Security models and requirements for healthcare application clouds

Proceedings - 2010 IEEE 3rd International Conference on Cloud Computing, CLOUD 2010

Volumn , Issue , 2010, Pages 268-275

  Zhang, Rui ^a,b   Liu, Ling ^b  

^a Georgia Institute of Technology   (United States)

^b BEIJING JIAOTONG UNIVERSITY   (China)

Author keywords

Cloud computing; EHR; Healthcare; Privacy; Security

Indexed keywords

ACADEMIC COMMUNITY; CLOUD COMPUTING; CORE COMPONENTS; EHR; ELECTRONIC HEALTH RECORD; HEALTH CARE APPLICATION; HEALTHCARE INDUSTRY; PRIVACY; REFERENCE MODELS; SECURITY; SECURITY AND PRIVACY ISSUES; SECURITY COUNTERMEASURES; SECURITY GUARDS; SECURITY ISSUES; SECURITY MODEL;

CLOUDS; MODELS; RECORDS MANAGEMENT;

GRID COMPUTING;

EID: 77957968012     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CLOUD.2010.62     Document Type: Conference Paper

References (22)

1. ANSI, ISO/TS 18308 Health Informatics-Requirements for an Electronic Health Record Architecture, ISO 2003.
2. R. Bakker, B. Barber, R. Tervo-Pellikka, A.Treacher, (eds.), Communicating Health Information in an Insecure World, in: Proceedings of the Helsinki Working Conference. 43:1, 1995. 2.
3. B. Barber, D. Garwood, P. Skerman, In: Security in Hospital Information Systems, Security and data protection programme presented at the IMIA WH10 Working conference, Durham. 1994.
4. S. M. Furnell, P.W. Sanders, Security management in the health-care environment, in: R.A. Greenes, H.E. Peterson, D.J. Protti, (eds.), MEDINFO '95, Proceedings of the eighth World Congress on Medical Informatics. Canada. p. 675-678.
5. A. Patel, I. Kantzavelou, Implementing network security guidelines in health-care information systems. In: MEDINFO '95. Proceedings of the eighth World Congress on Medical Informatics. Vancouver Trade and Convention Centre, Canada. p. 671-674.
6. D. Garets and M. Davis, A HIMSS Analytics White Paper. Electronic Medical Records vs. Electronic Health Records: Yes, There Is a Difference. January 26, 2006http://www.himssanalytics.org/docs/wp-emr-ehr.pdf.
7. H. Linden, D. Kalra, A. Hasman, J. Talmon. Inter-organization future proof HER systems-A review of the security and privacy related issues. International Journal of Medical Informatics, 78(2009), 141-160.
8. J. Jin, G.-J. Ahn, H. Hu, M. J. Covington, and X. Zhang. Patient-centric Authorization Framework for Sharing Electronic Health Records. Symposium on Access Control Models and Technologies, Proceedings of the 14th ACM symposium on Access control models and technologies, 2009, 125-134.
9. Science Applications International Corporation (SAIC). Role-Based Access Control (RBAC) Role Engineering Process Version 3.0. 11 May 2004.
10. A. Mohan, D. M. Blough, An Attribute-Based Authorization Policy Framework with Dynamic Conflict Resolution, Proceedings of the 9th Symposium on Identity and Trust on the Internet, 2010.
11. M. Hagner. Security infrastructure and national patent summary. In Tromso Telemedicine and eHealth Conference, 2007.
12. A. Harrington, C. Jensen. Cryptographic access control in a distributed file system. Proceedings of the eighth ACM symposium on Access control models and technologies, 2003, 158-165.
13. S. G. Akl and P. D. Taylor. Cryptographic solution to a problem of access control in a hierarchy. ACM Transactions on Computer Systems, 1(3):239-248, August 1983.
14. W.-G. Tzeng, A Time-Bound Cryptographic Key Assignment Scheme for Access Control in a Hierarchy, IEEE Trans. On Knowl. and Data Eng., 14(1), 182-188, 2002.
15. D. Chaum and E. van Heyst. Group signatures. Advances in Cryptology - EUROCRYPT '91, volume 547 of Lecture Notes in Computer Science. 1991, pp. 257-265.
16. G. Ateniese, J. Camenisch, M. Joye, et al. A practical and provably secure coalition-resistant group signature scheme. Advances in Cryptology-CRYPTO, LNCS 1880. Heidelberg: Springer-Verlag, 2000.
17. D. Boneh, X. Boyen, H. Shacham. Short Group Signatures. In proceedings of CRYPTO '04, LNCS series, 41-55.
18. D. Boneh and H. Shacham. Group signatures with verifier-local revocation. Conference on Computer and Communications Security, Proceedings of the 11th ACM conference on Computer and communications security, Washington DC, USA, 168 - 177.
19. R. Rivest, A. Shamir, and Y. Tauman. How to leak a secret, ASIACRYPT 2001. Volume 2248, 552-565.
20. Y. Desmedt. Threshold cryptography, European Transactions on Telecommunications, 5(4), 1994.
21. D. Chaum. Security without identification: transaction systems to make big brother obsolete. Communications of the ACM, October 1985, 28 (10): 1030-1044.
22. J. Camenisch, E. V. Herreweghen. Design and implementation of the idemix anonymous credential system. Proceedings of the 9th ACM conference on Computer and communications security, 2002, 21-30.