医疗系统安全课程规划课件

上传人:桔**** 文档编号:584166787 上传时间:2024-08-30 格式:PPT 页数:109 大小:1.60MB
返回 下载 相关 举报
医疗系统安全课程规划课件_第1页
第1页 / 共109页
医疗系统安全课程规划课件_第2页
第2页 / 共109页
医疗系统安全课程规划课件_第3页
第3页 / 共109页
医疗系统安全课程规划课件_第4页
第4页 / 共109页
医疗系统安全课程规划课件_第5页
第5页 / 共109页
点击查看更多>>
资源描述

《医疗系统安全课程规划课件》由会员分享,可在线阅读,更多相关《医疗系统安全课程规划课件(109页珍藏版)》请在金锄头文库上搜索。

1、醫療系統安全課程規劃週次日期題目週次日期 題目12/27Overview104/30Seminar-6(台大)23/5醫療資訊趨勢資訊安全專有名詞115/7Seminar-4(三總)33/12醫療資訊安全125/143.醫療資訊安全問題43/19隱私權醫療資訊趨勢專有名詞135/212.醫療資料流程及醫療資訊系統架構53/26Seminar-1(北醫)145/284.醫療資訊身份識別及RFID應用64/2Seminar-2(HCA)156/45.醫療資訊存取控制74/9Seminar-3 (HIPPA) 166/116.醫療資訊安全系統84/161.醫院組織架構及經營方略(醫療品質)176/1

2、8專題報告?94/23Seminar-5(長庚)186/25期末考1医疗系统安全课程规划醫療系統安全課程第16週規劃6/18總結專題報告?XX醫院/醫學中心醫療資訊安全系統設計資訊安全通訊期刊邀稿整合醫療資訊安全系統報告?HIE Security and Privacy through IHESecurity and Authorization Issues in HL7 Electronic Health Records: A Semantic Web Services Based Approach2医疗系统安全课程规划第一組萬芳醫院姓名3/26-北醫:臺北醫學大學副院長劉立博士(第1組)4

3、/2-HCA:鉅仁科技副總彭振興博士(第2組)4/9-HIPPA:中研院資訊所王大為博士(第3組)4/23-長庚:長庚醫院何國豪特助(第5組)4/30-台大:臺大醫院鄭伯勳博士(第6組)5/7-三總:三軍總醫院資訊室黃援傑主任(第4組)3.醫療資訊安全問題(5/14)2.醫療資料流程及醫療資訊系統架構(5/21)4.醫療資訊身份識別及RFID應用(5/28)5.醫療資訊存取控制(6/4)6.醫療資訊安全系統(6/11)專題總結報告?(6/18)江宗儫*1.心得?2.提問提問+?分提問+?分提問+?分提問+?分提問+?分報告?檔案報告?檔案陳朝麟1.心得?2.提問提問+?分提問+?分提問+?分提

4、問+?分提問+?分報告?檔案報告?檔案張鉦堅1.心得?2.提問提問+?分提問+?分提問+?分提問+?分提問+?分報告?檔案報告?檔案洪懿文1.心得?2.提問提問+?分提問+?分提問+?分提問+?分提問+?分報告?檔案報告?檔案林惠萍1.心得?2.提問提問+?分提問+?分提問+?分提問+?分提問+?分報告?檔案報告?檔案陳憶萱1.心得?2.提問提問+?分提問+?分提問+?分提問+?分提問+?分報告?檔案報告?檔案3医疗系统安全课程规划第二組振興醫院姓名3/26-北醫:臺北醫學大學副院長劉立博士(第1組)4/2-HCA:鉅仁科技副總彭振興博士(第2組)4/9-HIPPA:中研院資訊所王大為博士(第

5、3組)4/23-長庚:長庚醫院何國豪特助(第5組)4/30-台大:臺大醫院鄭伯勳博士(第6組)5/7-三總:三軍總醫院資訊室黃援傑主任(第4組)3.醫療資訊安全問題(5/14)2.醫療資料流程及醫療資訊系統架構(5/21)4.醫療資訊身份識別及RFID應用(5/28)5.醫療資訊存取控制(6/4)6.醫療資訊安全系統(6/11)專題總結報告?(6/18)汪靖軒*提問+?分1.心得?2.提問提問+?分提問+?分提問+?分提問+?分徐健豪提問+?分1.心得?2.提問提問+?分提問+?分提問+?分提問+?分張博硯提問+?分1.心得?2.提問提問+?分提問+?分提問+?分提問+?分曾國揚提問+?分1.

6、心得?2.提問提問+?分提問+?分提問+?分提問+?分洪銘聰提問+?分1.心得?2.提問提問+?分提問+?分提問+?分提問+?分4医疗系统安全课程规划第三組馬階醫院姓名3/26-北醫:臺北醫學大學副院長劉立博士(第1組)4/2-HCA:鉅仁科技副總彭振興博士(第2組)4/9-HIPPA:中研院資訊所王大為博士(第3組)4/23-長庚:長庚醫院何國豪特助(第5組)4/30-台大:臺大醫院鄭伯勳博士(第6組)5/7-三總:三軍總醫院資訊室黃援傑主任(第4組)3.醫療資訊安全問題(5/14)2.醫療資料流程及醫療資訊系統架構(5/21)4.醫療資訊身份識別及RFID應用(5/28)5.醫療資訊存取控

7、制(6/4)6.醫療資訊安全系統(6/11)專題總結報告?(6/18)翁雋傑*提問+?分提問+?分1.心得?2.提問?提問+?分提問+?分提問+?分檔案檔案檔案黃敬淵提問+?分提問+?分1.心得?2.提問提問+?分提問+?分提問+?分報告檔案檔案檔案黃士瑋提問+?分提問+?分1.心得?2.提問提問+?分提問+?分提問+?分檔案報告檔案檔案陳建文提問+?分提問+?分1.心得?2.提問提問+?分提問+?分提問+?分檔案檔案報告檔案邵書毅提問+?分提問+?分1.心得?2.提問提問+?分提問+?分提問+?分檔案檔案檔案5医疗系统安全课程规划第四組義守醫院姓名3/26-北醫:臺北醫學大學副院長劉立博士(

