Information Sharing and Security in Dynamic Coalitions - PowerPoint PPT Presentation

Loading...

PPT – Information Sharing and Security in Dynamic Coalitions PowerPoint presentation | free to download - id: a9efa-Zjg3Y



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Information Sharing and Security in Dynamic Coalitions

Description:

Relief Hampered by Total Failure of Power, Particularly in New Orleans ... Evacuated Great Distances from their Homes. Difficulty in Tracking Medical Records ... – PowerPoint PPT presentation

Number of Views:122
Avg rating:3.0/5.0
Slides: 70
Provided by: stevenad
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Information Sharing and Security in Dynamic Coalitions


1
Information Sharing and Security in Dynamic
Coalitions
Steven A. Demurjian Computer Science
Engineering Department 371 Fairfield Way, Box
U-2155 The University of Connecticut Storrs,
Connecticut 06269-2155 http//www.engr.uconn.edu/
steve steve_at_engr.uconn.edu
2
Overview of Presentation
  • Introduction and Motivation
  • Preparedness Scenarios (Civilian and Military)
  • The Dynamic Coalition Problem
  • Civilian Organizations
  • Military Involvement/GCCS
  • Information Sharing and Security
  • Federating Resources
  • Database Interoperability
  • Syntax, Semantics, and Pragmatics
  • Data Integrity
  • Access Control
  • Conclusions and Future Work

3
Crisis and Coalitions
  • A Crisis (Event) is Any Situation Requiring
    Regional, National or International Attention as
    Determined by the President of United States/UN
  • A Coalition is an Alliance of Organizations
    Governmental (Federal, State, and Local),
    Military, Civilian, International or Combination
  • A Dynamic Coalition is Formed in a Crisis and
    Changes as Crisis Develops, with the Key Concern
    Being the Most Effective way to Solve the Crisis
  • Dynamic Coalition Problem (DCP) is the Inherent
    Security, Resource, and/or Information Sharing
    Risks that Occur as a Result of the Coalition
    Being Formed Quickly

4
Crises in 2005
  • Tidal Wave in Southeast Asia
  • Hurricanes in US
  • Katrina Louisiana and Mississippi
  • Rita Texas and Louisiana
  • Mudslides in Guatemala
  • Earthquake in Pakistan/India
  • Key Issues for US Crises
  • Both Hurricanes Involved Large Populations of
    Underinsured and Uninsured
  • Rita had Notice Evacuation Hampered/Slow
  • Relief Hampered by Total Failure of Power,
    Particularly in New Orleans
  • Coalitions Difficult to Form and Utilize

5
Crises in 2007
  • October 2007 Fires in Southern California
  • What is the Typical Impacted Family?
  • Middle to Upper Middle Class?
  • Insured vs. Uninsured?
  • Individuals Evacuated Great Distances from their
    Homes
  • Difficulty in Tracking Medical Records
  • Residual Smoke Causing Respiratory Issues
    Elsewhere
  • Impact on Cities and Urban Areas
  • Underinsured and Uninsured Populations
  • Coalition Must Systematically Deal with Both
    Population Groups from the Same Event

6
International Near Simultaneous Crises
Crisis Point
BOSNIA (NATO)
NATO Hq
KOSOVO (US,UK)
Olympic Games
Earthquake (United Nations)
Ship Wreck (UK,SP)
7
Emergent Need for Coalitions
  • Coalitions must be flexible and no one coalition
    is or has the answer to all situations.
  • Secretary of Defense, Donald Rumsfeld
  • Whenever possible we must seek to operate
    alongside alliance or coalition forces,
    integrating their capabilities and capitalizing
    on their strengths.
  • U.S. National Security Strategy
  • Currently, there is no automated capability for
    passing command and control information and
    situational awareness information between nations
    except by liaison officer, fax, telephone, or
    loaning equipment.
  • Undersecretary of Defense for Advanced Technology

8
Dealing with Crises in CT
  • Uninsured/Underinsured Patients are Difficult to
    Manage/Treat from an Informatics Perspective
  • Move from State Agency to Agency
  • Visit Many Diverse Health Care Providers
  • Incomplete/Inconsistent Data for Each Visit
  • Treatment of Chronic Diseases is Difficult
  • Consider Asthma Many Different Types, Treatment
    Plans, Medication Regimes, etc.
  • History, Symptoms, Past Meds, etc., all Vital to
    Deal with Current Problem
  • Problematic with Incomplete/Missing History
  • One Individual at a Time What Happens when
    there is a State-Wide Event that Impacts 10,000?

