IPS: Security Services for Healthcare Applications

IPS：医疗保健应用程序的安全服务

• 批准号: 0712846
• 负责人: Elisa Bertino
• 金额: --
• 依托单位: Purdue University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2007
• 资助国家: 美国
• 起止时间: 2007-08-01 至 2011-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0712846&HistoricalAwards=false
• 关键词: IPS; Security; Services; Healthcare; Applications

The goal of the project is to develop an approach to the problem of security and privacy for eHealth applications based on policy-driven security services. The project achieves its goal using the following approaches: (1) Develop an architectural framework supporting the interoperation of security services. The framework combines the service oriented architecture paradigm with the event-based model and also includes a context-management service; (2) Develop an identity management service based on the life-cycle of digital identities;(3) Develop an authentication service supporting multi-factor authentication policies;(4) Develop a privacy-aware role-based access control (RBAC) service able to support content-based authorization;(5) Develop policy modularization and policy activation/deactivation mechanisms to support emergency situations and the ''break-the-glass'' principle that are relevant for eHealth applications; and (6) Prototype the framework and the services and integrate them with a Web-based prototype of a Personal Health Record (PHR) management system being developed by one of the Co-PIs.The results of the project will benefit the IT providers of eHealth solutions by offering enhanced architectural solutions for security and privacy, as well as insights about their complexity, their manageability and their interoperability. The results will provide useful insights for those eHealth IT providers wanting to evaluate the feasibility of the ''Software As A Service'' (SAAS) model for security and privacy, as well as for IT security managers of caregiver organizations. This project supports Ph.D and master students to pursue research in security architectures and services, and in advanced IT systems for eHealth. Several course modules will be developed based on the project results, including modules on: HIPAA - Security and Privacy Requirements; Security Architectures for eHealth; Security as a Service - Concepts, Architectures, and Techniques. Publications, technical reports, and software from this research will be disseminated via the project web site (http://www.cs.purdue.edu/homes/bertino/IIS-eHealth)

该项目的目标是开发一种方法，以解决基于政策驱动的安全服务的电子健康应用程序的安全和隐私问题。该项目通过以下方法实现其目标：（1）开发一个支持安全服务互操作的体系结构框架。该框架将面向服务的体系结构范式与基于事件的模型相结合，并包括上下文管理服务：（2）开发基于数字身份生命周期的身份管理服务：（3）开发支持多因素认证策略的认证服务：（4）开发支持基于内容授权的隐私感知的基于角色的访问控制（RBAC）服务;（5）制定政策模块化和政策启动/停用机制，以支持紧急情况和与电子保健应用相关的“打破玻璃”原则;及（6）建立架构和服务的原型，并将其与一个由其中一间合作机构开发的个人健康纪录管理系统的网上原型整合，该项目的结果将有利于电子健康解决方案的IT供应商，提供增强的安全和隐私架构解决方案，以及对其复杂性，可扩展性和互操作性的见解。这些结果将为那些希望评估“软件即服务”（SAAS）安全和隐私模型的可行性的电子健康IT提供商以及护理人员组织的IT安全经理提供有用的见解。 该项目支持博士和硕士生从事安全架构和服务以及电子健康先进IT系统的研究。将根据项目结果开发几个课程模块，包括以下模块：HIPAA -安全和隐私要求;电子保健安全架构;安全即服务-概念、架构和技术。本研究的出版物、技术报告和软件将通过项目网站（http：//www.cs.purdue.edu/homes/bertino/IIS-eHealth）传播。