A PHR system with policy-based fine-grained access control and revocation mechanism

Collaborative sharing of information is becoming much more needed technique to achieve complex goals in today's fast-paced tech-dominant world. Personal Health Record (PHR) system has become a popular research area for sharing patients informa- tion very quickly among health professionals. PHR systems store and process sensitive information, which should have proper security mechanisms to protect patients' private data. Thus, access control mechanisms of the PHR should be well-defined. Secondly, PHRs should be stored in encrypted form. Cryptographic schemes offering a more suitable solution for enforcing access policies based on user attributes are needed for this purpose. Attribute-based encryption can resolve these problems, we propose a patient-centric framework that protects PHRs against untrusted service providers and malicious users. In this framework, we have used Ciphertext Policy Attribute Based Encryption scheme as an efficient cryptographic technique, enhancing security and privacy of the system, as well as enabling access revocation. Patients can encrypt their PHRs and store them on untrusted storage servers. They also maintain full control over access to their PHR data by assigning attribute-based access control to selected data users, and revoking unauthorized users instantly. In order to evaluate our system, we implemented CP-ABE library and web services as part of our framework. We also developed an android application based on the framework that allows users to register into the system, encrypt their PHR data and upload to the server, and at the same time authorized users can download PHR data and decrypt it. Finally, we present experimental results and performance analysis. It shows that the deployment of the proposed system would be practical and can be applied into practice.

Acting on impulse: using the neuroscience of impulse control to improve the law

This thesis investigates the potential legal utility of neurotechnologies which measure correlates of impulsive behaviors. Chapter 1 explains my philosophical position and how this position compares to others in the field. Chapter 2 explores some of the technical concepts which must be understood for the discussion of neurotechnologies and their applications to be fruitful. These chapters will be important for both explaining the capabilities of a neuroscientific approach to neural abnormalities as well as how they relate to the kind of regulation in which the law is engaged. The purpose of Chapter 3 will be a descriptive account of Canadian law where I will begin to explore how to apply ideas and experiments from neuroscience to specific areas of law. Chapter 3 will look at actual examples of Canadian criminal law and will span topics from the creation of law to the construction of appropriate sentences. Chapter 4 will debate if and how we should apply the neuroscientific perspective to the law given the ethical concerns surrounding the applications described in Chapter 3. The thrust of the chapter is that the development of the law does not occur in a vacuum and any alteration either to the laws themselves, how they are interpreted, or the technologies used to provide evidence, must have an ethical justification, that is, a way in which the proposed change will better meet the needs of society and the ethical objectives of the law. Sometimes these justifications can be drawn directly from constitutional documents, such as the Charter, or from the Criminal Code, while at other times these justifications depend upon arguments about furthering meaningful responsibility and therapeutic outcomes.