9
National Preparedness Scenarios
  • Major Events or Natural Disasters that Impact
    Health Care May be Impossible to Handle
  • Various Preparedness Scenarios for
  • Pandemic Influenza
  • Toxic Industrial Chemical Release
  • Earthquake or Major Hurricane
  • Wide Scale Forest Fires (October 2007)
  • Irrespective of Accident or Terrorist Cause
  • These Events Could Result in Respiratory Impact
  • Underinsured/Uninsured Disproportionately
  • Young and Old Populations Vulnerable
  • Correct and Complete Patient Data Vital to Insure
    Timely Treatment/Minimize Deaths

10
Consider Respiratory Event in CT
  • What Happens if there is a Chemical Gas Release
    Off of Route 91 North of Hartford?
  • Deal with Patients with Respiratory Issues
  • Assemble Appropriate Agencies/Personnel
  • Health Infrastructure/Ambulances/ERs
  • Integrate Patient Data from Myriad Sources
  • CT Agencies EPA, Public Safety, PH
  • Gas Cloud Drifting Weather/Wind Forecast
  • Transcend Barriers of
  • HIPAA
  • Disparate Databases from Federal/State Agencies,
    Hospitals, Clinics, Insurers, Pharmacies, etc.

11
Consider Respiratory Event in CT
  • Dealing with Different Patient Populations?
  • Insured Populations
  • Less Dispersed Profile of Medical Visits
  • Easier to Obtain Compete Patient Records
  • Underinsured/Uninsured Populations
  • Varied/Disparate Visit Profile
  • Changing Addresses/Homeless
  • Cycle Among State Agencies, Providers
  • Higher Rates of Respiratory Illnesses
  • Coalitions Need to Deal with All Potential
    Patients
  • Difficulty with Underinsured/Uninsured
    Populations Means Potential for Incorrect Care

12
National Preparedness Scenarios
  • Issued by Homeland Security 15 Scenarios
  • Intended to Assist Federal, State, and Local,
    Govts. and the Private Sector in Preparedness
  • When Event Occurs, Must Deal with Citizens
  • Needing Urgent Medical Treatment
  • Those that Seek Care not Required (in 9/11, this
    was 15 times actual number)
  • Must Deal with Infrastructure Impact
  • Breakdown of Transportation, Communication,
    Medical/Utility Infrastructure, etc.
  • Issue for 9/11 Catastrophe for Katrina
  • Potential for International Assistance as Well

13
Mission Areas for Scenarios
  • Emergency Assessment/Diagnosis
  • Detect Incident, Determine Impact, Monitor
    Environment, Notify Governments
  • Emergency Management/Response
  • Direct, Control, Coordinate Response
  • Prove Emergency Public Information for
  • Population at Risk
  • Population at Large
  • Incident/Hazard Mitigation
  • Control, Collect, and Contain Incident
  • Public Protection
  • Provide Initial Warnings to at Risk/at Large
  • Shelters, Evacuation, Transportation, etc.

14
Mission Areas for Scenarios
  • Victim Care
  • Treat Victims at Scene, Transport, etc.
  • Treat Patients at Medical Facilities
  • Track and Notify/Security of Evidence
  • Investigation/Apprehension
  • Cause of Attack Even a Gas Leak needs to be
    Checked to Insure NOT Terrorist Act
  • Evidence of Crime Must be Preserved
  • Recovery/Remediation
  • Restore Essential Services, Businesses, Economy,
    Return Evacuees
  • Provide Support for Area, Victims, Long-Term
    Medical Mental Health Services, etc.

