Date post: | 09-Feb-2017 |
Category: |
Healthcare |
Upload: | aastha-madaan |
View: | 24 times |
Download: | 1 times |
RISK-AWARE INTEGRITY MANAGEMENT FRAMEWORK
FOR DISTRIBUTED HEALTHCARE SYSTEMS
Aastha MadaanResearch Fellow, WSL, IIIT-B
※ Research work done as a part of Work Package – 3 of the TRUMP Project [2]
Collaborative Healthcare Setup
Appointments/Patient information
Pathology Results
Treatment/Procedures/Problem Lists
Nursing Notes
EHR
TRUMP: REQUIREMENTS
o Collaborating & Heterogeneous Care
providers and receivers
2
Self-Intervention for Chronic Illnesses
Multi-agency Care
Disjoint/distributed agencies
Limited Resources
CHALLENGES
o Unit of Exchange of Health Information EHRs TRUMP Unit
Subjective UtilityBounded
Validity
Interrelated Utility
Divergent Aggregation
TRUMP UNITAttributesRecordId PName Age Sex Version_id
Data
Imported Worlds and ParticipationOrganization Treatment Person Person ……
…Primary care
ProviderTherapy Physician Specialist ……
…
DISTRIBUTED KNOWLEDGE REPRESENTATION FRAMEWORK
3
• Many Worlds on a Frame (MWF) Knowledge Representation framework proposed in [3], [5]
EHR UoD
Schema
AN EXAMPLE (1)
* Screenshots Source: MTech Students - TRUMP Project
AN EXAMPLE (2)
5
AN EXAMPLE (3)
6
AN EXAMPLE (4)
7
AN EXAMPLE (5)
8
AN EXAMPLE (6)
9
RISK-AWARE INTEGRITY MANAGEMENT
Integrating “Trust” and “Risk” measures with earlier proposed
Credentials based Access Control (CBAC) [4]
Flexible, bottom-up approach
Associate policies based on user credentials
Define Risk and Trust Measures
INTEGRATING TRAAC AND CBAC (1) Access control Agnostic to actual end-users Zoned Policy Model [TRAAC] Zoned Privilege Packages
11
share
deny
readu
reads
undefined
o Type of Requests Read & Share
o Data Object Policy Zones assigned
o Risk Request & Trust Requestor
o Types of Trust Obligation & Sharing
Hospital X
Department of Health
Health-care Providers
Association
Role: Heart Specialist
Role: Secretary
Role: President
12
TRAAC approach Misses CONTEXT during Trust Update
E.g in Which context was the particular violation made
TRAAC+ CBAC MWF captures the context of a given interaction
Visibility of Policies Critical to avoid unintentional violation
TRAAC+CBAC Policy viewed as a Data Element
Credentials of a user participation set
Credentials Privilege Package View applicable policies
Update of Sharing and Obligation based Trust
Assignment of Sensitivity Category Information
INTEGRATING TRAAC AND CBAC (2)
ASSOCIATING TRUST Trust Probability with which a Privilege Package is entrusted to a world
Privilege package Assertion1, Assertion2, Assertion3,…., Assertionn
Assertion Set of role(Type, Location)
Trust value Aggregation of trust values associated with each role in a the
user’s participation set
Trust across system elements
User trust in system Privacy of Information
System trust in users Authenticated information
Trust between users History of Events
Evaluating trust Risk Mitigation Strategy Obligations to be performed in a
given domain Sharing Trust & Obligation Trust 13
ASSOCIATING RISK
Risk Probability with which a data-access is granted to a World with
a Stakeholder with a Privilege Package, P
Assign Sensitivity category to Worlds
Calculate Loss sustained due to access
Undesirable Events Fake credentials of a user
Illegitimate access made by user
Risk Score = Loss * Probability of Undesirable Events
Risk Domain Type and Location of a World
Risk Mitigation Strategy ?
14
Allow
Deny
Access based On Risk
CONCERNS Emergency Access Bypassing Access Rules
Patient Owner of data or subject of data
Modelling stakeholder as a data element answer this?
Complex Information Flows Involve Delegation
Responsibility
Update Trust
15
Quantification of Risk and Trust
Revocation of Privilege Packages Boundary conditions Risk
& Trust
Risk Mitigation Strategies and Obligation Trust Delegation
Visualization of Risk Access granted to a stakeholder
REFERENCES1. Burnett, C., Chen, L., Norman, T.~J. and Edwards, P. (2014). TRAAC: Trust and Risk Aware
Access Control. Proceedings of the 12th Annual Conference on Privacy, Security and Trust (PST2014), Toronto, Canada.
2. Burnett, C., Edwards, P., Norman, T. J., Chen, L., Rahulamathavan, Y., Jaffray, M., & Pignotti, E. (2013). TRUMP: A Trusted Mobile Platform for Self-management of Chronic Illness in Rural Areas. In Trust and Trustworthy Computing (pp. 142-150). Springer Berlin Heidelberg.
3. Chinmay Jog, Sweety Agrawal, Srinath Srinivasa. Distributing a Trust Framework for Utilitarian Data Exchanges in Inter-Organizational Collaborations. Proceedings of the Second ACM iKDD Conference on Data Sciences (CoDS 2015), March 2015, Bangalore, India.
4. Sweety Agrawal, Chinmay Jog, Srinath Srinivasa. Integrity Management in a Trusted Utilitarian Data Exchange Platform. Proceedings of the 13th International Conference on Ontologies, Databases and Applications of Semantics (ODBASE 2014), Amantea, Italy, October 2014.
5. Srinath Srinivasa, Sweety Agrawal, Chinmay Jog and Jayati Deshmukh. Characterizing Open Utilitarian Knowledge. Proceedings of the First IKDD Conference on Data Sciences (CoDS 2014), New Delhi, India, March 2014. 16