Privacy and trust management for electronic health records

Establishing a nationwide Electronic Health Record system has become a primary objective for many countries around the world, including Australia, in order to improve the quality of healthcare while at the same time decreasing its cost. Doing so will require federating the large number of patient data repositories currently in use throughout the country. However, implementation of EHR systems is being hindered by several obstacles, among them concerns about data privacy and trustworthiness. Current IT solutions fail to satisfy patients’ privacy desires and do not provide a trustworthiness measure for medical data. This thesis starts with the observation that existing EHR system proposals suer from six serious shortcomings that aect patients’ privacy and safety, and medical practitioners’ trust in EHR data: accuracy and privacy concerns over linking patients’ existing medical records; the inability of patients to have control over who accesses their private data; the inability to protect against inferences about patients’ sensitive data; the lack of a mechanism for evaluating the trustworthiness of medical data; and the failure of current healthcare workflow processes to capture and enforce patient’s privacy desires. Following an action research method, this thesis addresses the above shortcomings by firstly proposing an architecture for linking electronic medical records in an accurate and private way where patients are given control over what information can be revealed about them. This is accomplished by extending the structure and protocols introduced in federated identity management to link a patient’s EHR to his existing medical records by using pseudonym identifiers. Secondly, a privacy-aware access control model is developed to satisfy patients’ privacy requirements. The model is developed by integrating three standard access control models in a way that gives patients access control over their private data and ensures that legitimate uses of EHRs are not hindered. Thirdly, a probabilistic approach for detecting and restricting inference channels resulting from publicly-available medical data is developed to guard against indirect accesses to a patient’s private data. This approach is based upon a Bayesian network and the causal probabilistic relations that exist between medical data fields. The resulting definitions and algorithms show how an inference channel can be detected and restricted to satisfy patients’ expressed privacy goals. Fourthly, a medical data trustworthiness assessment model is developed to evaluate the quality of medical data by assessing the trustworthiness of its sources (e.g. a healthcare provider or medical practitioner). In this model, Beta and Dirichlet reputation systems are used to collect reputation scores about medical data sources and these are used to compute the trustworthiness of medical data via subjective logic. Finally, an extension is made to healthcare workflow management processes to capture and enforce patients’ privacy policies. This is accomplished by developing a conceptual model that introduces new workflow notions to make the workflow management system aware of a patient’s privacy requirements. These extensions are then implemented in the YAWL workflow management system.

Subterfuge-safe trust management for delegation of permissions in open environments

Open environments involve distributed entities interacting with each other in an open manner. Many distributed entities are unknown to each other but need to collaborate and share resources in a secure fashion. Usually resource owners alone decide who is trusted to access their resources. Since resource owners in open environments do not have a complete picture of all trusted entities, trust management frameworks are used to ensure that only authorized entities will access requested resources. Every trust management system has limitations, and the limitations can be exploited by malicious entities. One vulnerability is due to the lack of globally unique interpretation for permission specifications. This limitation means that a malicious entity which receives a permission in one domain may misuse the permission in another domain via some deceptive but apparently authorized route; this malicious behaviour is called subterfuge. This thesis develops a secure approach, Subterfuge Safe Trust Management (SSTM), that prevents subterfuge by malicious entities. SSTM employs the Subterfuge Safe Authorization Language (SSAL) which uses the idea of a local permission with a globally unique interpretation (localPermission) to resolve the misinterpretation of permissions. We model and implement SSAL with an ontology-based approach, SSALO, which provides a generic representation for knowledge related to the SSAL-based security policy. SSALO enables integration of heterogeneous security policies which is useful for secure cooperation among principals in open environments where each principal may have a different security policy with different implementation. The other advantage of an ontology-based approach is the Open World Assumption, whereby reasoning over an existing security policy is easily extended to include further security policies that might be discovered in an open distributed environment. We add two extra SSAL rules to support dynamic coalition formation and secure cooperation among coalitions. Secure federation of cloud computing platforms and secure federation of XMPP servers are presented as case studies of SSTM. The results show that SSTM provides robust accountability for the use of permissions in federation. It is also shown that SSAL is a suitable policy language to express the subterfuge-safe policy statements due to its well-defined semantics, ease of use, and integrability.

