Developing Trustworthy Database Systems for Medical Care includes about Security and Safety of Medical Care Environment; Access Control; Using Trust and Roles for Access Control; Classification Algorithm for Access Control to Detect Malicious Users.
Trang 1Developing Trustworthy Database
Systems for Medical Care
This research is supported by CERIAS and NSF grants from ANIR & IIS.
Trang 2Security and Safety of Medical Care
Environment
• Objectives
– Safety of patients
– Safety of hospital and clinic
– Security of medical databases
• Issues
– Medical care environments are vulnerable to malicious behavior, hostile settings, terrorism attacks, natural disasters, tampering
– Reliability, security, accuracy can affect timeliness and precision of
information for patient monitoring
– Collaboration over networks among physicians/nurses, pharmacies, emergency personnel, law enforcement agencies, government and
community leaders should be secure, private, reliable, consistent,
correct and anonymous
Trang 3Security and Safety of Medical Care
Environment – cont.
• Measures
– Number of incidents per day in patient room, ward, or hospital
– Non-emergency calls to nurses and doctors due to malfunctions, failures, or intrusions
– False fire alarms, smoke detectors, pagers activation
– Wrong information, data values, lost or delayed messages
– Timeliness, accuracy, precision
Trang 4Access Control
• From Yuhui
– a flaw
Information System
Auth
Users
Other Users
Access Control Mechanism
• Authorized Users
– Validated credentials AND – Cooperative and legitimate behavior history
• Other Users
– Lack of required credentials OR – Non-cooperative or malicious behavior history
Trang 5• Approach: trust- and role-based access control
– cooperates with traditional Role-Based Access Control (RBAC)
– authorization based on evidence, trust, and roles (user profile analysis)
Using Trust and Roles for Access Control
users’
behaviors
credential mgmt
roleassignment policies specified
by system administrators
assigned roles
credentials provided by third parties or retrieved from the internet
role assignment
evidence statement
evidence statement, reliability
evidence evaluation issuer’s trust
user/issuer information database
user’s trust
trust information mgmt
Architecture of TERM Server
Component implemented Component partially implemented
user
Trust Enhanced
RoleMapping
Server
Send roles
RBAC enhanced Web Server
Request roles
Trang 6Training Phase – Build Clusters
Input: Training audit log record [X1, X2 ,…,Xn,
Role], where X1,,…,Xn are attribute values, and
Role is the role held by the user
Output: A list of centroid representations of
clusters [M1, M2 ,…, Mn, pNum, Role]
Step 1: for every role R i , create one cluster C i
C i .role = R i
for every attribute M k:
Step 2: for every training record Rec i calculate
its Euclidean distance from existing clusters
find the closest cluster C min
if C min .role = Rec i .role
then reevaluate the attribute values
else create new cluster C j
C j .role = Rec i .role
for every attribute M k: C j .M k = Rec i .M k
Classification Phase – Detect Malicious Users
Input: cluster list, audit log record rec for every cluster C i in cluster list
calculate the distance between Rec and C i
find the closest cluster C min
if C min .role = Rec.role
then return else raise alarm
Experimental Study: Accuracy of Detection
• Accuracy of detection of malicious users by the classification algorithm ranges from 60% to 90
• 90% of misbehaviors can be identified in a friendly
environment (in which fewer than 20% of behaviors
are malicious)
• 60% of misbehaviors can be identified in an
unfriendly environment (in which at least 90% of
behaviors are malicious)
i
i r role R R
role
k
Classification Algorithm for Access Control
to Detect Malicious Users
Trang 7Defining role assignment policies Loading evidence for role assignment
Software: http://www.cs.purdue.edu/homes/bb/NSFtrust.html
Prototype TERM Server for Access Control
Trang 8Integrity Checking Systems
• Integrity Assertions (IAs)
