Developing Trustworthy Database Systems for Medical Care - PowerPoint PPT Presentation

About This Presentation
Title:

Developing Trustworthy Database Systems for Medical Care

Description:

Developing Trustworthy Database Systems for Medical Care. Bharat ... Coordinate shift in a Korean plane shot down by U.S.S.R. IAs could have detected the error ... – PowerPoint PPT presentation

Number of Views:79
Avg rating:3.0/5.0
Slides: 16
Provided by: tomw75
Category:

less

Transcript and Presenter's Notes

Title: Developing Trustworthy Database Systems for Medical Care


1
Developing Trustworthy Database Systems for
Medical Care
  • Bharat Bhargava1 (PI)
  • Mike Zoltowski 2, Arif Ghafoor 2, Leszek Lilien1
  • 1 Department of Computer Sciences
  • 2 Department of Electrical and Computer
    Engineering
  • and
  • Center for Education and Research in Information
    Assurance and Security (CERIAS)
  • Purdue University
  • bb_at_cs.purdue.edu, mikedz, ghafoor_at_ecn.purdue.edu
    , llilien_at_cs.purdue.edu

This research is supported by CERIAS and NSF
grants from ANIR IIS.
2
Security and Safety of Medical Care Environment
  • Objectives
  • Safety of patients
  • Safety of hospital and clinic
  • Security of medical databases
  • Issues
  • Medical care environments are vulnerable to
    malicious behavior, hostile settings, terrorism
    attacks, natural disasters, tampering
  • Reliability, security, accuracy can affect
    timeliness and precision of information for
    patient monitoring
  • Collaboration over networks among
    physicians/nurses, pharmacies, emergency
    personnel, law enforcement agencies, government
    and community leaders should be secure, private,
    reliable, consistent, correct and anonymous

3
Security and Safety of Medical Care Environment
cont.
  • Measures
  • Number of incidents per day in patient room,
    ward, or hospital
  • Non-emergency calls to nurses and doctors due to
    malfunctions, failures, or intrusions
  • False fire alarms, smoke detectors, pagers
    activation
  • Wrong information, data values, lost or delayed
    messages
  • Timeliness, accuracy, precision

4
Access Control
  • Authorized Users
  • Validated credentials AND
  • Cooperative and legitimate behavior history
  • Other Users
  • Lack of required credentials OR
  • Non-cooperative or malicious behavior history
  • From Yuhui
  • a flaw

5
Using Trust and Roles for Access Control
  • Approach trust- and role-based access control
  • cooperates with traditional Role-Based Access
    Control (RBAC)
  • authorization based on evidence, trust, and
    roles (user profile analysis)

6
Classification Algorithm for Access Control to
Detect Malicious Users
Training Phase Build Clusters Input Training
audit log record X1, X2 ,,Xn, Role, where
X1,,,Xn are attribute values, and Role is the
role held by the user Output A list of centroid
representations of clusters M1, M2 ,, Mn,
pNum, Role Step 1 for every role Ri, create one
cluster Ci Ci.role Ri for every
attribute Mk Step 2 for every training record
Reci calculate its Euclidean distance from
existing clusters find the closest cluster
Cmin if Cmin.role Reci.role then reevaluate the
attribute values else create new cluster Cj
Cj.role Reci.role for every
attribute Mk Cj.M k Reci.Mk
Classification Phase Detect Malicious
Users Input cluster list, audit log record
rec for every cluster Ci in cluster list
calculate the distance between Rec and Ci find
the closest cluster Cmin if Cmin.role
Rec.role then return else raise alarm
  • Experimental Study Accuracy of Detection
  • Accuracy of detection of malicious users by the
    classification algorithm ranges from 60 to 90
  • 90 of misbehaviors can be identified in a
    friendly environment (in which fewer than 20 of
    behaviors are malicious)
  • 60 of misbehaviors can be identified in an
    unfriendly environment (in which at least 90 of
    behaviors are malicious)