8、第1組)4/2-HCA:鉅仁科技副總彭振興博士(第2組)4/9-HIPPA:中研院資訊所王大為博士(第3組)4/23-長庚:長庚醫院何國豪特助(第5組)4/30-台大:臺大醫院鄭伯勳博士(第6組)5/7-三總:三軍總醫院資訊室黃援傑主任(第4組)3.醫療資訊安全問題(5/14)2.醫療資料流程及醫療資訊系統架構(5/21)4.醫療資訊身份識別及RFID應用(5/28)5.醫療資訊存取控制(6/4)6.醫療資訊安全系統(6/11)專題總結報告?(6/18)陳思彤提問+?分提問+?分提問+?分提問+?分提問+?分提問+?分檔案陳雅芝提問+?分提問+?分提問+?分提問+?分提問+?分提問+?分檔案黃

9、熙博提問+?分提問+?分提問+?分提問+?分提問+?分提問+?分檔案劉于淑提問+?分提問+?分提問+?分提問+?分提問+?分1.心得2.提問+?分報告檔案黃語萱*提問+?分提問+?分提問+?分提問+?分提問+?分提問+?分檔案6医疗系统安全课程规划第五組三軍總醫院姓名3/26-北醫:臺北醫學大學副院長劉立博士(第1組)4/2-HCA:鉅仁科技副總彭振興博士(第2組)4/9-HIPPA:中研院資訊所王大為博士(第3組)4/23-長庚:長庚醫院何國豪特助(第5組)4/30-台大:臺大醫院鄭伯勳博士(第6組)5/7-三總:三軍總醫院資訊室黃援傑主任(第4組)3.醫療資訊安全問題(5/14)2.醫療資

10、料流程及醫療資訊系統架構(5/21)4.醫療資訊身份識別及RFID應用(5/28)5.醫療資訊存取控制(6/4)6.醫療資訊安全系統(6/11)專題總結報告?(6/18)李資理提問+?分提問+?分提問+?分提問+?分提問+?分提問+?分檔案檔案黃玉佩提問+?分提問+?分提問+?分提問+?分提問+?分提問+?分報告檔案檔案何昕宸提問+?分提問+?分提問+?分提問+?分提問+?分提問+?分檔案報告檔案何炳杰提問+?分提問+?分提問+?分提問+?分提問+?分提問+?分檔案檔案程仲駿*提問+?分提問+?分提問+?分提問+?分提問+?分提問+?分檔案檔案7医疗系统安全课程规划第六組台大醫院姓名3/26-

11、北醫:臺北醫學大學副院長劉立博士(第1組)4/2-HCA:鉅仁科技副總彭振興博士(第2組)4/9-HIPPA:中研院資訊所王大為博士(第3組)4/23-長庚:長庚醫院何國豪特助(第5組)4/30-台大:臺大醫院鄭伯勳博士(第6組)5/7-三總:三軍總醫院資訊室黃援傑主任(第4組)3.醫療資訊安全問題(5/14)2.醫療資料流程及醫療資訊系統架構(5/21)4.醫療資訊身份識別及RFID應用(5/28)5.醫療資訊存取控制(6/4)6.醫療資訊安全系統(6/11)專題總結報告?(6/18)李郁玟*提問+?分提問+?分提問+?分提問+?分1.心得?2.提問提問+?分檔案檔案報告檔案張育禎提問+?分

12、提問+?分提問+?分提問+?分1.心得?2.提問提問+?分報告檔案檔案檔案蔡嘉靜提問+?分提問+?分提問+?分提問+?分1.心得?2.提問提問+?分檔案報告*檔案檔案鄭荏任提問+?分提問+?分提問+?分提問+?分1.心得?2.提問提問+?分檔案檔案檔案許巧瑩提問+?分提問+?分提問+?分提問+?分1.心得?2.提問提問+?分檔案檔案檔案鄒芳瑜提問+?分提問+?分提問+?分提問+?分1.心得?2.提問提問+?分檔案檔案檔案8医疗系统安全课程规划第七組長庚醫院姓名3/26-北醫:臺北醫學大學副院長劉立博士(第1組)4/2-HCA:鉅仁科技副總彭振興博士(第2組)4/9-HIPPA:中研院資訊所王大

13、為博士(第3組)4/23-長庚:長庚醫院何國豪特助(第5組)4/30-台大:臺大醫院鄭伯勳博士(第6組)5/7-三總:三軍總醫院資訊室黃援傑主任(第4組)3.醫療資訊安全問題(5/14)2.醫療資料流程及醫療資訊系統架構(5/21)4.醫療資訊身份識別及RFID應用(5/28)5.醫療資訊存取控制(6/4)6.醫療資訊安全系統(6/11)專題總結報告?(6/18)王鐸臻提問+?分提問+?分提問+?分提問+?分提問+?分提問+?分檔案檔案檔案檔案蔣詩慧*提問+?分提問+?分提問+?分提問+?分提問+?分提問+?分檔案報告檔案檔案檔案蔡文瑜提問+?分提問+?分提問+?分提問+?分提問+?分提問+?

14、分報告檔案檔案檔案檔案陳可玗提問+?分提問+?分提問+?分提問+?分提問+?分提問+?分檔案檔案檔案檔案劉信妤提問+?分提問+?分提問+?分提問+?分提問+?分提問+?分檔案檔案報告檔案檔案沈君叡提問+?分提問+?分提問+?分提問+?分提問+?分提問+?分檔案檔案檔案報告檔案9医疗系统安全课程规划第八組台北榮總醫院姓名3/26-北醫:臺北醫學大學副院長劉立博士(第1組)4/2-HCA:鉅仁科技副總彭振興博士(第2組)4/9-HIPPA:中研院資訊所王大為博士(第3組)4/23-長庚:長庚醫院何國豪特助(第5組)4/30-台大:臺大醫院鄭伯勳博士(第6組)5/7-三總:三軍總醫院資訊室黃援傑主任

15、(第4組)3.醫療資訊安全問題(5/14)2.醫療資料流程及醫療資訊系統架構(5/21)4.醫療資訊身份識別及RFID應用(5/28)5.醫療資訊存取控制(6/4)6.醫療資訊安全系統(6/11)專題總結報告?(6/18)廖靜怡*提問+?分提問+?分提問+?分提問+?分提問+?分提問+?分報告*檔案檔案檔案檔案林義軒提問+?分提問+?分提問+?分提問+?分提問+?分提問+?分檔案報告*檔案檔案檔案賴又嘉提問+?分提問+?分提問+?分提問+?分提問+?分1.心得2.提問+?分檔案檔案報告*檔案檔案梁伯瑞提問+?分提問+?分提問+?分提問+?分提問+?分提問+?分檔案檔案檔案報告*檔案簡瑞妤提問+

