809 resultados para Privacy.
Resumo:
Health Information Systems (HIS) make extensive use of Information and Communication Technologies (ICT). The use of ICT aids in improving the quality and efficiency of healthcare services by making healthcare information available at the point of care (Goldstein, Groen, Ponkshe, and Wine, 2007). The increasing availability of healthcare data presents security and privacy issues which have not yet been fully addressed (Liu, Caelli, May, and Croll, 2008a). Healthcare organisations have to comply with the security and privacy requirements stated in laws, regulations and ethical standards, while managing healthcare information. Protecting the security and privacy of healthcare information is a very complex task (Liu, May, Caelli and Croll, 2008b). In order to simplify the complexity of providing security and privacy in HIS, appropriate information security services and mechanisms have to be implemented. Solutions at the application layer have already been implemented in HIS such as those existing in healthcare web services (Weaver et al., 2003). In addition, Discretionary Access Control (DAC) is the most commonly implemented access control model to restrict access to resources at the OS layer (Liu, Caelli, May, Croll and Henricksen, 2007a). Nevertheless, the combination of application security mechanisms and DAC at the OS layer has been stated to be insufficient in satisfying security requirements in computer systems (Loscocco et al., 1998). This thesis investigates the feasibility of implementing Security Enhanced Linux (SELinux) to enforce a Role-Based Access Control (RBAC) policy to help protect resources at the Operating System (OS) layer. SELinux provides Mandatory Access Control (MAC) mechanisms at the OS layer. These mechanisms can contain the damage from compromised applications and restrict access to resources according to the security policy implemented. The main contribution of this research is to provide a modern framework to implement and manage SELinux in HIS. The proposed framework introduces SELinux Profiles to restrict access permissions over the system resources to authorised users. The feasibility of using SELinux profiles in HIS was demonstrated through the creation of a prototype, which was submitted to various attack scenarios. The prototype was also subjected to testing during emergency scenarios, where changes to the security policies had to be made on the spot. Attack scenarios were based on vulnerabilities common at the application layer. SELinux demonstrated that it could effectively contain attacks at the application layer and provide adequate flexibility during emergency situations. However, even with the use of current tools, the development of SELinux policies can be very complex. Further research has to be made in order to simplify the management of SELinux policies and access permissions. In addition, SELinux related technologies, such as the Policy Management Server by Tresys Technologies, need to be researched in order to provide solutions at different layers of protection.
Resumo:
The adoption of e-business by the Australian construction industry lags other service and product industries. It is assumed that slow adoption rate does not reflect the maturity of the technology but is due to adoption impediments peculiar to the nature of construction. This chapter examines impediments to the uptake of e-business nationally and internationally. A systematic and extensive literature search of impediments (also referred to as obstacles, impediments or hindrances) to adoption has been undertaken and the findings discussed in this chapter. This review included more that 200 documents and these have been published in a searchable database as part of a larger research initiative funded by the Cooperative Research Centre for Construction Innovation. The influence of levels of e-business maturity seen in other sectors such as retail, tourism and manufacturing was also captured and a number of major impediments were identified some including: privacy, trust, uncertainty of financial returns, lack of reliable measurement, fraud, lack of support and system maintenance. A total of 23 impediments were assessed in terms of impact to organisational type and size across reviewed documents. With this information it was possible to develop a reference framework for measuring maturity levels and readiness to uptake e-business in construction. Results have also shown that impediments to e-business adoption work differently according to organisational type and culture. Areas of training and people development need to be addressed. This would include a more sensitive approach to the nature of construction organisations, especially to those small and medium enterprises. Raising levels of awareness and creating trust for on-line collaboration are other aspects that need attention, which current studies confirm as lacking. An empirical study within construction, to validate these findings, forms the subsequent phase of this research.