7
Prototype TERM Server for Access Control
Defining role assignment policies
Loading evidence for role assignment
Software http//www.cs.purdue.edu/homes/bb/NSFtru
st.html
8
Integrity Checking Systems
  • Integrity Assertions (IAs)
  • Predicates on values of database items
  • Examples
  • Coordinate shift in a Korean plane shot down by
    U.S.S.R.
  • IAs could have detected the error
  • Human error potassium result of 3.5 reported to
    ICU as 8.5
  • IAs caught the error
  • Types of IAs
  • Allowable value range (e.g. K_level ? 3.0,
    5.5, patient_age gt 16)
  • Relationships to values of other data (e.g.
    Wishard_blood_test_results(CBC, electrol.)
    consistent_with Methodist_blood_test_results(CBC,
    electrol.) )
  • Conditional value (e.g. IF patient_on(dyzide)
    THEN K_trend decreasing)
  • Triggers
  • For surveillance of medical data and generating
    suggestions for doctors

9
Privacy and Anonymity
  • Privacy
  • Protecting sensitive data from unauthorized
    access
  • Health Insurance Portability and Accountability
    Act (HIPAA)
  • patients rights to request a restriction or
    limitation on the disclosure of protected health
    information (PHI)
  • staff rights
  • Anonymity
  • Protecting identity of the source of data

10
Preserving Privacy and Anonymity for Information
Integration - Examples
  • Example 1 Integration of hospital databases into
    research database
  • HospitalDB1 Mr. Smith coded as A (for
    anonymity)
  • Hospital DB2 Mr. Smith coded as B
  • Research DB12 assure that A B
  • Example 2 DB access
  • DB should not capture what User X did (anonymity)
  • User X should not know more data in DB than
    needed (privacy)

11
Privacy and Security of Network andComputer
Systems
  • Integrity and correctness of data
  • Privacy of patient records and identification
  • Protect against changes to patient records or
    treatment plan
  • Protect against disabling monitoring devices,
    switching off/crashing computers, flawed
    software, disabling messages
  • Decrypting traffic, injection of new traffic,
    attacks from jamming devices

12
Information hiding
Fraud
Applications
Privacy
Negotiation
Integrity
Access control
Data provenance
Biometrics
Semantic web security
Security
Trust
Encryption
Computer epidemic
Policy making
Anonymity
Data mining
Formal models
System monitoring
Network security
13
Emerging TechnologiesSensors and Wireless
Communications
  • Challenge develop sensors that detect and
    monitor violations in medical care environment
    before a threat to life occurs
  • Bio sensors to detect anthrax, viruses, toxins,
    bacteria
  • chips coated with antibodies that attract a
    specific biological agent
  • Ion trap mass spectrometer
  • aids in locating fingerprints of proteins to
    detect toxins or bacteria
  • Neutron-based detectors
  • detect chemical, and nuclear materials
  • Electronic sensors, wireless devices

14
Sensors in a Patients Environment
  • Safety and Security in Patients Room
  • Monitor the entrance and access to a patients
    room
  • Monitor activity patterns of devices connected to
    a patient
  • Protect patients from neglect, abuse, harm,
    tampering, movement outside the safety zone
  • Monitor visitor clothing to guarantee hygiene and
    prevention of infections
  • Safety and Security of the Hospital
  • Monitor temperature, humidity, air quality
  • Identify obstacles for mobile stretchers
  • Protect access to FDA controlled products,
    narcotics, and special drugs
  • Monitor tampering with medicine, fraud in
    prescriptions
  • Protect against electromagnetic attacks, power
    outages, and discharge of biological agents

15
Research at Purdue
  • Collaboration with Dr. Clement McDonald,
    Regenstrief Institute for Health Care, Indiana U.
    School of Medicine
  • Web Site http//www.cs.purdue.edu/homes/bb/
  • Over one million dollars in current support from
  • NSF, Cisco, Motorola, DARPA
  • Selected Publications
  • B. Bhargava and Y. Zhong, "Authorization Based on
    Evidence and Trust", in Proc. of Data Warehouse
    and Knowledge Management Conference (DaWaK),
    Sept. 2002.
  • E. Terzi, Y. Zhong, B. Bhargava, Pankaj, and S.
    Madria, "An Algorithm for Building User-Role
    Profiles in a Trust Environment", in Proc. of
    DaWaK, Sept. 2002 .
  • A. Bhargava and M. Zoltowski, Sensors and
    Wireless Communication for Medical Care, in
    Proc. of 6th Intl. Workshop on Mobility in
    Databases and Distributed Systems (MDDS), Prague,
    Czech Republic, Sept. 2003.
  • B. Bhargava, Y. Zhong, and Y. Lu, "Fraud
    Formalization and Detection", in Proc. of DaWaK,
    Prague, Czech Republic, Sept. 2003.
Write a Comment
User Comments (0)
About PowerShow.com