15
Scenario 6 Chemical Attack
  • Not Limited to Terrorism Could be Just a Local
    Event at a Chemical Plant or Storage Tank
  • Emergency Assessment/Diagnosis
  • Scope of Gas Release, Prediction of Cloud Path
  • Emergency Management/Response
  • Notify, Evacuate, Assemble Resources
  • Incident/Hazard Mitigation
  • Understand Health Vulnerabilities of Cloud
  • Impact of Rain, Wind, Spraying Foam, etc.
  • Public Protection
  • Cell Phone/Text Message Notification (Storrs)
  • Victim Care
  • Key Issue Also Preventive as Well

16
Scenario 6 Chemical Attack
  • Key Implications
  • 7,000 in Actual Downwind Area
  • Half will Die Before/During Treatment
  • Additional 15 Hospitalization
  • 70,000 Worried Well (Seek/Dont Need Care)
  • Long-Term Carcinogens, Damage to Internal Organs,
    Eyes

17
Scenario 10 Natural Disaster
  • Emergency Assessment/Diagnosis
  • Direct Impact (Infrastructure) plus Indirect
    Impact (Causes Another Event)
  • Emergency Management/Response
  • Infrastructure Loss Difficulty in Notification
  • Incident/Hazard Mitigation
  • Wide Range of Potential Hazards
  • Potable Water, Power (Heat), etc.
  • Public Protection
  • Problematic Tied to Advance Warning
  • Victim Care
  • Wide Ranging w.r.t. Diseases/Injuries

18
Scenario 10 Natural Disaster
  • Key Implications Advance Warning
  • Tourists/Residents 48 Hours
  • Massive Evacuation 24 Hours
  • Service Disruptions, Shelters Filled to Capacity,
    Search and Rescue, etc.
  • Potential to Cause Another Event

19
What is the Dynamic Coalition Problem?
  • Dynamic Coalition Problem (DCP) is the Inherent
    Security, Resource, and/or Information Sharing
    Risks that Occur as a Result of the Coalition
    Being Formed Quickly
  • Private Organizations (PVO)
  • Doctors Without Boarders
  • Red Cross
  • Non-Government Organizations (NGO)
  • NYPD
  • Government Agencies
  • FBI
  • CIA
  • Military

20
DC for Military Deployment/Engagement
OBJECTIVES Securely Leverage Information in a
Fluid Environment Protect Information While
Simultaneously Promoting the Coalition Security
Infrastructure in Support of DCP
SICF France
LFCS Canada
HEROS Germany
SIACCON Italy
21
Medical Informatics
  • Security Requirements for Medical Records
  • Privacy vs. Availability
  • All Aspects of Security for Medical Information
  • Treatment and Long-Term Care
  • Insurance Claims and Future Insurability
  • Nationalization of Medical Information
  • Critical Aspect of Dynamic Coalition Problem
    (DCP)
  • DCP - Security, Resource, and Information Sharing
    Risks for Alliance of Governmental, Military,
    Civilian, and International Organizations
  • Bring Together Divergent Requirements to Support
    Life-Threatening Situation
  • Rapid Availability of Patient Data in Emergency
    Situations

22
Dynamic Coalition for Medical Emergency
Transportation
Military Medics
Govt.
Local Health Care
CDC
ISSUES Privacy vs. Availability in Medical
Records Support Life-Threatening Situations via
Availability of Patient Data on Demand
23
DCP Objectives for Crisis
  • Federate Users Quickly and Dynamically
  • Bring Together Resources (Legacy, COTs, GOTs,
    DBs, etc.) Without Modification
  • Dynamically Realize/Manage Simultaneous Crises
  • Identify Users by Roles to Finely Tune Access
  • Authorize, Authenticate, and Enforce a Scalable
    Security Policy that is Flexible in Response to
    Collation Needs
  • Provide a Security Solution that is Portable,
    Extensible, and Redundant for Survivability
  • Include Management/Introspection Capabilities to
    Track and Monitor System Behavior

