Threat analysis of online health information system

ACM International Conference Proceeding Series

Volumn , Issue , 2010, Pages

  Nematzadeh, Azadeh ^a   Camp, L Jean ^a  

^a INDIANA UNIVERSITY   (United States)

Author keywords

Information health systems; Privacy; Traitor tracing schemes

Indexed keywords

ELECTRONIC HEALTH RECORD; HEALTH RECORDS; HEALTH SYSTEMS; ONLINE HEALTH INFORMATION; PRIVACY; PRIVACY AND SECURITY; SECURITY AND PRIVACY; THREAT ANALYSIS; TRAITOR-TRACING;

HEALTH; INFORMATION SYSTEMS; INFORMATION USE; MICROARRAYS; ONLINE SYSTEMS; RECORDS MANAGEMENT;

HEALTH RISKS;

EID: 77956287645     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1839294.1839331     Document Type: Conference Paper

References (43)

1. J. Argyrakis, S. Gritzalis, and C. Kioulafas, "Privacy enhancing technologies: a review," pp. 282-287, 2004.
2. A. Becker. A. Arnah, and M. Semi, "Assessing privacy criteria for drm using eu privacy legislation," in Proc. of the 8th ACM workshop on DRM, pp. 77-86, 2008.
3. E. Diehl, "A Four-Layer model for security of digital rights management," in Proc. of the 8th ACM workshop on DRM, pp. 19-28, 2008.
4. S. Kenny, and L. Korba,"Applying digital rights management systems to privacy rights management," Computer and security, vol.21, no.7, pp. 648-664, 2002.
5. A. Cooper and A. Martin." Towards an open, trusted digital rights management platform," in Proc. of the ACM workshop on DRM, pp 79-88, 2006.
6. B. Chor, A. Fait, and M. Naor, " Traitor-tracing," in Proc. of Crypto 94, pp. 257-270, 1994.
7. A. Fiat and T.Tassa, "Dynamic traitor-tracing," J. of Cryptology, vol.14, pp. 211-223, 2001.
8. J M. Noar and B. Pin kas, "Threshold traitor-tracing," in Proc. of the 18th Annual int. cryptology on advances in cryptology, pp. 502-517, 1998.
9. R. Safavi-Naini and Y. wing, "Sequential traitor-tracing," in Proc. of the 20th annual int. cryptology on advances in cryptalogy, pp. 316-332, 2003.
10. E. Young Choi, J. Ycon Hwang and D. Moon Lee, "An anonymous asymmetric public key traitor-tracing scheme," E-Commerce and Web technologies, pp. 104-114, 2003.
11. E. Magkos, P. Kotzanikolaou, and V. Chrissikopoulos, " An asymmetric traceability scheme for copyright protection without trust assumptions," in Proc. of the 2end int. Conf. on Electronic Commerce and Web Technologies, pp. 186-195. 2001.
12. C. Dwork, J. Lotspiech. and M. Naor. "Digital signets: selfenforcing protection of digital information," The 28 annual ACM symp. on theory of computing, pp. 489 - 498, 1996.
13. H. Komaki, Y. Watanabe, G. Hanaoka, and H. mai, "Efficient asymmetric self-enforcement scheme with public traceability," LNCS public key cryptography, pp. 225-239, 2000.
14. M. H. Johnson, "Data hemorrhages in the health-cart sector," forth coming in financial cryptography and data security, 2009.
15. HIPAA of 1996, Public Law 104-191, 104th Congress.
16. O. Gostin, "National health information privacy, regulations under the health insurance portability trod acccaintithility act," J. of the American medical association, vol.285, no.23. pp. 3015-3621, 2001.
17. S. Hoffman and A. Podgurski, "In sickness, health, and cyberspace: protecting the security of electronic private health information," Case legal studies research paper, pp. 06-15, 2006.
18. R. Krishna, K. Kelleher, and E Stahl berg, "Health policy and ethics: patient confidentiality in the research use of clinical medical databases," American J. of public health, vol 97, no.4, 2007.
19. O. Ateniese, R. Curtmola, B. Medeiros, and D. Davis, "Medical information privacy assurance: cryptographic and system aspects," Lecture note in security in communication network, pp. 199-218, 2003.
