292 resultados para Medical protocols.
Resumo:
Literally, the word compliance suggests conformity in fulfilling official requirements. The thesis presents the results of the analysis and design of a class of protocols called compliant cryptologic protocols (CCP). The thesis presents a notion for compliance in cryptosystems that is conducive as a cryptologic goal. CCP are employed in security systems used by at least two mutually mistrusting sets of entities. The individuals in the sets of entities only trust the design of the security system and any trusted third party the security system may include. Such a security system can be thought of as a broker between the mistrusting sets of entities. In order to provide confidence in operation for the mistrusting sets of entities, CCP must provide compliance verification mechanisms. These mechanisms are employed either by all the entities or a set of authorised entities in the system to verify the compliance of the behaviour of various participating entities with the rules of the system. It is often stated that confidentiality, integrity and authentication are the primary interests of cryptology. It is evident from the literature that authentication mechanisms employ confidentiality and integrity services to achieve their goal. Therefore, the fundamental services that any cryptographic algorithm may provide are confidentiality and integrity only. Since controlling the behaviour of the entities is not a feasible cryptologic goal,the verification of the confidentiality of any data is a futile cryptologic exercise. For example, there exists no cryptologic mechanism that would prevent an entity from willingly or unwillingly exposing its private key corresponding to a certified public key. The confidentiality of the data can only be assumed. Therefore, any verification in cryptologic protocols must take the form of integrity verification mechanisms. Thus, compliance verification must take the form of integrity verification in cryptologic protocols. A definition of compliance that is conducive as a cryptologic goal is presented as a guarantee on the confidentiality and integrity services. The definitions are employed to provide a classification mechanism for various message formats in a cryptologic protocol. The classification assists in the characterisation of protocols, which assists in providing a focus for the goals of the research. The resulting concrete goal of the research is the study of those protocols that employ message formats to provide restricted confidentiality and universal integrity services to selected data. The thesis proposes an informal technique to understand, analyse and synthesise the integrity goals of a protocol system. The thesis contains a study of key recovery,electronic cash, peer-review, electronic auction, and electronic voting protocols. All these protocols contain message format that provide restricted confidentiality and universal integrity services to selected data. The study of key recovery systems aims to achieve robust key recovery relying only on the certification procedure and without the need for tamper-resistant system modules. The result of this study is a new technique for the design of key recovery systems called hybrid key escrow. The thesis identifies a class of compliant cryptologic protocols called secure selection protocols (SSP). The uniqueness of this class of protocols is the similarity in the goals of the member protocols, namely peer-review, electronic auction and electronic voting. The problem statement describing the goals of these protocols contain a tuple,(I, D), where I usually refers to an identity of a participant and D usually refers to the data selected by the participant. SSP are interested in providing confidentiality service to the tuple for hiding the relationship between I and D, and integrity service to the tuple after its formation to prevent the modification of the tuple. The thesis provides a schema to solve the instances of SSP by employing the electronic cash technology. The thesis makes a distinction between electronic cash technology and electronic payment technology. It will treat electronic cash technology to be a certification mechanism that allows the participants to obtain a certificate on their public key, without revealing the certificate or the public key to the certifier. The thesis abstracts the certificate and the public key as the data structure called anonymous token. It proposes design schemes for the peer-review, e-auction and e-voting protocols by employing the schema with the anonymous token abstraction. The thesis concludes by providing a variety of problem statements for future research that would further enrich the literature.
Resumo:
Defining the precise promoter DNA sequence motifs where nuclear receptors and other transcription factors bind is an essential prerequisite for understanding how these proteins modulate the expression of their specific target genes. The purpose of this chapter is to provide the reader with a detailed guide with respect to the materials and the key methods required to perform this type of DNA-binding analysis. Irrespective of whether starting with purified DNA-binding proteins or somewhat crude cellular extracts, the tried-and-true procedures described here will enable one to accurately access the capacity of specific proteins to bind to DNA as well as to determine the exact sequences and DNA contact nucleotides involved. For illustrative purposes, we primarily have used the interaction of the androgen receptor with the rat probasin proximal promoter as our model system.