24
Military Coalition
Resources Provide Services
Clients Using Services
NATO SYS
Federal Agencies (FEMA, FBI, CIA, etc.) Client
COTS
U.S. Army
LFCS (Canada)
Client
U.S. Navy
SICF (France)
Client
French
Air Force
Client
HEROS (Germany)
U.S. Legacy
System
SIACCON (Italy)
NATO
Database
Client
NGO/PVO Resource
German
NGO/PVO (Red Cross, NYPD, etc.) Client
GCCS (US)
COTS
Client
25
Joint and Combined Information Flow
Common Operating Environment
Combined Many Countries
ARMY
Joint Task Force
Adjacent
Marines
Navy
Air Force
Coalition Partners
GCCS-N
GCCS-M
GCCS-AF
JMCIS
TCO
NATO Systems
TBMCS
Coalition Systems
Joint - Marines, Navy, Air Force, Army
26
DCP Combined Information Flow
27
DCP Global Command and Control System
GLOBAL C2 SYSTEMS
MOBILE SUBSCRIBER EQUIPMENT DATA RADIO
SATELLITE
MISSION PLANNING
MET
SUPPORT
INTEL
SATCOM
MANEUVER CONTROL
X X
AIR DEFENSE
ARTY
TOPO
Client/Server
MET
MISSION PLANNING
AIR DEFENCE
SUPPORT
INTEL
X
MANEUVER CONTROL
Client/Server
SATCOM
ARTY
TOPO
Company
AIR DEFENCE
SUPPORT
FBCB2 /EBC
INTEL
Platoon
Client/Server
ARTY
Tactical Internet
MANEUVER CONTROL
BATTLEFIELD C2 SYSTEM EMBEDDED BATTLE COMMAND
SATCOM
FBCB2 /EBC
Squad
MOBILE SUBSCRIBER EQUIPMENT
28
DCP Global Command and Control System
29
DCP Global Command and Control System
Common Operational Picture
30
DCP Objectives for Crisis
  • Federate Users Quickly and Dynamically
  • Personnel Responding to Event
  • Some Known in Advance, Others Dynamic
  • Promote On-Line/Database Interactions
  • Bring Together Resources without Modification
  • Physical Resources/Response Equipment
  • Information Resources Databases and Patient
    Records from Myriad of Sources
  • Monumental Task in Ordinary Situations
  • Dynamically Realize/Manage Simultaneous Crises
  • Event (Hurricane) causes Another (Chemical)
  • Conflicting Resources/Limited Personnel
  • Utilities Always Borrowing Workers

31
Health Care Coalition
32
Combined Information Flow
What is the Information Flow for Chemical Event?
Logistics
Air Defense/Operations
Combined Database
33
Coalition Tracking for CT Event
Common Operational Picture
For CT Events, Need GIS Maps Weather Overlays,
Location of Resources on Maps, etc.
34
DCP Critical Requirements
  • Establish Roles to Information Repositories
  • Responders, Emergency/Medical Personnel ...
  • Coalitions Dynamic Secure/Flexible Access
  • Transcend HIPAA, Other Constraints
  • Time Controllable Access to Information
  • Time Limits on Users and Roles
  • As Event Abates, Access Becomes Stricter
  • Value Based Constraints on Access
  • Multiple Events, Responders Limited Access
  • Difficult to Federate Users and Resources
  • Proprietary Databases in Different Formats
  • Common (Virtual) Information Repository

35
GCCS Shortfalls User Roles
  • Currently, GCCS Users have Static Profile Based
    on Position/Supervisor/Clearance Level
  • Granularity Gives Too Much Access
  • Profile Changes are Difficult to Make - Changes
    Done by System Admin. Not Security Officer
  • What Can User Roles Offer to GCCS?
  • User Roles are Valuable Since They Allow
    Privileges to be Based on Responsibilities
  • Security Officer Controls Requirements
  • Support for Dynamic Changes in Privileges
  • Towards Least Privilege

36
User Roles and Coalitions
  • Emergent Events (Chemical) Requires a Response
  • Some Critical Issues
  • Whos in Charge?
  • Who is Allowed to do What?
  • Who can Mobilize Governmental Resources?
  • Roles can Help
  • Role for Event Commander(s)
  • Roles for Event Participants/Personnel
  • Roles Dictate Control over Resources
  • For Katrina Lack of Leadership Defined Roles
  • Army Corps of Engineers Only Allowed to Repair
    Levees Not Upgrade and Change

