1 / 7

Security Issues for Bioinformatics

Security Issues for Bioinformatics. Prof. Steven A. Demurjian, Sr. Director, CSE Graduate Program Computer Science & Engineering Department The University of Connecticut 191 Auditorium Road, Box U-155 Storrs, CT 06269-3155. steve@engr.uconn.edu http://www.engr.uconn.edu/~steve

jiro
Télécharger la présentation

Security Issues for Bioinformatics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Issues for Bioinformatics Prof. Steven A. Demurjian, Sr. Director, CSE Graduate Program Computer Science & Engineering Department The University of Connecticut 191 Auditorium Road, Box U-155 Storrs, CT 06269-3155 steve@engr.uconn.edu http://www.engr.uconn.edu/~steve http://www.engr.uconn.edu/~steve/DSEC/dsec.html (860) 486 - 4818

  2. Medical Informatics • Security Requirements for Medical Records • Privacy vs. Availability • All Aspects of Security for Medical Information • Treatment and Long-Term Care • Insurance Claims and Future Insurability • Nationalization of Medical Information • Critical Aspect of Dynamic Coalition Problem (DCP) • DCP - Security, Resource, and Information Sharing Risks for Alliance of Governmental, Military, Civilian, and International Organizations • Bring Together Divergent Requirements to Support Life-Threatening Situation • Rapid Availability of Patient Data in Emergency Situations

  3. Dynamic Coalitions for Medical Informatics Smallpox Outbreak in U.S. Transportation Military Medics Red Cross Govt. Pharma. Companies Local Health Care CDC Govt. MDs w/o Borders EMTs RNs GOALS: Securely Leverage Information in a Fluid Environment Protect Information While Simultaneously Promoting the Coalition MDs State Health Other

  4. Public Policy on Security • How do we Protect a Person’s DNA? • Who Owns a Person’s DNA? • Who Can Profit from Person’s DNA? • Can Person’s DNA be Used to Deny Insurance? Employment? Etc. • How do you Define Security Limitations/Access? • Can DNA Repositories be Anonymously Available for Medical Research? • Do Societal Needs Trump Individual Rights? • Can DNA be Made Available Anonymously for Medical Research? • International Repository Might Allow Medical Researchers Access to Large Enough Data Set for Rare Conditions (e.g., Orphan Drug Act) • Individual Rights vs. Medical Advances

  5. Security Solutions for Systems/Databases Bayer Pfizer UConn Health Center UConn Storrs Johns Hopkins Yale NIH FDA NSF Info. Sharing - Joint R&D Company and University Partnerships Collaborative Funding Opportunities Retrofit Security Infrastructure Cohesive and Trusted Environment Existing Systems/Databases and New Applications • How do you Protect Commercial Interests? • Promote Research Advancement? Free Read for Some Data/Limited for Other? • Commercialization vs. Intellectual Property? Balancing Cooperation with Propriety

  6. What are Key Security Concepts? • Assurance • Are the Security Privileges for Each User Adequate (and Limited) to Support their Needs? • What Guarantees are Given by the Security Infra-structure regarding Privileges vs. Information? • Consistency • Are the Defined Security Privileges for Each User Internally Consistent? • Least-Privilege Principle: Just Enough Access • Are the Defined Security Privileges for Related Users Globally Consistent? • Mutual-Exclusion: Read for Some-Write for Others • Role-Based Access Control - User Focused • Mandatory Access Control - Data Focused

  7. What are Key Security Concepts? • Authentication • Is the User who S/he Says they are? • Authorization • Does the User have Permission to do what S/he Wants? • Privacy • Is Anyone Intercepting User/Server or User/User Communications? • Enforcement Mechanism • Centralized and Distributed “Code” • Enforces Security Policy at Runtime • For Existing (Retrofit) and New Systems/Clients • Ongoing Research Project in Securityhttp://www.engr.uconn.edu/~steve/DSEC/dsec.html

More Related