16、?分提問+?分提問+?分提問+?分提問+?分提問+?分檔案檔案檔案檔案陳昫如提問+?分提問+?分提問+?分提問+?分提問+?分提問+?分檔案檔案檔案檔案10医疗系统安全课程规划醫療系統安全課程第16週規劃6/18總結專題報告?XX醫院/醫學中心醫療資訊安全系統設計資訊安全通訊期刊邀稿整合醫療資訊安全系統報告?HIE Security and Privacy through IHESecurity and Authorization Issues in HL7 Electronic Health Records: A Semantic Web Services Based Approach11医

17、疗系统安全课程规划XX醫院/醫學中心醫療資訊安全系統設計1.醫療資訊安全概論醫療資訊與隱私權重要何謂醫療資訊安全?醫療資訊安全與資訊安全差異?(從資安揭露角度)2.XX醫院/醫學中心醫療資訊安全系統目前醫療資訊系統架構及資安缺口醫療資訊安全需求(機密真確權限不可否認等)未來具有資安功能的醫療資訊系統架構UCAXKMSSAMLXACML3.為確保隱私權應有的醫療資訊安全政策HIPPA4.結論12医疗系统安全课程规划醫療系統安全課程第16週規劃6/18總結專題報告?XX醫院/醫學中心醫療資訊安全系統設計資訊安全通訊期刊邀稿整合醫療資訊安全系統報告?HIE Security and Privacy

18、through IHESecurity and Authorization Issues in HL7 Electronic Health Records: A Semantic Web Services Based Approach13医疗系统安全课程规划資訊安全通訊期刊邀稿資訊安全通訊雜誌係由中華民國資訊安全學會發行之刊物,並定期於每年一月、四月、七月及十月出版資訊安全相關領域之研究論著,每一期將邀請一位GuestEditor針對當期主題進行規劃與邀稿。此期刊並非TSSCI或EI,但為國內資訊安全重要期刊。後進(許建隆教授)目前受邀擔任資訊安全通訊期刊(CommunicationsofCC

19、ISA)2008年10月10日出刊的特約主編,本次期刊主題為醫療資訊安全,涵蓋理論、實務、經驗、政策等相關議題,希冀藉由此期刊之內容,能讓讀者更多涉獵並重視醫療資訊安全。14医疗系统安全课程规划醫療系統安全課程第16週規劃6/18總結專題報告?XX醫院/醫學中心醫療資訊安全系統設計資訊安全通訊期刊邀稿整合醫療資訊安全系統報告?HIE Security and Privacy through IHESecurity and Authorization Issues in HL7 Electronic Health Records: A Semantic Web Services Based Ap

20、proach15医疗系统安全课程规划HIE Security and Privacy through IHEA Healthcare Information Exchange (HIE) is a set of healthcare entities that are cooperating to share healthcare information about common patients. The IHE has proposed that a basic method of providing a HIE is through an infrastructure that allo

21、ws for the sharing of clinical documents about a patient in a way that allows for long term use. This infrastructure is made up of a family of Profiles centered on the Cross-Enterprise Document Sharing (XDS) Profile. This white paper will discuss how an HIE that leverages IHE profiles can protect pa

22、tient privacy and information security.The organizers of the HIE need to implement basic security principals in order to offer a security model to protect the HIE information exchanges. The architecture put forth by IHE is to share discrete information in the form of documents. These documents may b

23、e simple text documents, formatted documents using standards such as PDF, or fully structured and coded using standards such as HL7 CDA. These documents are shared with reference to the individual patient with the expectation that in the future they can be used to provide better healthcare treatment

24、 to that same individual patient.16医疗系统安全课程规划 HIESecurityandPrivacythroughIHEIntroductionScopingSecurityandPrivacyInternationalDataProtectionPrinciplesPoliciesandRiskManagementTechnicalSecurityandPrivacycontrolsApplyingSecurityandPrivacytoanHIEBuildingUponExistingSecurityEnvironmentIHESecurityandPri

25、vacyToolkitIHESecurityandPrivacyControlsConclusion17医疗系统安全课程规划Elements of the health information exchange challengeOpen “governance”Trust relationships among participantsInvolve consumersProvide securityDevelop sustainable fundingProvide capable business services and operationsDevelop technical capa

26、bilities and operations18医疗系统安全课程规划Scoping Security and PrivacyThePolicyEnvironmentismadeupofmanylayersofpolicies.Thesepoliciesworktogetherinahierarchicwaytointerlock.Wewillintroducesomeofthesedifferentlayersinthiswhitepaperandshowhowtheyinfluencethetechnology.InternationalDataProtectionPrinciplesPo

27、liciesandRiskManagementTechnicalSecurityandPrivacycontrols19医疗系统安全课程规划 HIESecurityandPrivacythroughIHEIntroductionScopingSecurityandPrivacyInternationalDataProtectionPrinciplesPoliciesandRiskManagementTechnicalSecurityandPrivacycontrolsApplyingSecurityandPrivacytoanHIEBuildingUponExistingSecurityEnv

28、ironmentIHESecurityandPrivacyToolkitIHESecurityandPrivacyControlsConclusion20医疗系统安全课程规划International Data Protection PrinciplesIn1980,theOrganizationforEconomicCooperationandDevelopment(“OECD”經濟合作暨發展組織 )developedGuidelinesontheProtectionofPrivacyandTransborderFlowsofPersonalData.Theseguidelineswerei

29、ntendedtoharmonizenationalprivacylaws,upholdhumanrights,andpromotethefreeflowofinformationamongits30membercountries.TheOECDguidelineshaveservedasabasisfordataprotectionlawsintheUnitedStates,Europe,Canada,Japan,Australia,andelsewhere.Together,theseprinciplesandlawsprovideausefulframeworkfordeveloping

30、generaldataprotectionrequirementsforhealthinformationsystems.Inthecontextofthispaper,thesedataprotectionprincipleswillbescopedtotheIHErelevantpoliciesandunderstoodinthecontextoftheIHEriskenvironment.ThetechnicalcontrolsthatarerelevanttoIHEaredistilledbelow.21医疗系统安全课程规划22医疗系统安全课程规划 HIESecurityandPriv

