IPS: Security Services for Healthcare Applications

IPS：医疗保健应用程序的安全服务

• 批准号: 0712846
• 负责人: Elisa Bertino
• 金额: --
• 依托单位: Purdue University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2007
• 资助国家: 美国
• 起止时间: 2007-08-01 至 2011-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0712846&HistoricalAwards=false
• 关键词: IPS; Security; Services; Healthcare; Applications

The goal of the project is to develop an approach to the problem of security and privacy for eHealth applications based on policy-driven security services. The project achieves its goal using the following approaches: (1) Develop an architectural framework supporting the interoperation of security services. The framework combines the service oriented architecture paradigm with the event-based model and also includes a context-management service; (2) Develop an identity management service based on the life-cycle of digital identities;(3) Develop an authentication service supporting multi-factor authentication policies;(4) Develop a privacy-aware role-based access control (RBAC) service able to support content-based authorization;(5) Develop policy modularization and policy activation/deactivation mechanisms to support emergency situations and the ''break-the-glass'' principle that are relevant for eHealth applications; and (6) Prototype the framework and the services and integrate them with a Web-based prototype of a Personal Health Record (PHR) management system being developed by one of the Co-PIs.The results of the project will benefit the IT providers of eHealth solutions by offering enhanced architectural solutions for security and privacy, as well as insights about their complexity, their manageability and their interoperability. The results will provide useful insights for those eHealth IT providers wanting to evaluate the feasibility of the ''Software As A Service'' (SAAS) model for security and privacy, as well as for IT security managers of caregiver organizations. This project supports Ph.D and master students to pursue research in security architectures and services, and in advanced IT systems for eHealth. Several course modules will be developed based on the project results, including modules on: HIPAA - Security and Privacy Requirements; Security Architectures for eHealth; Security as a Service - Concepts, Architectures, and Techniques. Publications, technical reports, and software from this research will be disseminated via the project web site (http://www.cs.purdue.edu/homes/bertino/IIS-eHealth)

该项目的目的是为基于政策驱动的安全服务的EHealth应用程序开发一种解决安全性和隐私问题的方法。该项目使用以下方法实现其目标：（1）开发一个支持安全服务互动的建筑框架。该框架将面向服务的体系结构范式与基于事件的模型相结合，还包括上下文管理服务； (2) Develop an identity management service based on the life-cycle of digital identities;(3) Develop an authentication service supporting multi-factor authentication policies;(4) Develop a privacy-aware role-based access control (RBAC) service able to support content-based authorization;(5) Develop policy modularization and policy activation/deactivation mechanisms to support emergency situations and the ''break-the-glass'' principle that are relevant for eHealth申请； （6）原型框架和服务原型，并将其与基于网络的个人健康记录（PHR）管理系统的原型集成在一起，该系统由一个共同案例之一开发。该项目的结果将使EHEADHE Solutions的IT提供商受益，通过为安全和隐私提供增强的建筑解决方案，以确保安全和隐私，并了解其复杂性，以及他们的管理性，以及他们的管理性，以及他们的管理性。结果将为希望评估“软件作为服务”（SaaS）模型的安全性和隐私模型以及Caregiver组织的IT安全经理评估“软件”（SaaS）模型的可行性提供有用的见解。 该项目支持博士学位和大师级学生在安全体系结构和服务方面进行研究，以及用于EHealth的高级IT系统。将根据项目结果开发几个课程模块，包括：HIPAA-安全性和隐私要求； eHealth的安全体系结构；安全作为服务 - 概念，体系结构和技术。该研究的出版物，技术报告和软件将通过项目网站（http://www.cs.purdue.edu/homes/bertino/iis-ehealth）进行传播。