Resumo:
This study explores teenager perceptions towards advertising in the online social networking environment. The future of online social networking sites is dependant upon the continued support of advertisers in this new medium, which is linked to the acceptance of advertising on these sites by their targeted audience. This exploratory study used the qualitative research methods of focus groups and in-depth personal interviews to gain insights from the teenager participants. The literature review in Chapter Two examined the previous research into advertising theories, consumer attitudes and issues such as advertising avoidance, advertising as a service and trust and privacy in the online social networking environment. The teenage consumer was also examined as were the influences of social identity theory. From this literature review eleven propositions were formed which provided a structure to the analysis of the research. Chapter Three outlined the multi-method research approach of using focus groups and in-depth interviews. The key findings were outlined in Chapter Four and Chapter Five provides discussion regarding these findings and the implications for theory and advertising practice. The main findings from this study suggest that teenagers have very high levels of advertising avoidance and are sceptical towards advertising on their online social networking sites. They have an inherent distrust of commercial messages in the online social networking environment; however they are extremely trusting with the information that they disclose online. They believe that if their site is classified as private, then the information disclosed on this site is not accessible to anyone. The study explores the reasons behind these views. This research has resulted in the identification of seven motivations behind online social networking use. A new model of advertising avoidance in the online social networking environment is also presented and discussed. This model makes a contribution towards filling the gap in available research on online social networking sites and advertising perception. The findings of this study have also resulted in the identification of the characteristics of online social networking sites as an advertising medium. The newness of online social networking sites coupled with the enthusiastic adoption of online social networking by the teenage demographic means that this exploratory study will be of interest to both academics and practitioners alike.
Resumo:
The adoption of e-business by the Australian construction industry lags other service and product industries. It is assumed that slow adoption rate does not reflect the maturity of the technology but is due to adoption barriers peculiar to the nature of construction. This paper examines impediments to the uptake of e-business nationally and internationally. A systematic and extensive literature search of barriers (also referred to as obstacles, impediments or hindrances) to adoption has been undertaken and the findings discussed in this paper. This review included more that 200 documents and these have been published in a searchable database as part of a larger research initiative funded by the Cooperative Research Centre for Construction Innovation. The influence of levels of e-business maturity seen in other sectors such as retail, tourism and manufacturing was also captured and a number of major barriers were identified some including: privacy, trust, uncertainty of financial returns, lack of reliable measurement, fraud, lack of support and system maintenance. A total of 23 barriers were assessed in terms of impact to organisational type and size across reviewed documents. With this information it was possible to develop a reference framework for measuring maturity levels and readiness to uptake e-business in construction. Results have also shown that barriers to e-business adoption work differently according to organisational type and culture. Areas of training and people development need to be addressed. This would include a more sensitive approach to the nature of construction organisations, especially to those small and medium enterprises. Raising levels of awareness and creating trust for on-line collaboration are other aspects that need attention, which current studies confirm as lacking. An empirical study within construction, to validate these findings, forms the subsequent phase of this research.
Resumo:
This paper provides a fresh analysis of the widely-used Common Scrambling Algorithm Stream Cipher (CSA-SC). Firstly, a new representation of CSA-SC with a state size of only 89 bits is given, a significant reduction from the 103 bit state of a previous CSA-SC representation. Analysis of this 89-bit representation demonstrates that the basis of a previous guess-and-determine attack is flawed. Correcting this flaw increases the complexity of that attack so that it is worse than exhaustive key search. Although that attack is not feasible, the reduced state size of our representation makes it obvious that CSA-SC is vulnerable to several generic attacks, for which feasible parameters are given.
Resumo:
There is currently a strong focus worldwide on the potential of large-scale Electronic Health Record (EHR) systems to cut costs and improve patient outcomes through increased efficiency. This is accomplished by aggregating medical data from isolated Electronic Medical Record databases maintained by different healthcare providers. Concerns about the privacy and reliability of Electronic Health Records are crucial to healthcare service consumers. Traditional security mechanisms are designed to satisfy confidentiality, integrity, and availability requirements, but they fail to provide a measurement tool for data reliability from a data entry perspective. In this paper, we introduce a Medical Data Reliability Assessment (MDRA) service model to assess the reliability of medical data by evaluating the trustworthiness of its sources, usually the healthcare provider which created the data and the medical practitioner who diagnosed the patient and authorised entry of this data into the patient’s medical record. The result is then expressed by manipulating health record metadata to alert medical practitioners relying on the information to possible reliability problems.
Resumo:
Electronic Health Record (EHR) systems are being introduced to overcome the limitations associated with paper-based and isolated Electronic Medical Record (EMR) systems. This is accomplished by aggregating medical data and consolidating them in one digital repository. Though an EHR system provides obvious functional benefits, there is a growing concern about the privacy and reliability (trustworthiness) of Electronic Health Records. Security requirements such as confidentiality, integrity, and availability can be satisfied by traditional hard security mechanisms. However, measuring data trustworthiness from the perspective of data entry is an issue that cannot be solved with traditional mechanisms, especially since degrees of trust change over time. In this paper, we introduce a Time-variant Medical Data Trustworthiness (TMDT) assessment model to evaluate the trustworthiness of medical data by evaluating the trustworthiness of its sources, namely the healthcare organisation where the data was created and the medical practitioner who diagnosed the patient and authorised entry of this data into the patient’s medical record, with respect to a certain period of time. The result can then be used by the EHR system to manipulate health record metadata to alert medical practitioners relying on the information to possible reliability problems.