31、acythroughIHEIntroductionScopingSecurityandPrivacyInternationalDataProtectionPrinciplesPoliciesandRiskManagementTechnicalSecurityandPrivacycontrolsApplyingSecurityandPrivacytoanHIEBuildingUponExistingSecurityEnvironmentIHESecurityandPrivacyToolkitIHESecurityandPrivacyControlsConclusion23医疗系统安全课程规划Po

32、licies and Risk Management (1/5)IHEsolvesInteroperabilityproblemsviatheimplementationoftechnologystandards.ItdoesnotdefinePrivacyorSecurityPolicies,RiskManagement,HealthcareApplicationFunctionality,OperatingSystemFunctionality,PhysicalControls,orevengeneralNetworkControls.WhileHIEPoliciesandRiskMana

33、gementareoutsideitsscope,IHEdoesrecognizethattheseelementsareanecessarypieceofasystemimplementation.IHEITInfrastructureTechnicalFramework,Volume1:Appendix“L”outlinessomeoftheissuesthatshouldbeevaluatedtobeincludedinthelocalPolicycreationandRiskManagementdecisions.Also,theIHEITInfrastructurePlanningC

34、ommitteehasproducedawhitepaperthatguidesIHEproondetailriskidentificationsotheprofilescanproperlyadviseimplementers.ItisthereforethedutyofsystemimplementerstotakethisguidanceintoaccountaspartoftheirRiskManagementpractices24医疗系统安全课程规划Policies and Risk Management (2/5)Figure 2 shows how the corporate P

35、olices are developed, promulgated, 95 and eventually implemented with varying degrees of automation. Policy enforcement must be a part of this policy lifecycle.25医疗系统安全课程规划Policies and Risk Management (3/5)For example implementers need to be aware of different kinds of policies that need to be harmo

36、nized with local enterprise policies:Policies for who has access to what type of documents in the HIE (Access)Policies for who is allowed to publish documents into the HIE (Write)Policies on the acceptable types of documents in the HIEPolicies that indicate acceptable levels of risk within HIEPolici

37、es that indicate what sanctions will be imposed on individuals that violate the HIE policiesPolicies on training and awarenessPolicies on user provisioning and de-provisioning within affinities (and local operations policy)Policies on emergency mode operationsPolicies on acceptable network use and p

38、rotectionsPolicies on authentication methods that are acceptablePolicies on backup and recovery planningPolicies on acceptable third party accessPolicies on secondary use of the information in the HIEPolicies on the availability of the HIE (is the HIE considered life critical, 115 normal, or low pri

39、ority)Policies for maintenancePolicies for length of time that information will be maintained in the HIEEtc26医疗系统安全课程规划Policies and Risk Management (4/5)These policies are not a flat set, but often can be seen as a cascade. A good example of this is the cascade of policies related to access to a pat

40、ients data. At the Community level could be a Policy with general goals indicating that data is not to be disclosed to a persons neighbor. This is further refined at the Enterprise Policy where a neighbor would be defined given the known population and social norms. This Policy can further be refine

41、d by the patient them-selves in their own privacy consent where specifically a hostile neighbor might be named.An important set of policies are those around emergency modes. There are wide definitions of cases that are often referred to as emergency mode. These emergency modes need to be recognized

42、for the risks they present. When these use cases are factored in up-front the mitigations are reasonable.Natural or man made catastrophic disaster (e.g. Hurricane, Earth Quake) often times additional workforce migrates into the area from other places to help out. These individuals need to quickly be

43、 screened and provisioned with appropriate access.Utility failure (e.g. electric failure) this situation is common and easily handled through uninterruptible power supplies and backup generationIT infrastructure failure (e.g. hard drive crash) this situation is also common and handled through common

44、 infrastructural redundancyNeed to elevate privileges due to a patient emergency, often called break-glass (e.g. nurse needs to prescribe)Need to override a patient specified block due to eminent danger to that patient this override is not a breaking of the policy but is an explicit condition within

45、 the policy.27医疗系统安全课程规划Policies and Risk Management (5/5)Oftentimestheemergencyroomisconsideredasanemergencymode,buttheemergencyroomisreallyanormalmodeforthosescheduledtoworkthere.Whenlookedatasnormalmode,theproperprivilegesandworkflowflexibilitycanbespecified.Policydevelopmentisfrustratedbyapparen

46、tconflictsinpolicies.Theseconflictsareoftensuperficialandcanbeaddressedupfrontoncethedetailsofthepolicyareunderstood.ForexampleinEuropetherearepoliciesthatforbidtherecordingofrace,yetthisisanimportantclinicalattribute.Thissuperficialconflictmightbeaddressedbyrecordinggeneticmarkersinsteadofrace.Anot

47、hergoodexampleofasuperficialpolicyconflictisinrecordsretentionrequirementsatthenationallevelvsatthemedicallevel.Retentionofrecordsisfixedatashortperiodafterdeath,yetifthepatienthasblacklungthentherecordsmustbepreservedwellbeyond.28医疗系统安全课程规划 HIESecurityandPrivacythroughIHEIntroductionScopingSecurity

48、andPrivacyInternationalDataProtectionPrinciplesPoliciesandRiskManagementTechnicalSecurityandPrivacycontrolsApplyingSecurityandPrivacytoanHIEBuildingUponExistingSecurityEnvironmentIHESecurityandPrivacyToolkitIHESecurityandPrivacyControlsConclusion29医疗系统安全课程规划Technical Security and Privacy controls (1

49、/4)Based on the experience of the IHE participants through experience in implementing HIE environments there is a common set of Security and Privacy controls that have been identified. These controls are informed by a combination of the OECD data protection principles, experience with explicit polic

50、ies at HIE implementations, and expectation of general Policies and Security Risk Management.These security and privacy controls can be used to enforce the:1) Accountability Controls The controls that can prove the system is protecting the resources in accordance to the policies. This set of control

51、s includes security audit logging, reporting, alerting and alarming.2) Identification and Authentication Controls The controls that prove that a system or person is who they say that they are. For example: personal interactions, Digital Certificates, security assertions, Kerberos, and LDAP.3) Access

52、 Controls The controls that limit access by an authenticated entity to the information and functions that they are authorized to have access to. These controls are often implemented using Role Based Access Controls.30医疗系统安全课程规划Technical Security and Privacy controls (2/4)4) Confidentiality Controls