37
GCCS Shortfalls Time Controlled Access
  • Currently, in GCCS, User Profiles are Indefinite
    with Respect to Time
  • Longer than a Single Crisis
  • Difficult to Distinguish in Multiple Crises
  • No Time Controllable Access on Users or GCCS
    Resources
  • What can Time Constrained Access offer GCCS?
  • Junior Planners - Air Movements of Equipment
    Weeks before Deployment
  • Senior Planners - Adjustment in Air Movements
    Near and During Deployment
  • Similar Actions are Constrained by Time Based on
    Role

38
Time Controlled Access and Coalitions
  • Multiple Events Require Ability to Distinguish
    Between Roles Based on Time and Crisis
  • Occurrence of Rita (one Event) Impacted the
    Ongoing Event (Katrina)
  • Need to Manage Simultaneous Events w.r.t. Time
  • Different Roles Available at Different Times for
    Different Events
  • Role Might be Finishing in one Event (e.g.,
    First Response Role) and Starting in Another
  • Individual May Play Different Roles in Different
    Event
  • Individual May Play Same Role with Different
    Duration in Time w.r.t. its Activation

39
GCCS Shortfalls Value Based Access
  • Currently, in GCCS, Controlled Access Based on
    Information Values Difficult to Achieve
  • Unlimited Viewing of Common Operational Picture
    (COP)
  • Unlimited Access to Movement Information
  • Attempts to Constrain would have to be
    Programmatic - which is Problematic!
  • What can Value-Based Access Offer to GCCS?
  • In COP
  • Constrain Display of Friendly and Enemy Positions
  • Limit Map Coordinates Displayed
  • Limit Tier of Display (Deployment, Weather, etc.)

40
Value Based Access and Coalitions
  • In Katrina/Rita, What People can See and Do May
    be Limited Based on Role
  • Katrina Responders Limited to Katrina Data
  • Rita Responders Limited to Rita Data
  • Some Responders (Army Corps Engineers) May Need
    Both to Coordinate Activities
  • For Chemical Event Same Issue to Address
  • Within Each Event, Information Also Limited
  • Some Katrina Roles (Commander, Emergency
    Responders, etc.) see All Data
  • Other Katrina Roles Limited (Security Deployment
    Plans Not Available to All)
  • Again Customization is Critical

41
GCCS Shortfalls Federation Needs
  • Currently, GCCS is Difficult to Use for DCP
  • Difficult to Federate Users and Resources
  • U.S. Only system
  • Incompatibility in Joint and Common Contexts
  • Private Network (Not Multi-Level Secure)
  • What are Security/Federation Needs for GCCS?
  • Quick Admin. While Still Constraining US and
    Non-US Access
  • Employ Middleware for Flexibility/Robustness
  • Security Definition/Enforcement Framework
  • Extend GCCS for Coalition Compatibility that
    Respects Coalition and US Security Policies

42
Federated Resources
43
Federation Needs and Coalitions
  • Katrina
  • Devastated Basic Communication at All Levels
  • There was No Need to Federate Computing Systems
    at Crisis Location with No Power, etc.
  • Rita
  • Event Known Well in Advance Didnt Prevent
  • Disorganized Evacuation, Running out of Fuel
  • 10 Hour Highway Waits
  • Federation Must Coordinate Critical Resources
  • 9/11 Drop in Casualties was Database Problem
  • Multiple DBs, Bad/Inconsistent Data, etc.
  • Moral If it Can go Wrong, it Will Go Wrong

44
Database Interoperability
  • Federation of Resources Requires Database
    Interoperability to be Addressed
  • Multiple DB Platforms (Oracle, Sybase, Informix)
  • Incompatibility of Information
  • Different DB Schemas that Contain Same
    Information Expressed in Different Tables
  • Often Un-Normalized
  • Inconsistency of Information
  • Grid Coordinates with Different Meanings
  • True North vs. Magnetic North
  • Miles vs. Kilometers (US NATO)
  • Integration of Heterogeneous DB has Been
    Long-Standing Research Area - Today Leveraging XML

