1 / 56

Security Models for Workflow Management in E-Healthcare Enterprise

Outline. Introduction Security models Case Study Implementation of Case Study Summary Future work Publications. Outline. Introduction Security model Case Study Implementation of Case Study Summary Future work Publications. Purpose of project. Choose a security model which is suitable f

ellery
Télécharger la présentation

Security Models for Workflow Management in E-Healthcare Enterprise

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Security Models for Workflow Management in E-Healthcare Enterprise by Lang Zhao Advisor: Dr. Hongmei Chi 11/04/2008

    2. Outline Introduction Security models Case Study Implementation of Case Study Summary Future work Publications

    3. Outline Introduction Security model Case Study Implementation of Case Study Summary Future work Publications

    4. Purpose of project Choose a security model which is suitable for E-healthcare The security model is role-based Roles: patient, physician, administrator…… Develop an access control mechanism based on the security model for E-healthcare Access Control Mechanism is application-based: Application-based: Windows application, Web application

    5. Introduction: E-healthcare What is E-healthcare? E-healthcare a relative term for healthcare practice in electronic processes and communication provides a way for medical informatics, public health and business to be delivered via the Internet. Within E-healthcare the physician can: Access patient’s medical information anywhere Send the patient record and medical information by email Check schedules online Within E-healthcare the patient can: Access his/her medical information Receive records and prescriptions Schedule online appointments with doctors

    6. E-healthcare (cont’d) Why E-healthcare? Popular & Efficient Requirements for E-healthcare Privacy Access control via Internet security standards established by HIPAA

    7. Introduction: Workflow Management What is Workflow Management? A system of overseeing the progress of automated business procedures performed by a company, industry, department or person Why Workflow Management? automatically passes information, documents, and tasks from one employee or machine within a business to another makes efficiency within the business makes it easier to track employee and machine performance

    8. Introduction: my contribution A security model: Role-based access control model is chosen for my case study A prototype of Role-based access control mechanism is developed for my case study

    9. Outline Introduction Security model Case Study Implementation of Case Study Summary Future work Publications

    10. History of Security Models

    11. History of Security Models (Cont’d)

    12. Role-based Access Control Security Model IN RBAC: permissions are organizationally associated with roles users are administratively assigned to appropriate roles

    13. Role-based Access Control Security Model Why RBAC? Provides a means of naming and describing many-to-many relationships between individuals and rights Helps to determine efficiently which permissions are authorized for what users in a large enterprise system Reduces the complexity of the security administration in the large network applications

    14. Role-based Access Control Security Model (Cont’d) suitable for E-healthcare Users can grouped by a role Authorization-to-user Control of protect resources is based on employee function (roles) rather than data ownership Employee in the same role does have the same functions Includes cooperative organizations

    15. Outline Introduction Security models Case Study Implementation of Case Study Summary Future work publications

    16. Workflow for Case Study

    17. Workflow for Case Study

    18. Core RBAC Model in E-healthcare

    19. Outline Introduction Security model Case Study Implementation of Case Study Summary Future work Publications

    20. Open Source Tools Microsoft Visual Studio 2008 the Integrated Development Environment (IDE) Web Application Windows Forms Application Microsoft SQL server 2005 Microsoft SQL Server Management Studio Express (SSMSE) Provides a graphical management tool for SQL Server 2005

    21. Access Control of Case Study Structure of prototype 3-tier Architecture GUI tier Windows forms, Web sites business logic tier Functions data access tier Retrieve data from database From Policy to Role Database Design Applications and Roles