53、As sensitive information is created, stored, communicated, and modified; this control protects the information from being exposed. For example: encryption or access controls.5) Data Integrity Controls The controls that prove that the data has not changed in an unauthorized way. For example: digital

54、signatures, secure hash algorithms, CRC, and checksum.6) Non-Repudiation Controls The controls that ensure that an entity can not later refute that they participated in an act. For example author of a document, order of a test, prescribe of a prescription.7) Patient Privacy Controls The controls tha

55、t enforce patient specific handling instructions.8) Availability Controls The controls that ensure that information is available when needed. For example: backup, replication, fault tolerance, RAID, trusted recovery, uninterruptible power supplies, etc. 31医疗系统安全课程规划Technical Security and Privacy con

56、trols (3/4)Forexample:TwooftheOECDdataprotectionprincipalsareSecuritySafeguardsandAccountability.Thiscanbeviewedas:1.SecuritySafeguards:IwanttobesurethedataarenotdisclosedtosomeonewhoshouldntseethemIdentification and Authentication Controls.Access Controls.Confidentiality Controls.PatientPrivacyCont

57、rols.IwanttobesurethedataarenotmodifybysomeonewhodoesnthavetherightforthatIdentification and Authentication Controls.Access Controls.Data Integrity Controls.IwanttobesurethedatacanberetrievewhenneededAvailability Controls(CAI Availability, Confidentiality, and Integrity)(3A Authentication, Authoriza

58、tion, and Accountability)2.Accountability:(more)32医疗系统安全课程规划Technical Security and Privacy controls (4/4)Forexample:TwooftheOECDdataprotectionprincipalsareSecuritySafeguardsandAccountability.Thiscanbeviewedas:1.SecuritySafeguards:(more)2.Accountability:IwanttobesurewhoisdoingactionIdentificationandA

59、uthenticationControls.IwanttoknowwhatisdonebywhoAccountabilityControls.IwanttobesurewhathasbeendonecannotbedeniedNon-RepudiationControlsThese security and privacy controls are not useful without input from the various types of policies that reflect any individual environment and expectation.Wewillas

60、sumeaconservativesetofpoliciesandshowhowthesecontrolscanbeappliedgiventheIHEprofiles.33医疗系统安全课程规划 HIESecurityandPrivacythroughIHEIntroductionScopingSecurityandPrivacyInternationalDataProtectionPrinciplesPoliciesandRiskManagementTechnicalSecurityandPrivacycontrolsApplyingSecurityandPrivacytoanHIEBuil

61、dingUponExistingSecurityEnvironmentIHESecurityandPrivacyToolkitIHESecurityandPrivacyControlsConclusion34医疗系统安全课程规划Applying Security and Privacy to an HIEIHEdoesnotsetpoliciesbutispolicysensitive.Thereforewenowdiscussthepolicyenablingtechnologiesandnotthepoliciesthemselves.Thissectionwillshowhowtheex

62、istingsecuritycontrolsinstandalonesystemareleveragedandextendedwhenconnectingthemintoanHIE1.BuildingUponExistingSecurityEnvironment2.IHESecurityandPrivacyToolkit3.IHESecurityandPrivacyControls 35医疗系统安全课程规划BuildingUponExistingSecurityEnvironment(1/5)The IHE model for participants presumes that clinic

63、al applications in place today include the necessary basic security principles to protect patient data within the entity (e.g. hospital, clinic). These applications currently include controls to authenticate users, to check that the users have rights to perform functionality (e.g. Role-Based-Access

64、Control), and to account for the actions of users within the application. These applications are installed within a facility and that facility has taken care to physically and electronically protect these applications with physical barriers, backup electricity, air-conditioning, backup of data, etc.

65、 For example, these are the types of controls currently required by the CCHIT certification criteria for Ambulatory EMR systems and In-Patient EHR systems in the USA (See http:/).36医疗系统安全课程规划BuildingUponExistingSecurityEnvironment(2/5)The emergence of Personal Health Records may introduce new policy

66、 requirements and controls both at the HIE level and at the local operational policy level and individual participants should take this into account when evaluating their current risk profile. The Personal Health Record is an area that does not have regulatory controls in many countries (e.g. HIPAA

67、has few regulatory controls on the Personal Health Record controlled by the patient).The entities that are joining the HIE have experience in implementing the appropriate policies for their entities and these have driven their choice of security mechanisms and influenced the appropriate implementati

68、on. 37医疗系统安全课程规划BuildingUponExistingSecurityEnvironment(3/5)These entities have some measure of control (there will be variations in the entities) over their users (employees, contractors, patients). These entities understand their environment and have responsibility for implementing the controls fo

69、r the locally appropriate authentication methods (passwords, smartcards, 2-factor token, etc). They can react quickly to provision, suspend, authorize, and de-provision users in a way that is sensitive to the employees rights. As these entities join an HIE the clinical applications that touch the HI

70、E can be seen as being applications at the edge of the entity that are participating in an exchange.As such the edge applications and their architecture need a common set of policies and controls to apply to the edge application, or edge system.38医疗系统安全课程规划BuildingUponExistingSecurityEnvironment(4/5

71、)In healthcare, beyond the basic security principles, we must additionally be sensitive to patient care and safety. The applications closest to the patient are best informed for determining the context of the current situation. It is only at this level that emergency mode can be handled in an expedi

72、ent way (often called break-glass).The IHE model leverages the general security controls available in the edge applications in a complementary way to protect the assets of the HIE. The IHE model is very careful to include security while allowing for flexible and safe provision of healthcare by indiv

73、idual participants.The IHE model reinforces the need for these common basic security functionalities through the definition of the Audit Trail and Node Authentication (ATNA) profile. This same pro that the edge systems are strongly authenticated to the HIE to ensure that only trusted systems are all

74、owed to have access to the HIE. 39医疗系统安全课程规划 HIESecurityandPrivacythroughIHEIntroductionScopingSecurityandPrivacyInternationalDataProtectionPrinciplesPoliciesandRiskManagementTechnicalSecurityandPrivacycontrolsApplyingSecurityandPrivacytoanHIEBuildingUponExistingSecurityEnvironmentIHESecurityandPriv

75、acyToolkitIHESecurityandPrivacyControlsConclusion40医疗系统安全课程规划IHESecurityandPrivacyToolkit(1/6)When implementing an HIE we begin by recognizing that in the current IHE security model the edge application we must meet the necessary general security controls shown above. The IHE models only define the