45
Database Interoperability Requirements
Oracle Sybase
Informix
46
Info Sharing/Access Potential Pitfalls
  • Dealing with Information at Different Levels
  • Syntax Format of Information
  • Semantics Meaning of Information
  • Pragmatics Usage of Information
  • When Unifying Databases/Information Repositories,
    Must Address all Three!
  • Data Integrity and Data Security
  • Correct and Consistent Values
  • Assurance in All Secure Accesses
  • Alternative Access Control Models
  • Issues for Federating Information Repositories

47
Syntactic Considerations
  • Syntax is Structure and Format of the Information
    That is Needed to Support a Coalition
  • Incorrect Structure or Format Could Result in
    Simple Error Message to Catastrophic Event
  • For Sharing, Strict Formats Need to be Maintained
  • Health Care Data Suffers from Lack of Standards
  • Standards for Diagnosis (Insurance Industry)
  • Emerging Standards Include
  • Health Level 7 (HL7)
  • Based on XML
  • Formats Non-Standard for Different Health
    Organizations, Insurers, Pharmacy Networks, etc.
  • NN Translations Prone to Errors!

48
Syntactic Considerations
  • Syntax is Structure and Format of the Information
    That is Needed to Support a Coalition
  • Incorrect Structure or Format Could Result in
    Simple Error Message to Catastrophic Event
  • For Sharing, Strict Formats Need to be Maintained
  • In US Military, Message Formats Include
  • Heading and Ending Section
  • United States Message Text Formats (USMTF)
  • 128 Different Message Formats
  • Text Body of Actual Message
  • Problem Formats Non-Standard Across Different
    Branches of Military and Countries

49
Semantics Concerns
  • Semantics (Meaning and Interpretation)
  • NATO and US - Different Message Formats
  • Distances (Miles vs. Kilometers)
  • Grid Coordinates (Mils, Degrees)
  • Maps (Grid, True, and Magnetic North)
  • What Can Happen in Health Care Data?
  • Possible to Confuse Dosages of Medications?
  • Weight of Patients (Pounds vs. Kilos)?
  • Measurement of Vital Signs?
  • Dana Farber Chemo Death Checks/Balances
  • What Others are Possible?

50
Syntactic Semantic Considerations
  • Whats Available to Support Information Sharing?
  • How do we Insure that Information can be
    Accurately and Precisely Exchanged?
  • How do we Associate Semantics with the
    Information to be Exchanged?
  • What Can we Do to Verify the Syntactic Exchange
    and that Semantics are Maintained?
  • Can Information Exchange Facilitate Federation?
  • Can this be Handled Dynamically?
  • Or, Must we Statically Solve Information Sharing
    in Advance?

51
Pragmatics Considerations
  • Pragmatics Require that we Totally Understand
    Information Usage and Information Meaning
  • What are the Critical Information Sources?
  • How will Information Flow Among Them?
  • What Systems Need Access to these Sources?
  • How will that Access be Delivered?
  • Who (People/Roles) will Need to See What When?
  • How will What a Person Sees Impact Other Sources?
  • Focus on Way that Information is Utilized and
    Understood in its Specific Context
  • Can Medical Info be Misused even if Understood?

52
Pragmatics Issues
  • Pragmatics - The Way that Information is Utilized
    and Understood in its Specific Context
  • For Example, in GCCS

53
Information Pragmatics Considerations
  • Pragmatics in Military-Led Coalition
  • For CT Events, Coalition will have Similar
    Complex Structure
  • Many Different Systems
  • Alternative Communication Paths
  • Policies in Regards to Data Sharing
  • Interacting Databases Under Control (State
    Agencies) and External (Others)
  • Infrastructure (Power, Water, etc.) Concerns