20. E. Bertino, B.C. Ooi, Y. Yang, and R.H. Deng. "Privacy and ownership preserving of out-sourced medical data," in Proc. of 21st int. data engineering, pp. 521-532, 2005.
21. I. Sweeney, "Computational disclosure control for medical microdata: The datally system," in record linkage techniques workshop, National Academy Press, pp. 442-453, 1999.
22. R. Wash and J. Mackie-Mason, "Incentive-centered design for information security," DIMAC workshop on information security economics, 2007.
23. R. Anderson, F. Bozek, T. Longstaff, W. Meitzler, M. Skroch, and K. V. Wyk, "Research on Mitigating the Insider Threat to Information Systems," 2000.
24. T. Moore and R. Clayton, "The impact of incentives on notice and take-down," 7th Workshop on economics of information security, pp. 25-28, 2008.
25. B. Kobayashi, "Private versus social incentives in cybersecurity," pp 13-28.
26. A. Acquisti and I. Grossklags, "Losses, gains, and hyperbolic discounting: an experimental approach to information security attitudes and behaviors," Second workshop on the economics of information security, 2003.
27. J. Grossklags and A. Acquisti, "When 25 cents is too much: an experiment on willingness-to-sell and willingness-toprotect personal information," 6th workshop on economics of information security, 2007.
28. S. Romanosky, R. Telang, and A. Acquisti, "Do data breach disclosure laws reduce identity theft?," Economics of information security, 2008.
29. D. K. Mulligan, "Information disclosure as a light-weight regulatory mechanism," DIMACS workshop on information security economics, 2007.
30. L. A. Gordon, " An economics perspective on the sharing of information related to security breaches: concepts and empirical evidence," workshop on the economics of information security, 2002.
31. E. Gal and A. Ghose, "The economic consequences of sharing security information," Economics of Information Security, pp. 95-104, 2006.
32. J. P. Choi, C. Fershiman, and N. Gandal, "Network security: vulnerabilities and disclosure policy," Economics of information security, 2007.
33. A. Arora, C. M. Forman, A. Nandkumar and R. Telang, "Competitive and strategic effects in the timing of patch release," 5th workshop on the economics of information security, 2006.
34. B. A. Huberman. E. Mar, and L. R. Fine, "Valuating privacy," 4th workshop on the economics of information security, 2005
35. H. Varian, F. Wallenberg, and G. Woroch, "Who signed up for the do-not-call list?," 3rd workshop on the economics of information security, 2004.
36. R. Bohme and S. Kohlc, "On the viability of privacyenhancing technologies in a self- regulated business-toconsumer market: will privacy remain a luxury good?," 6th workshop on economics of information security, 2007.
37. B. Edelman, "Adverse selection in online trust certifications," 5th workshop on the economics of information security, 2006.
38. J.H. Saltier and M.D. Schroeder, "The protection of information in computer systems," in Proc. of the IEEE. vol.63, no.9, pp. 1278-1308, Sept 1975.
39. B. Hsieh, H. Sun. and T. Hwang. " On the security of some password authentication protocols:' J. of informatica. no 2, pp. 195-204, 2003.
40. A. Kitiyias and M. Yung, " Breaking and repairing asymmetric public-key traitor-tracing," LNCS digital rights management, pp. 32-50, 2003.
41. D. Boneh, G. Crescenzo, R. Ostrovsky, and G. Persiano, "Public Key Encryption with Keyword Search," Advances in Cryptology, pp. 506-522, 2004.
42. J. Brassil, S. Low, N. Maxemchuk, and L. O'Gorman, "Electronic marking and identification techniques to discourage document copying," in Proc. of IEEE INFOCOM, 1994, 3, pp. 1278 -1287.
43. J. Brassil, S. Low, N. Maxemchuk, and L. O'Gorman, "Hiding information in document images," in Proc. of the 29th Annual Conference on Information Sciences and Systems, 1995, pp. 482-489.