Authorization schema for electronic health-care records : For Uganda

Fernández, Alexis Martínez

January 2012

This master’s thesis project began at the Karolinska University Hospital. This thesis discusses how to design an authorization schema focused on ensuring each patient’s data privacy within a hospital information system. It begins with an overview of the current problem, followed by a review of related work. The overall project’s goal is to create and evaluate an authorization schema that can ensure each patient’s data confidentiality. Authorization has currently become a very important aspect in information systems, to the point of being a necessity when implementing a complete system for managing access control in certain complex environments. This requirement lead to the approach that this master thesis takes for effectively reasoning about authorization requests in situations where a great number of parameters could affect the access control assessment. This study is part of the ICT4MPOWER project developed in Sweden by both public and private organizations with the objective of improving health-care aid in Uganda through the use of information and communication technologies.  More concretely, this work defines an authorization schema that can cope with the increasing needs of sophisticated access control methods where a complex environment exists and policies require certain flexibility. / Detta examensarbete projektet startade vid Karolinska Universitetssjukhuset. Denna avhandling diskuterar hur man designar ett tillstånd schema fokuserat på att säkerställa varje patients dataskydd inom ett sjukhus informationssystem. Det börjar med en översikt över det aktuella problemet, följt av en genomgång av arbete. Projektets övergripande mål är att skapa och utvärdera ett tillstånd schema som kan garantera varje patient data sekretess. Bemyndigande har för närvarande blivit en mycket viktig aspekt i informationssystem, till den grad att vara nödvändigt att genomföra komplett system för hantering av åtkomstkontroll i vissa komplexa miljöer. Detta är i själva verket den strategi som detta examensarbete tar för att effektivt resonemang om en ansökan om godkännande i situationer där ett stort antal parametrar kan påverka i åtkomstkontroll bedömningen. Denna studie är en del av ICT4MPOWER projektet utvecklades i Sverige av både offentliga och privata organisationer i syfte att förbättra stödet sjukvård i Uganda med användning av informations-och kommunikationsteknik.<p> Mer konkret definierar detta arbete ett tillstånd schema som kan hantera de ökande behoven av sofistikerade metoder för åtkomstkontroll där en komplex miljö finns och politik kräver en viss flexibilitet.

authorization

access control

electronic health record

Communication Systems

Kommunikationssystem

Policy Management in Context-Aware Networks

Bhatia, Nupur

January 2007

The Ambient Network (AN) Project is part of the European Commission’s 6th Framework Programme and aims to enable cooperation between heterogeneous networks, using current and future wireless technologies, minimising the effort of mobile users to gain access to the services that they are interested in - irrespective of their location or the network they are currently using. Because of the highly mobile nature of users and a demand for instant and dynamic access to services, these networks have to be composed ‘on the fly’ without any pre-configurations. The use of context information in AN can remove the need for pre-configuration of networks, hence making them autonomic. However, a concern exists that the free and uncontrolled dissemination of context information could breech the privacy of the participants. It is extremely important to address these privacy issues in order to control who has access to what context information. This control can be achieved through the use of well defined policies. This creates a requirement for a framework in the ContextWare architecture for protecting context information. This masters thesis project is part of an effort to create a policy based infrastructure for authorisation of access to network context information within the AN. The thesis investigates, models, and designs an architecture for a policy management system based on OASIS XACML, that creates an extension to the architecture for management of context information in the AN. In addition to a policy management architecture within an AN, a policy management architecture for composing ANs is also created. To facilitate the transfer of requests and policies, the thesis creates a Policy Management Protocol. The designed architecture was then implemented to create a proof of concept. The designed architecture and protocol were evaluated by running tests on the prototype. The measurements from the tests are analysed and presented in this thesis. The analysis of the experimental data indicates that a policy management system is both feasible and practical. The results show that the delay overhead caused by introducing policy management in a distributed context provisioning system, ranges from 1.7% in a system without load to 6% in a worst case scenario. The throughput of the policy management system is 15 requests per second under load. / Ambient Network är ett EU-finansierat project inom det 6:e ramprogrammet.Projektets mål är att möjliggöra samarbete mellan heterogena nätverk, som använderbåde dagens men även framtidens trådlösa teknologier, för att minimeraslutanvändarens insats för att nå den tjänst de är intresserade av – oberoende av platseller vilket nätverk de använder. På grund av den stora delen av mobila användaresom kräver omedelbar och dynamisk tillgång till tjänster måste dessa nätverk gåsamman ’on the fly’ utan tidigare konfigurering.Användningen av context information i Ambient Networks kan elmininera behovet avförkonfigurering av nätverk, följaktligen blir de då autonoma. Dock, ett problem somuppkommer med detta är att den fria och okontrollerade spridningen av contextinformation bryter integriteten för deltagarna. Det är väldigt viktigt att ta itu med dettaproblem för att kunna kontrollera vilka som har tillgång till vilken contextinformation. Den här kontrollen kan uppnås genom väldefinierade policies. Dettaskapar ett behov av ett ramverk inom ContextWare arkitekturen för att skydda dentillgängliga context informationen. Den här uppsatsen är en del i ansträngningen att skapa en policy baserad infrastrukturför attestering av tillgång till context information inom Ambient Networks. Uppsatsenundersöker och designar en arkitektur för ett policy handhavande system som ärbaserat på OASIS XACML, den bygger vidare på arkitekturen för handhavande avcontext information i Ambient Networks. Utöver policy hantering inom ett ambientnetwork skapas också policy hantering mellan ambient networks när de förenas. Denframtagna arkitekturen är därefter implementerad för att visa på konceptets hållbarhet. En sammanslagning av två policy handhavande system när två nätverk slås ihop ärbehandlat endast i teorin, det är inte implementerat. Designen utvärderas genom att köra test på den implementerade versionen ochdärefter analysera och visa resultaten i rapporten. Dessa test innehåller mätningar avfördröjningen av en enda begäran samt flera, responstiden i ett system med policyhanteringjämfört med utan samt prestandan i ett policy-hanteringssystem med en litenmängd policies jämfört med en större mängd policies.