54
Integrity Confidence in Information Content
  • Concerns Consistency, Accuracy, Reliability
  • Accidental Errors All too Prevalent
  • Crashes, Concurrent Access, Logical Errors
  • Actions
  • Integrity Constraints (Correct Data Values)
  • GUIs (Correctly Entered Values)
  • Redundancy (Values are Backed Up Offsite 9/11)
  • Malicious Errors - Not Totally Preventable
  • Individuals Seek to Interfere with Coalition
    Operations During Actual Event
  • Actions
  • Authorization, Authentication, Enforcement Policy
  • Concurrent Updates to Backup DBs

55
Security Confidence in Information Access
  • Assurance
  • Do Security Privileges for Each User Support
    their Needs?
  • What Guarantees are Given by the Security
    Infrastructure in Order to Attain
  • Safety Nothing Bad Happens During Execution
  • Liveness All Good Things can Happen During
    Execution
  • Consistency
  • Are the Defined Security Privileges for Each User
    Internally Consistent?
  • Are the Defined Security Privileges for Related
    Users Globally Consistent?

56
What are Key Security Concepts?
  • Principal or Subject
  • Entity (Person/Process/etc.) to Which
    Authorizations are Granted
  • Can be a User, User Group, Program, Client,
  • Protected Object (Chunk of Information)
  • Known Object whose Internal Structure is
    Inaccessible Except by Protection System
  • The Unit of Protection
  • For Our Purposes
  • Patient Record, Patient Test, etc.
  • Geographic Database, Weather Map, etc.
  • Glossary from Saltzer and Schroeder, The
    Protection of Information in Computer Systems,
    Proc. of IEEE, Vol. 63, No. 9, September 1975.

57
What are Key Security Concepts?
  • Authentication
  • Proving you are who you are
  • Is the Client who S/he Says they are?
  • Authorization
  • Granting/Denying Access to Information
  • Revoking Access to Information
  • Does the Client have Permission to do what S/he
    Wants?
  • Encryption
  • Establishing Communications so that No One but
    Receiver Gets the Content of the Message
  • Symmetric and Public Key Encryption
  • All Three are Vital for Coalitions/Events

58
What are Key Security Issues?
  • Legal and Ethical Issues
  • Information Must be Protected (e.g., SSN)
  • Information Must be Accessible (e.g., Medical
    Record)
  • Policy Issues
  • Who Can See What Information When?
  • Applications Limits w.r.t. Data vs. Users?
  • Access Control Models
  • Govern the Way that Secure Access of Subjects to
    Objects is Controlled
  • Ranges from User (Roles) to Data Control
  • Also Includes Ability to Delegate Capabilities
    from One User to Another

59
Role Based Access Control
  • What is Role Based Access Control (RBAC)?
  • Roles Provide Means for Permissions to Objects,
    Resources, Based on Responsibilities
  • Users May have Multiple Roles Each with Different
    Set of Permissions
  • Role-Based Security Policy Flexible in both
    Management and Usage
  • Issues for RBAC and DCP
  • Who Creates the Roles?
  • Who Determines Permissions (Access)?
  • Who Assigns Users to Roles?
  • Are there Constraints Placed on Users Within
    Those Roles?

60
Discretionary Access Control
  • What is Discretionary Access Control (DAC)?
  • Restricts Access to Objects Based on the Identity
    of Group and /or Subject
  • Discretion with Access Permissions Supports the
    Ability to Pass-on Permissions
  • DAC and DCP
  • Pass on from Subject to Subject is a Problem
  • Information Could be Passed from Subject (Owner)
    to Subject to Party Who Should be Restricted
  • For Example,
  • Local Commanders Cant Release Information
  • Rely on Discretion by Foreign Disclosure Officer
  • Pass on of DAC Must be Carefully Controlled!

61
Mandatory Access Control
  • What is Mandatory Access Control (MAC)?
  • Restrict Access to Information, Resources, Based
    on Sensitivity Level (Classification) Classified
    Information - MAC Required
  • If Clearance (of User) Dominates Classification,
    Access is Allowed
  • MAC and DCP
  • MAC will be Present in Coalition Assets
  • Need to Support MAC of US and Partners
  • Partners have Different Levels/Labels
  • Need to Reconcile Levels/Labels of Coalition
    Partners (which Include Past Adversaries!)