A multilevel trust management framework

Lack of trust in e-commerce transactions has been identified by researchers as one of the main factors that hamper e-commerce from reaching its full potential. Various trust-related supporting features for online transactions are available to improve trust management. However, most of these existing approaches have insufficient conditions to establish online trust among businesses and customers. There are many relevant factors that influence potential buyers to make decisions. In this paper, we identify several desirable properties of an ideal trust management system that existing trust management systems do not support. A multilevel trust management framework is proposed to improve the support for existing trust management in e-commerce.

Feedback credibility issues in trust management systems

The following topics are dealt with: soft computing in intelligent multimedia; grid and pervasive computing security; interactive multimedia & intelligent services in mobile and ubiquitous computing; data management in ubiquitous computing; smart living space; software effectiveness and efficiency.

Risk-based trust management for e-commerce

Electronic commerce (e-commerce) offers enormous opportunities for online trading while at the same time presenting potential risks. Although various mechanisms have been developed to elevate trust in e-commerce, research shows that shoppers continue to be skeptical about buying online and lack of trust is often cited as the main reason for it. Thus, enhancing success in e-commerce requires eliminating or reducing the risks. In this chapter, we present a multi-attribute trust management model that incorporates trust, transaction costs and product warranties. The new trust management system enables potential buyers to determine the risk level of a product before committing to proceed with the transaction. This is useful to online buyers as it allows them to be aware of the risk level and subsequently take the appropriate actions to minimize potential risks before engaging in risky businesses. Results of various simulation experiments show that the proposed multi-attribute trust management system can be highly effective in identifying risky transaction in electronic market places.

Risk and trust management for online distributed system

This thesis investigated the problem of strategic manipulation of feedback attacks and proposed an approach that makes trust management systems sufficiently robust against feedback manipulation attacks. The new trust management system enables potential service consumers to determine the risk level of a service before committing to proceed with the transaction.

E-commerce trust management system reliability

Various solutions have been proposed in managing trust relationship between trading partners in eCommerce environment. Determine the reliability of trust management systems in eCommerce is most difficult issue due to highly dynamic nature of eCommerce environments. As trust management systems depend on the feedback ratings provided by the trading partners, they are fallible to strategic manipulation of the feedback ratings attacks. This paper addressed the challenges of trust management systems. The requirements of a reliable trust management are also discussed. In particular, we introduce an adaptive credibility model that distinguishes between credible feedback ratings and malicious feedback ratings by considering transaction size, frequency of ratings and majority vote to form a feedback ratings verification metric. The approach has been validated by simulation result.

A multilevel trust management framework for service oriented environment

In service-oriented computing applications, trust management systems are emerging as a promising technology to improve the e-commerce consumers and provider's relationship. Both consumers and providers need to evaluate the trust levels of potential partners before engaging in interactions. The accuracy of trust evaluation greatly affects the success rate of the interaction. This paper addresses the threats and challenges that can compromise the reliability of the current trust management system. This paper studies and examines the importance of the trust factors of the trust management framework, specifically in dealing with malicious feedback ratings from e-commerce users. To improve the reliability of the trust management systems, an approach that addresses feedback-related vulnerabilities is paramount. A multilevel trust management system computes trust by combining different types of information. Using this combination, we introduce a multilevel framework for a new interactive trust management to improve the correctness in estimate of trust information.

Limitations of trust management schemes in VANET and countermeasures

Vehicular networks ensure that the information received from any vehicle is promptly and correctly propagated to nearby vehicles, to prevent accidents. A crucial point is how to trust the information transmitted, when the neighboring vehicles are rapidly changing and moving in and out of range. Current trust management schemes for vehicular networks establish trust by voting on the decision received by several nodes, which might not be required for practical scenarios. It might just be enough to check the validity of incoming information. Due to the ephemeral nature of vehicular networks, reputation schemes for mobile ad hoc networks (MANETs) cannot be applied to vehicular ad hoc networks (VANET). We point out several limitations of trust management schemes for VANET. In particular, we identify the problem of information cascading and oversampling, which commonly arise in social networks. Oversampling is a situation in which a node observing two or more nodes, takes into consideration both their opinions equally without knowing that they might have influenced each other in decision making. We show that simple voting for decision making, leads to oversampling and gives incorrect results. We propose an algorithm to overcome this problem in VANET. This is the first paper which discusses the concept of cascading effect and oversampling effects to ad hoc networks. © 2011 IEEE.