Resumo:
The gathering of people in everyday life is intertwined with travelling to negotiated locations. As a result, mobile phones are often used to rearrange meetings when one or more participants are late or cannot make it on time. Our research is based on the hypothesis that the provision of location data can enhance the experience of people who are meeting each other in different locations. This paper presents work-in-progress on a novel approach to share one’s location data in real-time which is visualised on a web-based map in a privacy conscious way. Disposable Maps allows users to select contacts from their phone’s address book who then receive up-to-date location data. The utilisation of peer-to-peer notifications and the application of unique URLs for location storage and presentation enable location sharing whilst ensuring users’ location privacy. In contrast to other location sharing services like Google Latitude, Disposable Maps enables ad hoc location sharing to actively selected location receivers for a fixed period of time in a specific given situation. We present first insights from an initial application user test and show future work on the approach of disposable information allocation.
Resumo:
Current regulatory requirements on data privacy make it increasingly important for enterprises to be able to verify and audit their compliance with their privacy policies. Traditionally, a privacy policy is written in a natural language. Such policies inherit the potential ambiguity, inconsistency and mis-interpretation of natural text. Hence, formal languages are emerging to allow a precise specification of enforceable privacy policies that can be verified. The EP3P language is one such formal language. An EP3P privacy policy of an enterprise consists of many rules. Given the semantics of the language, there may exist some rules in the ruleset which can never be used, these rules are referred to as redundant rules. Redundancies adversely affect privacy policies in several ways. Firstly, redundant rules reduce the efficiency of operations on privacy policies. Secondly, they may misdirect the policy auditor when determining the outcome of a policy. Therefore, in order to address these deficiencies it is important to identify and resolve redundancies. This thesis introduces the concept of minimal privacy policy - a policy that is free of redundancy. The essential component for maintaining the minimality of privacy policies is to determine the effects of the rules on each other. Hence, redundancy detection and resolution frameworks are proposed. Pair-wise redundancy detection is the central concept in these frameworks and it suggests a pair-wise comparison of the rules in order to detect redundancies. In addition, the thesis introduces a policy management tool that assists policy auditors in performing several operations on an EP3P privacy policy while maintaining its minimality. Formal results comparing alternative notions of redundancy, and how this would affect the tool, are also presented.
Resumo:
The protection of privacy has gained considerable attention recently. In response to this, new privacy protection systems are being introduced. SITDRM is one such system that protects private data through the enforcement of licenses provided by consumers. Prior to supplying data, data owners are expected to construct a detailed license for the potential data users. A license specifies whom, under what conditions, may have what type of access to the protected data. The specification of a license by a data owner binds the enterprise data handling to the consumer’s privacy preferences. However, licenses are very detailed, may reveal the internal structure of the enterprise and need to be kept synchronous with the enterprise privacy policy. To deal with this, we employ the Platform for Privacy Preferences Language (P3P) to communicate enterprise privacy policies to consumers and enable them to easily construct data licenses. A P3P policy is more abstract than a license, allows data owners to specify the purposes for which data are being collected and directly reflects the privacy policy of an enterprise.
Resumo:
Monitoring unused or dark IP addresses offers opportunities to extract useful information about both on-going and new attack patterns. In recent years, different techniques have been used to analyze such traffic including sequential analysis where a change in traffic behavior, for example change in mean, is used as an indication of malicious activity. Change points themselves say little about detected change; further data processing is necessary for the extraction of useful information and to identify the exact cause of the detected change which is limited due to the size and nature of observed traffic. In this paper, we address the problem of analyzing a large volume of such traffic by correlating change points identified in different traffic parameters. The significance of the proposed technique is two-fold. Firstly, automatic extraction of information related to change points by correlating change points detected across multiple traffic parameters. Secondly, validation of the detected change point by the simultaneous presence of another change point in a different parameter. Using a real network trace collected from unused IP addresses, we demonstrate that the proposed technique enables us to not only validate the change point but also extract useful information about the causes of change points.