Resumo:
Establishing a nationwide Electronic Health Record system has become a primary objective for many countries around the world, including Australia, in order to improve the quality of healthcare while at the same time decreasing its cost. Doing so will require federating the large number of patient data repositories currently in use throughout the country. However, implementation of EHR systems is being hindered by several obstacles, among them concerns about data privacy and trustworthiness. Current IT solutions fail to satisfy patients’ privacy desires and do not provide a trustworthiness measure for medical data. This thesis starts with the observation that existing EHR system proposals suer from six serious shortcomings that aect patients’ privacy and safety, and medical practitioners’ trust in EHR data: accuracy and privacy concerns over linking patients’ existing medical records; the inability of patients to have control over who accesses their private data; the inability to protect against inferences about patients’ sensitive data; the lack of a mechanism for evaluating the trustworthiness of medical data; and the failure of current healthcare workflow processes to capture and enforce patient’s privacy desires. Following an action research method, this thesis addresses the above shortcomings by firstly proposing an architecture for linking electronic medical records in an accurate and private way where patients are given control over what information can be revealed about them. This is accomplished by extending the structure and protocols introduced in federated identity management to link a patient’s EHR to his existing medical records by using pseudonym identifiers. Secondly, a privacy-aware access control model is developed to satisfy patients’ privacy requirements. The model is developed by integrating three standard access control models in a way that gives patients access control over their private data and ensures that legitimate uses of EHRs are not hindered. Thirdly, a probabilistic approach for detecting and restricting inference channels resulting from publicly-available medical data is developed to guard against indirect accesses to a patient’s private data. This approach is based upon a Bayesian network and the causal probabilistic relations that exist between medical data fields. The resulting definitions and algorithms show how an inference channel can be detected and restricted to satisfy patients’ expressed privacy goals. Fourthly, a medical data trustworthiness assessment model is developed to evaluate the quality of medical data by assessing the trustworthiness of its sources (e.g. a healthcare provider or medical practitioner). In this model, Beta and Dirichlet reputation systems are used to collect reputation scores about medical data sources and these are used to compute the trustworthiness of medical data via subjective logic. Finally, an extension is made to healthcare workflow management processes to capture and enforce patients’ privacy policies. This is accomplished by developing a conceptual model that introduces new workflow notions to make the workflow management system aware of a patient’s privacy requirements. These extensions are then implemented in the YAWL workflow management system.
Resumo:
A group key exchange (GKE) protocol allows a set of parties to agree upon a common secret session key over a public network. In this thesis, we focus on designing efficient GKE protocols using public key techniques and appropriately revising security models for GKE protocols. For the purpose of modelling and analysing the security of GKE protocols we apply the widely accepted computational complexity approach. The contributions of the thesis to the area of GKE protocols are manifold. We propose the first GKE protocol that requires only one round of communication and is proven secure in the standard model. Our protocol is generically constructed from a key encapsulation mechanism (KEM). We also suggest an efficient KEM from the literature, which satisfies the underlying security notion, to instantiate the generic protocol. We then concentrate on enhancing the security of one-round GKE protocols. A new model of security for forward secure GKE protocols is introduced and a generic one-round GKE protocol with forward security is then presented. The security of this protocol is also proven in the standard model. We also propose an efficient forward secure encryption scheme that can be used to instantiate the generic GKE protocol. Our next contributions are to the security models of GKE protocols. We observe that the analysis of GKE protocols has not been as extensive as that of two-party key exchange protocols. Particularly, the security attribute of key compromise impersonation (KCI) resilience has so far been ignored for GKE protocols. We model the security of GKE protocols addressing KCI attacks by both outsider and insider adversaries. We then show that a few existing protocols are not secure against KCI attacks. A new proof of security for an existing GKE protocol is given under the revised model assuming random oracles. Subsequently, we treat the security of GKE protocols in the universal composability (UC) framework. We present a new UC ideal functionality for GKE protocols capturing the security attribute of contributiveness. An existing protocol with minor revisions is then shown to realize our functionality in the random oracle model. Finally, we explore the possibility of constructing GKE protocols in the attribute-based setting. We introduce the concept of attribute-based group key exchange (AB-GKE). A security model for AB-GKE and a one-round AB-GKE protocol satisfying our security notion are presented. The protocol is generically constructed from a new cryptographic primitive called encapsulation policy attribute-based KEM (EP-AB-KEM), which we introduce in this thesis. We also present a new EP-AB-KEM with a proof of security assuming generic groups and random oracles. The EP-AB-KEM can be used to instantiate our generic AB-GKE protocol.
Resumo:
We propose a digital rights management approach for sharing electronic health records in a health research facility and argue advantages of the approach. We also give an outline of the system under development and our implementation of the security features and discuss challenges that we faced and future directions.
Resumo:
This chapter deals with the law concerning children and consent to medical treatment. Where a child under the age of 18 requires medical treatment, issues arise as to who may lawfully consent to the treatment and under what circumstances. Depending on the circumstances, consent may be given by the child’s parent or guardian; the child; or a court. The chapter provides a thorough treatment of Australian law about these issues and circumstances.
