Call Girls Patiala Just Call 9907093804 Top Class Call Girl Service Available
Risk and Credentials based Access Control
1. RISK-AWARE INTEGRITY MANAGEMENT FRAMEWORK
FOR DISTRIBUTED HEALTHCARE SYSTEMS
Aastha Madaan
Research Fellow, WSL, IIIT-B
※ Research work done as a part of Work Package – 3 of the TRUMP Project [2]
Collaborative Healthcare Setup
Appointments/
Patient information
Pathology
Results
Treatment/Procedures/
Problem Lists
Nursing
Notes
EHR
2. TRUMP: REQUIREMENTS
o Collaborating & Heterogeneous Care
providers and receivers
2
Self-Intervention for Chronic Illnesses
Multi-agency Care
Disjoint/distributed
agencies
Limited Resources
CHALLENGES
o Unit of Exchange of Health Information EHRs TRUMP Unit
Subjective
UtilityBounded
Validity
Interrelated
Utility
Divergent
Aggregation
3. TRUMP UNIT
Attributes
RecordId PName Age Sex Version_id
Data
Imported Worlds and Participation
Organization Treatment Person Person ……
…
Primary care
Provider
Therapy Physician Specialist ……
…
DISTRIBUTED KNOWLEDGE REPRESENTATION
FRAMEWORK
3
• Many Worlds on a Frame (MWF) Knowledge Representation framework proposed in [3], [5]
EHR UoD
Schema
4. AN EXAMPLE (1)
* Screenshots Source: MTech Students - TRUMP Project
10. RISK-AWARE INTEGRITY MANAGEMENT
Integrating “Trust” and “Risk” measures with earlier proposed
Credentials based Access Control (CBAC) [4]
Flexible, bottom-up approach
Associate policies based on user credentials
Define Risk and Trust Measures
11. INTEGRATING TRAAC AND CBAC (1)
Access control Agnostic to actual end-users
Zoned Policy Model [TRAAC] Zoned Privilege Packages
11
share
deny
readu
reads
undefined
o Type of Requests Read & Share
o Data Object Policy Zones assigned
o Risk Request & Trust Requestor
o Types of Trust Obligation & Sharing
Hospital X
Department
of Health
Health-care
Providers
Association
Role: Heart Specialist
Role: Secretary
Role: President
12. 12
TRAAC approach Misses CONTEXT during Trust Update
E.g in Which context was the particular violation made
TRAAC+ CBAC MWF captures the context of a given interaction
Visibility of Policies Critical to avoid unintentional violation
TRAAC+CBAC Policy viewed as a Data Element
Credentials of a user participation set
Credentials Privilege Package View applicable policies
Update of Sharing and Obligation based Trust
Assignment of Sensitivity Category Information
INTEGRATING TRAAC AND CBAC (2)
13. ASSOCIATING TRUST
Trust Probability with which a Privilege Package is entrusted to a world
Privilege package Assertion1, Assertion2, Assertion3,…., Assertionn
Assertion Set of role(Type, Location)
Trust value Aggregation of trust values associated with each role in a the
user’s participation set
Trust across system elements
User trust in system Privacy of Information
System trust in users Authenticated information
Trust between users History of Events
Evaluating trust Risk Mitigation Strategy Obligations to be performed in
a given domain
Sharing Trust & Obligation Trust 13
14. ASSOCIATING RISK
Risk Probability with which a data-access is granted to a World
with a Stakeholder with a Privilege Package, P
Assign Sensitivity category to Worlds
Calculate Loss sustained due to access
Undesirable Events Fake credentials of a user
Illegitimate access made by user
Risk Score = Loss * Probability of Undesirable Events
Risk Domain Type and Location of a World
Risk Mitigation Strategy ?
14
Allow
Deny
Access based
On Risk
15. CONCERNS
Emergency Access Bypassing Access Rules
Patient Owner of data or subject of data
Modelling stakeholder as a data element answer this?
Complex Information Flows Involve Delegation
Responsibility
Update Trust
15
Quantification of Risk and Trust
Revocation of Privilege Packages Boundary conditions
Risk & Trust
Risk Mitigation Strategies and Obligation Trust Delegation
Visualization of Risk Access granted to a stakeholder
16. REFERENCES
1. Burnett, C., Chen, L., Norman, T.~J. and Edwards, P. (2014). TRAAC: Trust and Risk Aware
Access Control. Proceedings of the 12th Annual Conference on Privacy, Security and Trust
(PST2014), Toronto, Canada.
2. Burnett, C., Edwards, P., Norman, T. J., Chen, L., Rahulamathavan, Y., Jaffray, M., & Pignotti,
E. (2013). TRUMP: A Trusted Mobile Platform for Self-management of Chronic Illness in
Rural Areas. In Trust and Trustworthy Computing (pp. 142-150). Springer Berlin Heidelberg.
3. Chinmay Jog, Sweety Agrawal, Srinath Srinivasa. Distributing a Trust Framework for
Utilitarian Data Exchanges in Inter-Organizational Collaborations. Proceedings of the Second
ACM iKDD Conference on Data Sciences (CoDS 2015), March 2015, Bangalore, India.
4. Sweety Agrawal, Chinmay Jog, Srinath Srinivasa. Integrity Management in a Trusted
Utilitarian Data Exchange Platform. Proceedings of the 13th International Conference on
Ontologies, Databases and Applications of Semantics (ODBASE 2014), Amantea, Italy,
October 2014.
5. Srinath Srinivasa, Sweety Agrawal, Chinmay Jog and Jayati Deshmukh. Characterizing Open
Utilitarian Knowledge. Proceedings of the First IKDD Conference on Data Sciences (CoDS
2014), New Delhi, India, March 2014.
16