Role Based Secure Web Application Framework - PowerPoint PPT Presentation

About This Presentation
Title:

Role Based Secure Web Application Framework

Description:

Outline of the talk. Motivation for the project. Earlier Work. About ... Motivation ... Hence, even if Database is hacked, no direct information retrieved. 05/06 ... – PowerPoint PPT presentation

Number of Views:22
Avg rating:3.0/5.0
Slides: 13
Provided by: ora381
Learn more at: http://cs.uccs.edu
Category:

less

Transcript and Presenter's Notes

Title: Role Based Secure Web Application Framework


1
Role Based Secure Web Application Framework
  • By
  • Kunal Bele

2
Outline of the talk
  • Motivation for the project
  • Earlier Work
  • About the Web-Application
  • Security
  • Basic Architecture
  • Features

3
Motivation for the Project
  • Some web-based medical diagnosis services has
    secure requirements to protect patient data
  • -Neuroguide project sponsored by PEAK Ageing with
    Dr. Sara Quall
  • - HMTR project for rehab
  • - HIPAA (Health Insurance Portability and
  • Accountability Act )

4
Earlier Work
  • Secure Information Sharing (SIS) project by
    Ganesh Godavari which utilized Attribute
    Certificates to Authenticate ROLE-based
    information.
  • ENgine FOR Controlling Emergent (ENforCE)
    Hierarchical Role-Based Access developed by Osama
    Khaleel in his Masters Thesis.

5
HIPAA Policies
  • HIPAA sets forth 3 main security policies
  • 1. Administrative
  • - Access to the health information must be
    restricted to only those employees who have a
    need for it to complete their job function.
  • 2. Physical
  • - Access to hardware and software must be
    limited to properly authorized individuals.
  • 3. Technical
  • - When information flows over open networks,
    some form of encryption must be utilized.

6
Tools for the Project
  • Web Application J2EE
  • Web Server Apache Tomcat
  • Database MySQL
  • Platform - Linux

7
About the Web-Application
  • Application consists of the records of the
    patients their diagnosis
  • Patients data to be stored securely (encrypted)
  • Data to be retrieved depending on the ROLE of the
    person retrieving the data
  • Other data to be kept encrypted/invisible

8
Data Viewed
  • Patients Only their own personal records
  • Doctors All the records of all the patients
  • Research Assistants Only the diagnosis

9
The Framework
  • The Goal
  • - Automating several encryption steps like
    getting client-key, setting attributes,
    encryption technique into an API.
  • Suggestions?

10
Security
  • Two types of security
  • - Username-Password based
  • - Certificate based
  • Which one is more secure?

11
Features
  • Data to be first encrypted then to be stored in
    database. Hence, even if Database is hacked, no
    direct information retrieved.

12
References
  • Osama Khaleel's Master Thesis
  • Secure Web Server with Client Certificate
    Authentication Access Dr. Chow
  • Rights of the Patients
  • HIPAA wiki
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Role Based Secure Web Application Framework" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!