Start / CERIAS Weekly Security Seminar – Purdue University / Zahid pervaiz multi policy access control for healthcare using policy machine

CERIAS Weekly Security Seminar – Purdue University

Zahid Pervaiz, Multi-Policy Access Control for Healthcare using Policy Machine

29 min • 4 november 2009

Access control policies in healthcare domain define permissions for users to access different medical records. A Role Based Access Control (RBAC) mechanism allows management of privileges to medical records for users when they assume certain roles thus mitigating the threat of inside attacks. Such a threat emanates from unauthorized users. We can provide a selective combination of policies where sensitive records can be available only to a specific role, say the primary doctor, under Discretionary Access Control (DAC) whereby in turn he/she may share the record with other physicians for consultation after permission from the patient. This mechanism allows not only a better compliance of principle of least privilege but also helps to mitigate the threat of authorized insiders disclosing sensitive information. Our research is being prototyped on the Policy Machine (PM) developed by the National Institute of Standards and Technology (NIST). PM allows integration and co-existence of multiple policies. Currently, we are expanding thecapabilities of PM to provide a flexible healthcare access control policy which has the benefits of context awareness and discretionary access. We will present the newlyimplemented temporal RBAC model on PM and describe initial capabilities for secure management of healthcare data. About the speaker: Zahid Pervaiz is a PhD candidate in School of Electrical and Computer Engineering at Purdue University. He received his bachelor's degree in Electronics engineering from National University of Science and Technology, Pakistan in 2000. Prior to joining Purdue in 2007, he worked with a research organization in Pakistan for five years as a senior design engineer. His research interests include information privacy, data security and access control. His current research work focuses on access control mechanisms for healthcare applications. He can be reached at zpervaiz@purdue.edu.

Senaste avsnitt

Paul Vixie, Force Projection in the Information Domain: Implications of DNS Security

30 april | 72 min

Tristen Mullins, Using Side-Channels for Critical Infrastructure Protection

23 april | 36 min

Richard Love, Russian Hacking: Why, How, Who, and to What End

16 april | 58 min

Josiah Dykstra, Lessons for Cybersecurity from the American Public Health System

9 april | 50 min

Michael Clothier, Annual CERIAS Security Symposium Closing Keynote IT, OT, IoT — It's Really Just the "T": An International and Historical Perspective

2 april | 65 min

Zahid Pervaiz, Multi-Policy Access Control for Healthcare using Policy Machine

Senaste avsnitt

Paul Vixie, Force Projection in the Information Domain: Implications of DNS Security

Tristen Mullins, Using Side-Channels for Critical Infrastructure Protection

Richard Love, Russian Hacking: Why, How, Who, and to What End

Josiah Dykstra, Lessons for Cybersecurity from the American Public Health System

Michael Clothier, Annual CERIAS Security Symposium Closing Keynote IT, OT, IoT — It's Really Just the "T": An International and Historical Perspective

Tim Benedict, The Future of AI Depends on Guardrails

Amir Sadovnik, What do we mean when we talk about AI Safety and Security?

Hisham Zahid &amp; David Haddad, Decrypting the Impact of Professional Certifications in Cybersecurity Careers

Ali Al-Haj, Zero Trust Architectures and Digital Trust Frameworks: A Complementary or Contradictory Relationship?

Adam Shostack, Risk is Not Axiomatic

Mustafa Abdallah, Effects of Behavioral Decision-Making in Proactive Security Frameworks in Networked Systems

D. Richard Kuhn, How Can We Provide Assured Autonomy?

Nick Harrell, Mechanisms of Virality in Online Discourse

Stanislav Kruglik, Querying Twice: How to Ensure We Obtain the Correct File in a Private Information Retrieval Protocol

Christopher Yeomans, Fairness as Equal Concession: Critical Remarks on Fair AI

Mason Rice, Adversarial C2 inside OT Networks

Yanxue Jia, HomeRun: High-efficiency Oblivious Message Retrieval, Unrestricted

Roger Grimes, Many Ways to Hack MFA

Alessandro Acquisti, Behavioral Advertising and Consumer Welfare

Xiaoqi Chen, SmartCookie: Blocking Large-Scale SYN Floods with a Split-Proxy Defense on Programmable Data Planes

Zhou Li, The Road Towards Accurate, Scalable and Robust Graph-based Security Analytics: Where Are We Now?

