbai. VJTI, Mumbai VJTI, Mumbai. Abstract piracy of digital content is a one of the
More informationCertificate Management in Ad Hoc Networks
Certificate Management in Ad Hoc Networks Matei Ciobanu Morogan, Sead Muftic Department of Computer Science, Royal Institute of Technology [matei, sead] @ dsv.su.se Abstract Various types of certificates
More informationContext-Aware Role-based Access Control in Pervasive Computing Systems
Context-Aware Role-based Access Control in Pervasive Computing Systems Devdatta Kulkarni and Anand Tripathi Dept. of Computer Science, University of Minnesota Twin Cities, MN 55455, USA (dkulk,tripathi)@cs.umn.edu
More informationChapter 23. Database Security. Security Issues. Database Security
Chapter 23 Database Security Security Issues Legal and ethical issues Policy issues System-related issues The need to identify multiple security levels 2 Database Security A DBMS typically includes a database
More informationBest Practices, Procedures and Methods for Access Control Management. Michael Haythorn
Best Practices, Procedures and Methods for Access Control Management Michael Haythorn July 13, 2013 Table of Contents Abstract... 2 What is Access?... 3 Access Control... 3 Identification... 3 Authentication...
More informationLeveraging UML for Security Engineering and Enforcement in a Collaboration on Duty and Adaptive Workflow Model that Extends NIST RBAC
Leveraging UML for Security Engineering and Enforcement in a Collaboration on Duty and Adaptive Workflow Model that Extends NIST RBAC S. Berhe 1, S. Demurjian 1, S. Gokhale 1, J. Pavlich-Mariscal 2,3,
More informationASSURANCE OF PATIENT CONTROL TOWARDS PERSONAL HEALTH DATA
INTERNATIONAL JOURNAL OF ADVANCED RESEARCH IN ENGINEERING AND SCIENCE ASSURANCE OF PATIENT CONTROL TOWARDS PERSONAL HEALTH DATA Mahammad Zennyfor Sulthana 1, Shaik Habeeba 2 1 M.Tech Student, Dept of CS
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More information1. Introduction. 2. Background. 2.1. Cloud computing in a nutshell
Title: Towards new access control models for Cloud computing systems Category: 'In the Cloud' - Security Author name: Gouglidis Antonios City, Country: Thessaloniki, Greece Year of study, Course Title:
More informationEvaluate the Usability of Security Audits in Electronic Commerce
Evaluate the Usability of Security Audits in Electronic Commerce K.A.D.C.P Kahandawaarachchi, M.C Adipola, D.Y.S Mahagederawatte and P Hewamallikage 3 rd Year Information Systems Undergraduates Sri Lanka
More informationUnderstanding Digital Signature And Public Key Infrastructure
Understanding Digital Signature And Public Key Infrastructure Overview The use of networked personnel computers (PC s) in enterprise environments and on the Internet is rapidly approaching the point where
More informationOFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES
OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT
More informationDatabase Security and Authorization
Database Security and Authorization 1 Database Security and Authorization 1.1 Introduction to Database Security Issues 1.2 Types of Security 1.3 Database Security and DBA 1.4 Access Protection, User Accounts,
More informationWIRELESS PUBLIC KEY INFRASTRUCTURE FOR MOBILE PHONES
WIRELESS PUBLIC KEY INFRASTRUCTURE FOR MOBILE PHONES Balachandra Muniyal 1 Krishna Prakash 2 Shashank Sharma 3 1 Dept. of Information and Communication Technology, Manipal Institute of Technology, Manipal
More informationSync Security and Privacy Brief
Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical
More informationMulti Tenancy Access Control Using Cloud Service in MVC
Multi Tenancy Access Control Using Cloud Service in MVC 1 Sonia Gupta, 2 Rubal Choudary Indo Global College of Engg, Abhipur, Mohali Abstract - Cloud Computing is the next generation Internet service and
More informationThe basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.
Elements of Email Email Components There are a number of software components used to produce, send and transfer email. These components can be broken down as clients or servers, although some components
More informationComponents- Based Access Control Architecture
Issue s in Informing Science and Information Technology Volume 6, 2009 Components- Based Access Control Architecture Adesina S. Sodiya and Adebukola S. Onashoga Department of Computer Science, University
More informationWhite paper. Implications of digital certificates on trusted e-business.
