Series
CERCS Technical Report Series
CERCS Technical Report Series
Permanent Link
Series Type
Publication Series
Description
Associated Organization(s)
Associated Organization(s)
Organizational Unit
3 results
Publication Search Results
Now showing
1 - 3 of 3
-
ItemDetection of Conflicts and Inconsistencies in Taxonomy-based Authorization Policies(Georgia Institute of Technology, 2011) Mohan, Apurva ; Blough, Douglas M. ; Kurc, Tahsin ; Post, Andrew ; Saltz, JoelThe values of data elements stored in biomedical databases often draw from biomedical ontologies. Authorization rules can be defined on these ontologies to control access to sensitive and private data elements in such databases. Authorization rules may be specified by different authorities at different times for various purposes, and as such policy rules may conflict with each other, inadvertently allowing access to sensitive information. Detecting policy conflicts is nontrivial because it involves identification of applicable rules and detecting conflicts among them dynamically during execution of data access requests. It also requires dynamically verifying conformance with required policies and logging relevant information about decisions for audit. Another problem in biomedical data protection is inference attacks, in which a user who has legitimate access to some data elements is able to infer information related to other data elements. This type of inadvertent data disclosure should be prevented by ensuring policy consistency; that is, data elements which can lead to inference about other data elements should be protected by the same level of authorization policies as the other data elements. We propose two strategies; one for detecting policy consistencies to avoid potential inference attacks and the other for detecting policy conflicts. We have implemented these algorithms in Java language and evaluated their execution times experimentally.
-
ItemRedactable Signatures on Data with Dependencies(Georgia Institute of Technology, 2009) Bauer, David ; Blough, Douglas M. ; Mohan, ApurvaThe storage of personal information by service providers entails a significant risk of privacy loss due to data breaches. One way to mitigate this problem is to limit the amount of personal information that is provided. Our prior work on minimal disclosure credentials presented a computationally efficient mechanism to facilitate this capability. In that work, personal data was broken into individual claims, which could be released in arbitrary subsets while still being cryptographically verifiable. In expanding the applications for that work, we encountered the problem of connections between different claims, which manifest as dependencies on the release of those claims. In this new work, we provide an efficient way to provide the same selective disclosure, but with cryptographic enforcement of dependencies between claims, as specified by the certifier of the claims. This constitutes a mechanism for redactable signatures on data with release dependencies. Our scheme was implemented and benchmarked over a wide range of input set sizes, and shown to verify thousands of claims in tens to hundreds of milliseconds. We also describe ongoing work in which the approach is being used within a larger system for holding and dispensing personal health records.
-
ItemA Patient-centric, Attribute-based, Source-verifiable Framework for Health Record Sharing(Georgia Institute of Technology, 2009) Mohan, Apurva ; Bauer, David ; Blough, Douglas M. ; Ahamad, Mustaque ; Bamba, Bhuvan ; Krishnan, Ramkumar ; Liu, Ling ; Mashima, Daisuke ; Palanisamy, BalajiThe storage of health records in electronic format, and the wide-spread sharing of these records among different health care providers, have enormous potential benefits to the U.S. healthcare system. These benefits include both improving the quality of health care delivered to patients and reducing the costs of delivering that care. However, maintaining the security of electronic health record systems and the privacy of the information they contain is paramount to ensure that patients have confidence in the use of such systems. In this paper, we propose a framework for electronic health record sharing that is patient centric, i.e. it provides patients with substantial control over how their information is shared and with whom; provides for verifiability of original sources of health information and the integrity of the data; and permits fine-grained decisions about when data can be shared based on the use of attribute-based techniques for authorization and access control. We present the architecture of the framework, describe a prototype system we have built based on it, and demonstrate its use within a scenario involving emergency responders' access to health record information.