Michail Maniatakos, Dissecting the Software Supply Chain of Modern Industrial Control Systems

Chance Younkin, Shamrock Cyber – When Luck Just Isn't Enough

Ashok Vardhan Raja, Exploiting Vulnerabilities in AI-Enabled UAV: Attacks and Defense Mechanisms

Russel Waymire, IDART (Information Design Assurance Red Team): A Red Team Assessment Methodology

Chris Kubecka de Medina, Empowering the Next Generation of Digital Defenders: Ethics in Cybersecurity and Emerging Technologies

David Haddad, AI's Security Maze: Navigating AI's Top Cybersecurity Risks Through Strategic Planning and Resilient Operations

Shagufta Mehnaz, Privacy and Security in ML: A Priority, not an Afterthought

David Stracuzzi, Defining Trusted Artificial Intelligence for the National Security Space

Evan Sultanik, In Pursuit of Silent Flaws: Dataflow Analysis for Bugfinding and Triage

Daniel Shoemaker, Secure Sourcing of COTS Products: A Critical Missing Element in Software Engineering Education

Douglas Huelsbeck, The Importance of Security by Design & The Importance of Including Cybersecurity Experts in Your Business Decisions

Alejandro Cuevas, The Fault in Our Stars: How Reputation Systems Fail in Practice

Sanket Naik, Modern Enterprise Cybersecurity: A CISO perspective

Jennifer Bayuk, Stepping Through Cybersecurity Risk Management A Systems Thinking Approach

Jonathan (Jono) Spring, On Security Operations for AI Systems

Maksim Eren, Tensor Decomposition Methods for Cybersecurity

William Malik, Multifactor Authentication - The Problem, Recommendations, and Future Concerns

Solomon Sonya, Enhancing Cybersecurity via Lessons Learned from the Evolution of Malware

Leigh Metcalf, Grep for Evil

Sandhya Aneja, Invisible Signatures: Device Fingerprinting in a Connected World

Mu Zhang, Backtracking Intrusions in Modern Industrial Internet of Things

Robert Denz, Mind the Gap: Vulnerabilities and Opportunities for Cyber R&D at the Edge

Andy Ellis, How to Build and Measure a Corporate Security Program

Wen Masters, Cyber Risk Analysis for Critical Infrastructure

Steve Lipner, Thinking About the Future of Encryption

Courtney Falk, The Bride of the Pod People

Derek Dervishian, Fuzzing: Understanding the Landscape

Rebecca Herold, Sorting Surveillance Benefits from Harms

Khaled Serag, Vulnerability Identification and Defense Construction in Cyber-Physical Systems

Scott Sage, Erin Miller, How the Cyberspace Domain has Changed the Game for the Space Domain

Christopher Nuland, Enhancing Software Supply Chain Security in Distributed Systems

Stuart Shapiro, MITRE PANOPTIC™ Privacy Threat Model

Rita Foster, Cyber defender's plead - If it's not codified – Please go away

Dr. Anand Singh, The State of Software Supply Chain Security

Marina Gavrilova, Advancements and New Developments in Biometric Privacy, Security and Ethics

Kelly FitzGerald, Don't Copy That Floppy!: A History of Anti-cracking Controls in Early Video Games and Its Economic Impact

Sayak Ray, Pre-Silicon Hardware Security Analysis through Information Flow Tracking - Current Industry Applications and Research Questions

Wendy Nather, CERIAS Security Symposium Closing Keynote

Steve Bellovin, 35 Years of Protecting the Internet

Patrick Schlapfer, Using Endpoint Isolation to Track Malware Trends

Albert Cheng, Elements of Robust Real-Time Systems: Regularity-Based Virtualization and Functional Reactive Programming

Arjan Durresi, Trust Engineering – from Developing Resilient Systems to Artificial Conscience

Dean Cheng, Chinese Views of Information and Future Warfare

Ronald Keen, Increasing Dependency; Increasing Threat

Jason Ortiz, Securing Your Software Supply Chain

Aurobindo Sundaram, Our Journey in Phishing Mitigation

Mummoorthy Murugesan, Problems and Challenges in Data Security Posture Management

Ambrose Kam, Applying Multi-Agent Reinforcement Learning (MARL) in a Cyber Wargame Engine

Julie Haney, Users Are Not Stupid: Six Cybersecurity Pitfalls Overturned

Meng Xu, Fast and Reliable Formal Verification of Smart Contracts with the Move Prover

Brian Barnier &amp; Prachee Kale, Making Cybersecurity Reliable and Cybersecurity Careers Rewarding

Christine Task, Data, Privacy---and the Interactions Between Them

Ning Zhang, Security and Privacy in the Cyber-physical World

Florian Kerschbaum, On Using Differential Privacy

David C. Benson, Stop Selling Cybersecurity Short!: Cybersecurity as a Component of National Power

Maggie MacAlpine, Ransomware and the Future of Cyberwarfare

Dipankar Dasgupta, Adaptive Multi-Factor Authentication & Cyber Identity

Hisham Zahid & David Haddad, Decrypting the Impact of Professional Certifications in Cybersecurity Careers

Brian Barnier & Prachee Kale, Making Cybersecurity Reliable and Cybersecurity Careers Rewarding

Abhilasha Bhargav-Spantzel & Sonnie Ebikwo, "With great power comes great responsibility" – Responsible Cybersecurity Innovations and Investments for Cloud Computing

Melissa Hathaway & Francesca Spidalieri, Integrating Cybersecurity into Digital Development

Adwait Nadkarni, Building Practical Security Systems for the Post-App Smart Home