76、interaction (network protocols) between logical applications and not the behavior within an application (e.g. clinical decision support, medications management). In many cases the choice of implementation for security is application functionality which providesthe control for security and privacy. I

77、n other cases the principle needs to be handled in a general way in the HIE Policy. In both these cases, neither the functionality nor the policies are defined by the IHE profile.This white paper will not fully describe how the IHE profiles satisfy the principle but provide an overview of the profil

78、es and pointers to direct the reader to the individual IHE pro topic within the profile. 41医疗系统安全课程规划IHESecurityandPrivacyToolkit(2/6)The following is a list of IHE profiles that can be leveraged to satisfy security and privacy requirements.Audit Trail and Node Authentication (ATNA)Consistent Time (

79、CT)Basic Patient Privacy Consents (BPPC)Enterprise User Authentication (EUA)Cross-Enterprise User Assertion (XUA)Personnel White Pages (PWP)Digital Signatures (DSG)Notification of Document Availability (NAV)Cross-Enterprise Document Sharing (XDS)Cross-Enterprise Document sharing via Reliable messagi

80、ng (XDR)Cross-Enterprise Document sharing on Media (XDM)42医疗系统安全课程规划IHESecurityandPrivacyToolkit(3/6)Basic SecurityIHE assumes that audit control is the primary control method of accountability enforcement. The pro provides the basic security principle is the Audit Trail and Node Authentication (ATN

81、A) profile. This pro three components that leverage the edge system capabilities. The first part of the ATNA pro an assessment of the edge systems capabilities to enforce the HIE Policies around Authentication and Access Controls.The second part of ATNA is Security Audit Logging. 43医疗系统安全课程规划IHESecu

82、rityandPrivacyToolkit(4/6)The first part of the ATNA pro an assessment of the edge systems capabilities to enforce the HIE Policies around Authentication and Access Controls.The second part of ATNA is Security Audit Logging. The pro a set of security relevant events and a schema for defining what to

83、 capture in the audit when these security relevant events happen. The edge system is expected to support the recording 285 of all of the security relevant events that might happen on the system. Once an event has happened in the HIE, it will be described in detail in an XML schema and communicated t

84、o an Audit Record Repository.44医疗系统安全课程规划IHESecurityandPrivacyToolkit(5/6)The Audit Record Repository is expected to be able to do Filtering, Reporting, Alerting, Alarming, as well as forwarding of events to other HIE system Audit Record Repositories. The more centralized this audit log analysis can

85、 be, the more easily it is to prove accountability across the whole HIE. The Audit Record Repositories can be centralized or distributed. The system used by ATNA allows for one or more Audit Record Repositories in the HIE. Depending on the policies each edge system may have their own Audit Record Re

86、pository, there may be a hierarchy, or there may be one for the whole HIE.The following figure shows an EMR producing audit logs to the local Clinic, with a subset of these audit logs being forwarded to the HIE Infrastructure. This may be an automated process, manual reports filed on a regular basis

87、, or only brought together when an incident invokes a log aggregation policy. During an HIE incident investigation there may be need to go back to the Clinic to do a detailed investigation, the HIE policy needs to cover this.45医疗系统安全课程规划46医疗系统安全课程规划IHESecurityandPrivacyToolkit(6/6)Once it is known t

88、hat the system will enforce Access Controls and Audit Controls then it can be connected to other systems that have also been assessed positively. In this way these edgesystems only talk to other systems that also agree to enforce the common policies. This creates a basis for a chain of trust through

89、 accountability among all of the systems in the HIE. The communications between these trusted systems is also encrypted to ensure that only the trusted systems have access to the information collected in the audit trail.47医疗系统安全课程规划 HIESecurityandPrivacythroughIHEIntroductionScopingSecurityandPrivac

90、yInternationalDataProtectionPrinciplesPoliciesandRiskManagementTechnicalSecurityandPrivacycontrolsApplyingSecurityandPrivacytoanHIEBuildingUponExistingSecurityEnvironmentIHESecurityandPrivacyToolkitIHESecurityandPrivacyControlsConclusion48医疗系统安全课程规划IHESecurityandPrivacyControlsGiventhemandatoryuseof

91、ATNA,thefollowingisabreakdownofthesecurityandprivacycontrolsandinwhatwaytheIHEprofilescanhelp.ThefollowingtableshowsthesetofidentifiedControlsascolumnsandtheIHEProfilesasrows.InthistableaDindicatesadirectrelationship,andanI”indicatesanindirectrelationship.FurtherdetailsontheDdirectrelationshipsfollo

92、winthischapter.49医疗系统安全课程规划(ATNA)(CT)(EUA)(XUA)(DSG)(XDS)(XDR)(XDM)(PWP)(BPPC)50医疗系统安全课程规划IHESecurityandPrivacyControlsGiventhemandatoryuseofATNA,thefollowingisabreakdownofthesecurityandprivacycontrolsandinwhatwaytheIHEprofilescanhelp.ThefollowingtableshowsthesetofidentifiedControlsascolumnsandtheIH

93、EProfilesasrows.InthistableaDindicatesadirectrelationship,andanI”indicatesanindirectrelationship.FurtherdetailsontheDdirectrelationshipsfollowinthischapter.AccountabilityControlsIdentificationandAuthenticationControlsAccessControlsConfidentialityControlsDataIntegrityControlsNon-RepudiationControlsPa

94、tientPrivacyControlsAvailabilityControls51医疗系统安全课程规划AccountabilityControlsATNA:AllsystemsmustbeassessedastrustableATNA:AllsystemsonlycommunicatewithothertrustablesystemsATNA:AllsystemsmustenforceaccesscontrolsATNA:Allsystemsdetecttheauditableeventsandproduceauditmessagesaccordingtothedefinedauditsch

95、emaDSG:recordstheidentityofthesigner52医疗系统安全课程规划IdentificationandAuthenticationControlsATNA:Allsystemsmusthaveuserauthenticationbeforeallowing325accesstoPHIEUA:AnenterpriseuserauthenticationsystemPWP:Asystemforgettingdetailsonusers(personnel)XUA:Identifyaprincipalinacross-enterprisetransactionDSG:re

96、cordstheidentityofthesignerthroughtheuseoftheprivatekey.Thepresumptionisthattheusermusthavebeenauthenticatedpriortoaccesstotheprivatekey.53医疗系统安全课程规划AccessControlsATNA:AllsystemsmustenforceaccesscontrolsPWP:Asystemforgettingrolesassignedtousers54医疗系统安全课程规划ConfidentialityControlsATNA:Encryptionwith3D