    22. Three-Tier Architecture

    23. From Policy to Role

    24. Database Design (I)

    25. Database Design (II)

    26. Application: Log-in

    27. Applications: Changing Password and Setting Secure Questions

    28. Applications and Roles Administrator Physician Staff Patient

    29. Administrator Role

    30. Administrator: Users Management

    31. Administrator: Roles Management

    32. Administrator: Delegation Management

    33. Administrator: Assignment Patient to Physician

    34. Administrator: Control Panel

    35. Roles and their applications Administrator Physician Staff Patient

    36. Physician Role

    37. Physician: Patient Medical Records

    38. Physician Form

    39. Roles and their applications Administrator Physician Staff Patient

    40. Staff Role

    41. Staff: Operations for Patients

    42. Staff: Operations for Patients (Cont’d)

    43. Clinic Management Form

    44. Roles and their applications Administrator Physician Staff Patient

    45. Patient: Modify personal Information

    46. Patient Website

    47. Outline Introduction Security Models Case Study Implementation of Case Study Summary Future Work Publications

    48. Summary Investigations Research on Workflow Management & Security Models The prototype can be logged in by authorized users The prototype automatically Loges off within a time period The prototype is easy to maintain and expand

    49. Outline Introduction Security models Case Study Implementation of Case Study Future work publication

    50. Future Work More roles will added to the prototype More complex implementation, such as insurance and billing information A mechanism to encrypt the password

    51. Outline Introduction Security models Case Study Implementation of Case Study So far and future work publication

    52. Publication Hongmei Chi, Lang Zhao, “A conceptual model to support the integration of inter-organizational healthcare information systems ”, Winter Simulation Conference, 2007, Page 2368. Implementation of a Security Access Control Model for Inter-Organizational Healthcare Information Systems H. Chi, E. Jones and L. Zhao IEEE APSCC 2008, December 9-12, 2008, Yilan, Taiwan

    53. Work Breakdown Structure (WBS) See “Thesis of lang.gan” created by a tool: GanttProject

    54. Questions

    55. References [1] E. Weippl, A. Holzinger, A. M. Tjoa, “Security aspects of ubiquitous computing in health care”, e & i Elektrotechnik und Informationstechnik, Volume 123, Number 4 / April, 2006, 156-161 [2] Dickson K.W. Chiu, S.C. Cheung and Sven Till, Kamalakar Karlapalem, Qing Li Eleanna Kafeza, “Workflow View Driven Cross-Organizational Interoperability in a Web Service Environment”, Information Technology and Management 5, 2004, 221–250 [3] “What is e-healthcare?”, http://en.wikipedia.org/wiki/EHealth#Definitions [4] Edward A. Stohr, J. Leon Zhao, “Workflow Automation: Overview and Research Issues”, Information Systems Frontiers 3:3, 2001, Pages 281–296 [5] Elisa Bertino, “Access Control Models”, CERIAS and CS &ECE Departments, Purdue University [6] John A. Miller, Mei Fan, Shengli Wu, Ismailcem B. Arpinar, Amit P.Sheth, Krys J. Kochut, “Security for the METEOR Workflow Management System”, Large Scale Distributed Information Systems Lab (LSDIS), Department of Computer Science, the University of Georgia,http://LSDIS.cs.uga.edu

    56. References [7] David Ferraiolo, Richard Kuhn, “Role-based Access Controls”, National Institute of Standards and Technology, Technology Administration, U.S. Department of Commerce http://csrc.nist.gov/rbac/Role_Based_Access_Control-1992.html [8] R. K. Thomas, R. S. Sandhu, “Task-based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-oriented Authorization Management”, Proceedings of the IFIP WG11.3 Workshop on Database Security, Lake Tahoe, California, August 11-13, 1997 [9] Patrick Brézillon1 and Ghita Kouadri Mostéfaoui, “Context-Based Security Policies: A New Modeling Approach”, Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops (PERCOMW’04), IEEE, 2004, pages 154 Conference, 2004. COMPSAC 2004. Proceedings of the 28th Annual International, vol. 1, 2004, 72-77. [6] Introduction to web services http://www.w3schools.com/webservices/ws_intro.asp [10] “Core and Hierarchical role based access control (RBAC) profile of XACML v2.0”, OASIS Standard, 1 February 2005, http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-rbac-profile1-spec-os.pdf [11] “What is HIPAA?” http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act

More Related