White paper Implications of digital certificates on trusted e-business. Abstract: To remain ahead of e-business competition, companies must first transform traditional business processes using security
More informationDocument Management Getting Started Guide
Document Management Getting Started Guide Version: 6.6.x Written by: Product Documentation, R&D Date: February 2011 ImageNow and CaptureNow are registered trademarks of Perceptive Software, Inc. All other
More informationMeta Model Based Integration of Role-Based and Discretionary Access Control Using Path Expressions
Meta Model Based Integration of Role-Based and Discretionary Access Control Using Path Expressions Kathrin Lehmann, Florian Matthes Chair for Software Engineering for Business Information Systems Technische
More informationInformation Security Basic Concepts
Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationHIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics
HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical
More informationSecurity (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012
Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret
More informationX.509 Certificate Revisited
X.509 Certificate Revisited Tohari Ahmad Informatics Department, Faculty of Information Technology - FTIF, ITS Surabaya Email: tohari@its-sby.edu Abstract A digital certificate is used for identifying
More informationCloud Information Accountability Framework for Auditing the Data Usage in Cloud Environment
International Journal of Computational Engineering Research Vol, 03 Issue, 11 Cloud Information Accountability Framework for Auditing the Data Usage in Cloud Environment D.Dhivya 1, S.CHINNADURAI 2 1,M.E.(Cse),
More information7 Key Management and PKIs
CA4005: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 7 Key Management and PKIs 7.1 Key Management Key Management For any use of cryptography, keys must be handled correctly. Symmetric keys must be kept secret.
More informationORACLE DATABASE SECURITY. Keywords: data security, password administration, Oracle HTTP Server, OracleAS, access control.
ORACLE DATABASE SECURITY Cristina-Maria Titrade 1 Abstract This paper presents some security issues, namely security database system level, data level security, user-level security, user management, resource
More informationDistributed Attribute Based Encryption for Patient Health Record Security under Clouds
Distributed Attribute Based Encryption for Patient Health Record Security under Clouds SHILPA ELSA ABRAHAM II ME (CSE) Nandha Engineering College Erode Abstract-Patient Health Records (PHR) is maintained
More informationExpressive, Efficient, and Revocable Data Access Control for Multi-Authority Cloud Storage
Expressive, Efficient, and Revocable Data Access Control for Multi-Authority Cloud Storage Abstract: Cloud computing is one of the emerge technologies. To protect the data and privacy of users the access
More informationValidity Models of Electronic Signatures and their Enforcement in Practice
Validity Models of Electronic Signatures and their Enforcement in Practice Harald Baier 1 and Vangelis Karatsiolis 2 1 Darmstadt University of Applied Sciences and Center for Advanced Security Research
More informationESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0
ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0 June 30, 2004 Table of Contents Table of Contents...2 1 Introduction...3 1.1 Overview...3 1.1.1 General Definitions...4
More informationCopyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 15.1
Chapter 15 Key Management Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 15.1 Symmetric-key Distribution Symmetric-key cryptography is more efficient than asymmetric-key
More informationAuthentication Applications
Authentication Applications will consider authentication functions developed to support application-level authentication & digital signatures will consider Kerberos a private-key authentication service
More informationCloud-based Identity and Access Control for Diagnostic Imaging Systems
Cloud-based Identity and Access Control for Diagnostic Imaging Systems Weina Ma and Kamran Sartipi Department of Electrical, Computer and Software Engineering University of Ontario Institute of Technology
More informationCertification Report
Certification Report EAL 4+ Evaluation of Entrust Authority Security Manager and Security Manager Administration v8.1 SP1 Issued by: Communications Security Establishment Canada Certification Body Canadian
More informationTHE IMPACT OF INHERITANCE ON SECURITY IN OBJECT-ORIENTED DATABASE SYSTEMS
THE IMPACT OF INHERITANCE ON SECURITY IN OBJECT-ORIENTED DATABASE SYSTEMS David L. Spooner Computer Science Department Rensselaer Polytechnic Institute Troy, New York 12180 The object-oriented programming
More informationEnabling SSL and Client Certificates on the SAP J2EE Engine
Enabling SSL and Client Certificates on the SAP J2EE Engine Angel Dichev RIG, SAP Labs SAP AG 1 Learning Objectives As a result of this session, you will be able to: Understand the different SAP J2EE Engine
More information