97、ESorAESATNA:AllsystemsmustauthenticateusersbeforeprovidingaccesstoPHIATNA:RequiredauditlogformatandspecificauditableeventsXDS:AllQueriesarepatientspecificXDS,XDM,XDR:MetadatahasminimalPHIIntegritycontrols:Times,size,hash,oid,uriIfKnown:AuthorInstitution,AuthorName,AuthorSpecialtyHIEspecific:Healthca

98、refacilitytype,PracticeSettingcode,PatientIdentifiernumber,DocumentFormatCodeDocumentMIME-TYPEDocumentSourceSpecific:Patientdemographics(FullName,Gender,DateofBirth,andAddress)XDR:AsystemforcommunicatingdocumentsdirectlybetweentwosystemsXDM:Asystemforcommunicatingdocumentsusingmedia55医疗系统安全课程规划DataI

99、ntegrityControlsATNA:NodeAuthenticationwithCertificatesensuresnon-trustablesystemsarekeptoutATNA:IntegrityusingSHA1toensurethetransactioniswholeXDS:Integrity(SHA1)controlsbuiltintometadatatoensurethedocumentlifespaniscoveredXDS:Documentmanagementmodelensuresthatdocumentsarenotremovedbutaredeprecated

100、withclearsuccessorsXDS:Documentmodelandstandardsformatsensurethatthedatacanbemaintained355overlongtimeDSG:CertificatebasedDigitalSignaturescanbeappliedtothedocumentsXDSfamilyisallstandardsbasedensuringthattheinformationmanagedinXDSisnotlockedintoaproprietarysystemXDSisdocumentcentricassuringPersiste

101、nce,Stewardship,PotentialforAuthentication,andWholeness.ATNA:Allactionsarediscoverableallowingformonitoringforappropriateuse,testforleaks.Securityisanactivelymanagedprocessallowingforoversightandvigilance.56医疗系统安全课程规划Non-RepudiationControlsTheNon-RepudiationControlsincorporatetheIntegrityControls,bu

102、trelymorespecificallythefollowingcontrols:DSG:CertificatebasedDigitalSignaturescanbeappliedtothedocumentsATNA:Allactionsarediscoverableallowingformonitoringforappropriateuse,testforleaks.Securityisanactivelymanagedprocessallowingforoversightandvigilance.57医疗系统安全课程规划PatientPrivacyControlsTheXDSmodela

103、tahighlevelsupportsasimplepatientuseconsentpolicyallowingforthesupportofopt-inoropt-outdependingonthewaythespecificHIEchooses.InthiswayapatientcanchoosetobeincludedornotincludedintheHIE.Thiswouldberecordedattheedgeapplicationandcontrolledbythatapplication.Inadditiontothisbasiccapability,theBPPCproth

104、epatientswillingnesstoparticipateintheHIE,ortoNOTparticipate.TheBPPCpropowerfulenoughtohandleasmallnumberofdifferentpoliciesthatgenerallywillcovermosttypesofpatientsprivacyconsent.TheBPPCpronotpowerfulenoughtohandleindividualpatientsexceptionstothebasicsetofpolicies.Werecognizethattherearepatientsth

105、atwanttosingleoutindividualsthatareauthorizedandindividualsthatmustnotbegivenaccess.Thismoreadvancedlevelofcontrolisnotreadilyexpressibleincurrentstandards.ThereisongoingstandardsworkwithinHL7andOASIStoaddressthis.ApowerfulfeatureoftheIHEmodelisabuiltinaccountabilitysystem.TheATNAprofilesauditlogcan

106、beexaminedforunacceptablebehavior,andtheHIEcanreactaccordingtotheirPolicy.Forexpresslysensitivepatients,itmightbebesttokeeptheirdatawithintheedgeapplicationEMRandnotshareanyofthatpatientsdatawiththeHIE.58医疗系统安全课程规划AvailabilityControlsAvailabilityControlsaremoreenvironmentalinnature,thatistheyareprov

107、idedbytheinfrastructurethatisusedtobuildtheHIE.Therearesomekeyaspectsofthe390IHEprofilesthatarestillhighlyimportanttomaintainingavailability:XDS:DocumentmodelandstandardsformatsensurethatthedatacanbemaintainedoverlongtimeXDSfamilyisallstandardsbasedensuringthattheinformationmanagedinXDSisnotlockedin

108、toaproprietarysystem59医疗系统安全课程规划 HIESecurityandPrivacythroughIHEIntroductionScopingSecurityandPrivacyInternationalDataProtectionPrinciplesPoliciesandRiskManagementTechnicalSecurityandPrivacycontrolsApplyingSecurityandPrivacytoanHIEBuildingUponExistingSecurityEnvironmentIHESecurityandPrivacyToolkitIH

109、ESecurityandPrivacyControlsConclusion60医疗系统安全课程规划IHE ProfileConsistent TimeEnterprise User AuthenticationAudit Trails and Node AuthenticationCross-Enterprise User AssertionCross-Enterprise Document SharingPersonnel White PagesBasic Patient Privacy ConsentsDocument Digital SignatureCross-Enterprise D

110、ocument Reliable MessagingCross-Enterprise Document exchange on MediaSecurityConfidentiality(私密性)Integrity (真確性)Non-Repudiation(不可否認性)Authentication(身份驗證)Authorization(授權)61医疗系统安全课程规划IHE ProfileConsistent TimeEnterprise User AuthenticationAudit Trails and Node AuthenticationCross-Enterprise User Ass

111、ertionCross-Enterprise Document SharingPersonnel White PagesBasic Patient Privacy ConsentsDocument Digital SignatureCross-Enterprise Document Reliable MessagingCross-Enterprise Document exchange on MediaSecurityConfidentiality(私密性)Integrity (真確性)Non-Repudiation(不可否認性)Authentication(身份驗證)Authorizatio

112、n(授權)New IHE Security profileConsistent Time (時間同步)Timestamp(時間郵戳)Single Sign on (單一登入)Document Digital Signature(電子簽章)Document Encryption(加密)HCA(健康憑證)Role-Based Accessed Control(存取控制)62医疗系统安全课程规划MoreonIHESecurityWS-Security:SAML,XACML.Using SAML and XACML for Web Service Security&Privacy* by Tuncay