Policy management

access control

context

OASIS XACML

Communication Systems

Kommunikationssystem

IoMT AUTHENTICATION AND AUTHORIZATION ACCESS CONTROL BASED ON MULTIPARTY TRUST NEGOTIATION

Allouzi, Maha Ali

19 April 2022

No description available.

Computer Science

Moving Beyond Regulatory Mechanisms: A Typology of Internet Control Regimes

Hunt, Richard Reid

21 March 2014

This paper examines national Internet control from a policy regime perspective. The mechanisms through which governments attempt to control the Internet may be developed and implemented by different institutions and agencies, or fall outside of a formal regulatory structure entirely. As such, the totality of the institutions and practices of national Internet control is better conceptualized not as a regulatory regime, but as a control regime. After a survey of the critical policy and control dimensions, a six-part typology of control regimes is proposed. The purpose of this study and typology is exploratory. With comparative research about Internet control regimes at a relatively early stage, this paper aims to enable the formation of concepts and hypotheses about the interrelationship, or co-presence, of key distinguishing variables in different Internet control regimes.

Internet Law

Multi-Dimensional Identification of Vulnerable Access Control in Mobile Applications

Chaoshun, Zuo

January 2020

No description available.

Computer Science

Red Door: Firewall Based Access Control in ROS

Shen, Ziyi

12 1900

ROS is a set of computer operating system framework designed for robot software development, and Red Door, a lightweight software firewall that serves the ROS, is intended to strengthen its security. ROS has many flaws in security, such as clear text transmission of data, no authentication mechanism, etc. Red Door can achieve identity verification and access control policy with a small performance loss, all without modifying the ROS source code, to ensure the availability and authentication of ROS applications to the greatest extent.

Firewall

Computer Science

Trust Negotiation for Open Database Access Control

Porter, Paul A.

09 May 2006

Hippocratic databases are designed to protect the privacy of the individuals whose personal information they contain. This thesis presents a model for providing and enforcing access control in an open Hippocratic database system. Previously unknown individuals can gain access to information in the database by authenticating to roles through trust negotiation. Allowing qualified strangers to access the database increases the usefulness of the system without compromising privacy. This thesis presents the design and implementation of two methods for filtering information from database queries. First, we extend a query modification method for use in an open database system. Second, we introduce a novel filtering method that overcomes some limitations of the query modification method. We also provide results showing that the two methods have comparable performance that is suitable for interactive response time with our sample data set.

trust negotiation

database

access control

Hippocratic database

privacy

Computer Sciences

Cascading permissions policy model for token-based access control in the web of things

Amir, Mohammad, Pillai, Prashant, Hu, Yim Fun

January 2014

No / The merger of the Internet of Things (IoT) with cloud computing has given birth to a Web of Things (WoT) which hosts heterogeneous and rapidly varying data. Traditional access control mechanisms such as Role-Based Access schemes are no longer suitable for modelling access control on such a large and dynamic scale as the actors may also change all the time. For such a dynamic mix of applications, data and actors, a more distributed and flexible model is required. Token-Based Access Control is one such scheme which can easily model and comfortably handle interactions with big data in the cloud and enable provisioning of access to fine levels of granularity. However, simple token access models quickly become hard to manage in the face of a rapidly growing repository. This paper proposes a novel token access model based on a cascading permissions policy model which can easily control interactivity with big data without becoming a menace to manage and administer.

A Flexible Role-Based Delegation Model and Its Application in Healthcare InformationSystem

Liu, Zidong

27 November 2013

No description available.

Computer Science

IMERS: An Interactive Medical Records System

Garner, Mary A.

01 January 1982

As computer printouts replace handwritten and typewritten information in a Medical Records department, it becomes more advantageous for the Registered Records Administrator (RRA) to learn how to interact with a computer terminal. Computer applications in the Medical Records field increase the availability and accessibility of patient information. The Medical Records System discussed in this paper has been adapted by the Medical Records department of the College of Health Sciences of the University of Central Florida as a tool for demonstrating the relationship between the computer and the successful management of medical records. This system will provide hands on experience to all medical records students. It has the capability of adding, deleting or changing the medical records of patients on the Master Patient Index and the Patient Master File. Statistics are calculated and reports are generated monthly or on request for areas of particular interest, such as Payment Source, Discharge Analysis, and Utilization Review. These reports help analyze the effectiveness of specific treatment and the flow rate of patients. As improvements become necessary, the system will be modified to reflect any new requirements in the medical records field.

Medical records -- Access control

Medical records -- Data processing

Engineering