– Predicates on values of database items
• Examples
– Coordinate shift in a Korean plane shot down by U.S.S.R
• IAs could have detected the error – Human error: potassium result of 3.5 reported to ICU as 8.5
• IAs caught the error
• Types of IAs
– Allowable value range (e.g.: K_level [3.0, 5.5], patient_age > 16)
– Relationships to values of other data (e.g.: Wishard_blood_test_results(CBC,
electrol.) consistent_with Methodist_blood_test_results(CBC, electrol.) )
– Conditional value (e.g.: IF patient_on(dyzide) THEN K_trend = “decreasing”)
• Triggers
– For surveillance of medical data and generating suggestions for doctors
Trang 9Privacy and Anonymity
• Privacy
– Protecting sensitive data from unauthorized access
• Health Insurance Portability and Accountability Act (HIPAA)
• patients rights to request a restriction or limitation on the disclosure
of protected health information (PHI)
• staff rights
• Anonymity
– Protecting identity of the source of data
Trang 10Preserving Privacy and Anonymity for Information Integration - Examples
• Example 1: Integration of hospital databases into research database
– HospitalDB1 – Mr Smith coded as “A” (for anonymity)
– Hospital DB2 – Mr Smith coded as “B”
– Research DB12 – assure that “A” = “B”
• Example 2: DB access
– DB should not capture what User X did (anonymity)
– User X should not know more data in DB than needed (privacy)
Trang 11Privacy and Security of Network and
Computer Systems
• Integrity and correctness of data
• Privacy of patient records and identification
• Protect against changes to patient records or treatment plan
• Protect against disabling monitoring devices, switching off/crashing computers, flawed software, disabling messages
• Decrypting traffic, injection of new traffic, attacks from jamming devices
Trang 12Applications
Policy making
Formal models
Negotiation
Network security
Anonymity
Access control
Information hiding
Data mining
System monitoring
Data provenance
Fraud
Biometrics
Integrity
Trang 13Emerging Technologies:
Sensors and Wireless Communications
• Challenge: develop sensors that detect and
monitor violations in medical care environment before a threat to life occurs
– Bio sensors to detect anthrax, viruses, toxins, bacteria
• chips coated with antibodies that attract a specific biological agent – Ion trap mass spectrometer
• aids in locating fingerprints of proteins to detect toxins or bacteria – Neutron-based detectors
• detect chemical, and nuclear materials – Electronic sensors, wireless devices
Trang 14Sensors in a Patient’s Environment
• Safety and Security in Patient’s Room
– Monitor the entrance and access to a patient’s room
– Monitor activity patterns of devices connected to a patient
– Protect patients from neglect, abuse, harm, tampering, movement outside the safety zone
– Monitor visitor clothing to guarantee hygiene and prevention of infections
• Safety and Security of the Hospital
– Monitor temperature, humidity, air quality
– Identify obstacles for mobile stretchers
– Protect access to FDA controlled products, narcotics, and special drugs
– Monitor tampering with medicine, fraud in prescriptions
– Protect against electromagnetic attacks, power outages, and discharge of biological agents
Trang 15Research at Purdue
Institute for Health Care, Indiana U School of Medicine
• Web Site: http://www.cs.purdue.edu/homes/bb/
NSF, Cisco, Motorola, DARPA
1 B Bhargava and Y Zhong, "Authorization Based on Evidence and Trust", in Proc
of Data Warehouse and Knowledge Management Conference (DaWaK), Sept
2002
2 E Terzi, Y Zhong, B Bhargava, Pankaj, and S Madria, "An Algorithm for Building
User-Role Profiles in a Trust Environment", in Proc of DaWaK, Sept 2002
3 A Bhargava and M Zoltowski, “Sensors and Wireless Communication for Medical
Care,” in Proc of 6 th Intl Workshop on Mobility in Databases and Distributed Systems (MDDS), Prague, Czech Republic, Sept 2003.
4 B Bhargava, Y Zhong, and Y Lu, "Fraud Formalization and Detection", in Proc of
DaWaK, Prague, Czech Republic, Sept 2003