62
Other Issues
  • Intrusion Detection
  • Not Prevention
  • Intrusion Types
  • Trojan Horse, Data Manipulation, Snooping
  • Defense
  • Tracking and Accountability
  • Survivability
  • Reliability and Accessibility
  • Defense
  • Redundancy
  • Cryptography
  • Fundamental to Security
  • Implementation Details (key distribution)

63
Federating Information Repositories
  • Must Deal with Multiple Repositories/Databases
  • Syntactic, Semantic and Pragmatic Differences
  • Integrity, Consistency, Assurance
  • Different Access Control Models
  • Overcome Physical Issues
  • Private Computer Networks
  • Repositories Behind Firewalls
  • Different Data Formats (Relational vs. OO)
  • Reconcile Legal/Business/Political Issues
  • What Info can be Released (HIPAA)?
  • Is it in my Interest to Release Info (Bus.)?
  • What is the Impact if I Dont (Political)?
  • I Own Data Why should I Share?

64
DCs for Clinical and Translational Science
UConn Storrs
Info. Sharing - Joint RD Support T1, T2, and
Clinical Research Company and University
Partnerships Collaborative Funding
Opportunities Cohesive and Trusted
Environment Existing Systems/Databases and New
Applications
UConn Health Center
Saint Francis, CCMC,
DCF, DSS, etc.
How do you Protect Commercial Interests? Promote
Research Advancement? Free Read for Some
Data/Limited for Other? Commercialization vs.
Intellectual Property? Balancing Cooperation with
Propriety
65
Bioinformatics Public Policy on Security
  • How do we Protect a Persons DNA?
  • Who Owns a Persons DNA?
  • Who Can Profit from Persons DNA?
  • Can Persons DNA be Used to Deny Insurance?
    Employment? Etc.
  • How do you Define Security Limitations/Access?
  • What about i2b2 Informatics for Integrating
    Biology and the Bedside (see https//www.i2b2.org/
    )
  • Scalable Informatics Framework to Bridge
  • Clinical Research Data
  • Vast Data Banks for Basic Science Research
  • Goal Understand Genetic Bases of Diseases

66
Bioinformatics Public Policy on Security
  • Can DNA Repositories be Anonymously Available for
    Medical Research?
  • Do Societal Needs Trump Individual Rights?
  • Can DNA be Made Available Anonymously for Medical
    Research?
  • De-identified Data Repositories
  • Privacy Protecting Data Mining
  • International Repository Might Allow Medical
    Researchers Access to Large Enough Data Set for
    Rare Conditions (e.g., Orphan Drug Act)
  • Individual Rights vs. Medical Advances

67
Our Three-Pronged Security Emphasis
Secure Software Design to Design and Write
Secure Software Programs
AssuranceConsistency Integriy RBAC, DAC,
MAC Safety Liveness
Secure MAC/RBAC Interactions via Middleware in
Distributed Setting
Secure Information Exchange via XML with MAC/RBAC
68
Security for XML Documents
  • Emergence of XML for Document/Information
    Exchange
  • Incorporate RBAC/DAC/MAC into XML for
  • Security of XML Content
  • Applicability to Standards Based on XML
  • An XML Document Appears Differently to Different
    Users Based on Multiple Factors
  • Filter XML Document Depending on user

Security DTDs n Role DTD n User DTD n Constraint
DTD
Security Officer Generates Security XML files
for the Application
Application DTDs and XML
Application
Application DTDs
Appl_Role.xml Appl _User.xml Appl_Constraint.xml
Application XML Files
Users Role Determines the Scope of Access to
Each XML Document
69
Concluding Remarks
  • Dynamic Coalitions are Vital to Deal with Events
    that Require Significant Response in
  • Emergency Personnel
  • Health Care Infrastructure/Treatment
  • Large Numbers of Injured
  • Major Issue for Coalitions
  • Dealing with Collecting Patient Data from Diverse
    Sources
  • Underinsured and Uninsured Populations may be
    More Seriously Impacted
  • Future Collaboration Among Public Health, UCHC,
    CSE, Health Care Providers, Insurers,
About PowerShow.com