Resumo:
This article examines Finnis' and Keown's claim that the intention/foresight distinction should be used as the basis for the lawfulness of withholding and withdrawing medical treatment, rather than the act/omission distinction which is currently used. I argue that whilst the intention/foresight distinction is sound and can apply to palliative pain relief hastening death, it cannot be applied to withholding and withdrawing medical treatment. Instead, the act/omission distinction remains the better basis for the lawfulness of withholding and withdrawal, and law reform is consequently unnecessary.
Resumo:
Following the judgement of the High Court in Tabet v Gett [2010]HCA 12 handed down on 21 April 2010 it appears that in Australia there is now very limited scope for recovery in negligence for the loss of a chance of a better medical outcome.
Resumo:
Most information retrieval (IR) models treat the presence of a term within a document as an indication that the document is somehow "about" that term, they do not take into account when a term might be explicitly negated. Medical data, by its nature, contains a high frequency of negated terms - e.g. "review of systems showed no chest pain or shortness of breath". This papers presents a study of the effects of negation on information retrieval. We present a number of experiments to determine whether negation has a significant negative affect on IR performance and whether language models that take negation into account might improve performance. We use a collection of real medical records as our test corpus. Our findings are that negation has some affect on system performance, but this will likely be confined to domains such as medical data where negation is prevalent.
Resumo:
Client puzzles are meant to act as a defense against denial of service (DoS) attacks by requiring a client to solve some moderately hard problem before being granted access to a resource. However, recent client puzzle difficulty definitions (Stebila and Ustaoglu, 2009; Chen et al., 2009) do not ensure that solving n puzzles is n times harder than solving one puzzle. Motivated by examples of puzzles where this is the case, we present stronger definitions of difficulty for client puzzles that are meaningful in the context of adversaries with more computational power than required to solve a single puzzle. A protocol using strong client puzzles may still not be secure against DoS attacks if the puzzles are not used in a secure manner. We describe a security model for analyzing the DoS resistance of any protocol in the context of client puzzles and give a generic technique for combining any protocol with a strong client puzzle to obtain a DoS-resistant protocol.
Resumo:
Introduction: Emergency prehospital medical care providers are frontline health workers during emergencies. However, little is known about their attitudes, perceptions, and likely behaviors during emergency conditions. Understanding these attitudes and behaviors is crucial to mitigating the psychological and operational effects of biohazard events such as pandemic influenza, and will support the business continuity of essential prehospital services. ----- ----- Problem: This study was designed to investigate the association between knowledge and attitudes regarding avian influenza on likely behavioral responses of Australian emergency prehospital medical care providers in pandemic conditions. ----- ----- Methods: Using a reply-paid postal questionnaire, the knowledge and attitudes of a national, stratified, random sample of the Australian emergency prehospital medical care workforce in relation to pandemic influenza were investigated. In addition to knowledge and attitudes, there were five measures of anticipated behavior during pandemic conditions: (1) preparedness to wear personal protective equipment (PPE); (2) preparedness to change role; (3) willingness to work; and likely refusal to work with colleagues who were exposed to (4) known and (5) suspected influenza. Multiple logistic regression models were constructed to determine the independent predictors of each of the anticipated behaviors, while controlling for other relevant variables. ----- ----- Results: Almost half (43%) of the 725 emergency prehospital medical care personnel who responded to the survey indicated that they would be unwilling to work during pandemic conditions; one-quarter indicated that they would not be prepared to work in PPE; and one-third would refuse to work with a colleague exposed to a known case of pandemic human influenza. Willingness to work during a pandemic (OR = 1.41; 95% CI = 1.0–1.9), and willingness to change roles (OR = 1.44; 95% CI = 1.04–2.0) significantly increased with adequate knowledge about infectious agents generally. Generally, refusal to work with exposed (OR = 0.48; 95% CI = 0.3–0.7) or potentially exposed (OR = 0.43; 95% CI = 0.3–0.6) colleagues significantly decreased with adequate knowledge about infectious agents. Confidence in the employer’s capacity to respond appropriately to a pandemic significantly increased employee willingness to work (OR = 2.83; 95% CI = 1.9–4.1); willingness to change roles during a pandemic (OR = 1.52; 95% CI = 1.1–2.1); preparedness to wear PPE (OR = 1.68; 95% CI = 1.1–2.5); and significantly decreased the likelihood of refusing to work with colleagues exposed to (suspected) influenza (OR = 0.59; 95% CI = 0.4–0.9). ----- ----- Conclusions:These findings indicate that education and training alone will not adequately prepare the emergency prehospital medical workforce for a pandemic. It is crucial to address the concerns of ambulance personnel and the perceived concerns of their relationship with partners in order to maintain an effective prehospital emergency medical care service during pandemic conditions.