113、NAMLI,AsumanDOGACExample-IHERetrieveInformationforDisplay(RID)WebServiceHCAproblemNewIntegrationProSecurity63医疗系统安全课程规划NewIHEIPArchitecture組織面RAD_TFITI_TFCARD_TFLAB_TFPCC_TFPatientIDEHRSecurityWorkflow功能面RAD_TF藥CARD_TFLAB_TFITICD_964医疗系统安全课程规划醫療WebServices元件65医疗系统安全课程规划Healthcare Integrating Profile

114、將每個Webservices視為一個服務藉由中介機制來控制每個服務的存取BPELServer醫院資訊系統(HIS)服務A服務B服務C服務窗口服務DWebservices66医疗系统安全课程规划情境模擬一日,張三因左胸鬱悶,且咳嗽不止,至地區醫院掛號就診,經拍攝X光照片發現左胸有陰影,醫師決定轉診至醫學中心進行進一步治療。 67医疗系统安全课程规划醫療系統安全課程第16週規劃6/18總結專題報告?XX醫院/醫學中心醫療資訊安全系統設計資訊安全通訊期刊邀稿整合醫療資訊安全系統報告?HIE Security and Privacy through IHESecurity and Authorizat

115、ion Issues in HL7 Electronic Health Records: A Semantic Web Services Based Approach68医疗系统安全课程规划Security and Authorization Issues in HL7 Electronic Health Records: A Semantic Web Services Based ApproachRichardS.PattersonUndertheDirectionofDr.JohnA.MillerCommitteeMembers:Dr.AmitSheth,Dr.BudakArpinar69

116、医疗系统安全课程规划AcknowledgementsIwouldliketothankmycommitteemembers;Dr.Miller,myMajorProfessorandco-authorofthejournalsubmission,Dr.ShethandDr.Arpinar.ThankstoJ.MikeDavis,co-authorandEdCoynefromVHAandINCSTI,respectively,fortheirinvolvement;alongwithRickKuhnfromNIST.ThankstoJorgeCardoso,co-author.70医疗系统安全课

117、程规划OutlineIntroductionHL7RBACAuthorizationPredicationArchitectureDetailedExampleEvaluationConclusion71医疗系统安全课程规划IntroductionWebservicesextendtheclientservermodelWebservicesandtheSOAarechangingthewaybusinessesinteractwiththeworldAprimarycontributionistheabilitytodiscoverservicespartnersWebservicesexp

118、osecriticaldataandorganizationsinfrastructurethroughtheirinterface72医疗系统安全课程规划IntroductionSecurityisachallengingareaofWebservicesAuthorizationisanimportantaspectofWebservicesecurityWS-AuthorizationremainstobestandardizedAuthorizationisverifyinganidentityhaspermissionstoaccessaresourceAuthenticationi

119、svalidatingaclientsidentity73医疗系统安全课程规划IntroResearchProblemWS-SecurityfocusesSOAPmessagingandAuthenticationXMLEncryption-messageprivacyandconfidentialityXMLSignaturemessageprotectionandintegritySAMLandcertificatesAuthenticationDiscoveryofservicesProvidesaclientwithpotentialpartnerservicesbasedonfunc

120、tionalrequirementsintheWSDLDiscoverydoesnotuseanyauthorizationinformationApproachistoaddsemanticsregardingauthorizationAnnotationtoWS-PolicyfileClientusesthisinformationtopredictifauthorizationwillbegranted74医疗系统安全课程规划IntroChallengesSecurityexposureEnoughinformationforclientstopredict,butnotsomuchas

121、toweakenthesecuritypostureDifferences between Roles/PositionsOrganizations have preferences regarding the title of roles/positionsA title in one organization may mean something different in another organization or be completely absent GranularityHow to express authorization from the service level do

122、wn to the parameter levelInformation from both client and service providerDetermine if a clients satisfies the authorization requirements for the provider75医疗系统安全课程规划ProposedSolutionAddsemanticannotationstoWS-PolicyforauthorizationUsedomainspecificupperlevelontologybasedonRBACSWRLrulestointegraterol

123、esfromserviceandclientontologies76医疗系统安全课程规划OutlineIntroductionHL7RBACAuthorizationPredicationArchitectureDetailedExampleEvaluationConclusion77医疗系统安全课程规划RoleBasedAccessControlWhyRBAC?TheNationalInstituteofStandardsandTechnology(NIST)publishedaRBACstandardWidelyacceptedClearandconciseelementnameswhic

124、hmapeasilytoelementsofWebservicesExample:RBAC Operations are mapped to the action that an operation of a Web service performson a resourceRBAC Roles are mapped to the role of an individual who has permission to use the Web service78医疗系统安全课程规划HL7RBACHealthLevel7(HL7)isanAmericanNationalStandardsInsti

125、tute(ANSI)-accreditedStandardsDevelopingOrganization(SDO)developclinicalandadministrativestandardsforhealthcareSpecificationfortheexchangekeysetsofclinicalandadministrativedataFocusonapplications,enduserprocesses,qualityofservice,authentication,privacy,constraints,andthesemanticsofinformationHL7Secu

126、rityTechnicalCommitteehasdevelopedaRoleBasedAccessControl(RBAC)specification79医疗系统安全课程规划HL7RBACOntologyRBAC Concepts-Roles-Users-Session-Permissions -Objects -Operations80医疗系统安全课程规划HL7RBACOntologyRole has departmentRole assigned to UsersRole has permissionPermissions have Objects and OperationsObjec

127、ts are an Organizational ResourceOperations are the action taken on a resource:Create Delete Read Execute Write81医疗系统安全课程规划OutlineIntroductionHL7RBACAuthorizationPredicationArchitectureDetailedExampleEvaluationConclusion82医疗系统安全课程规划WS-AuthorizationThisspecificationwillbeafollow-onspecificationtoWS-P

128、rivacyandWS-SecurityThesepoliciesareimplementedinWS-PolicyXACMLstandardmaybethebasisforWS-AuthorizationIBMandMicrosoftagreethattheend-pointpolicyfilesaretheappropriatelocationfordescribing“executioncapabilities”ofanauthenticatedclient83医疗系统安全课程规划AuthorizationPredicationUsethepreviousstandardsalongwi

129、thbestguessofWS-AuthorizationspecificationCreateWS-AuthorizationnamespaceandXSDwsau:CreateelementnamesfromRBACandXACMLrole:UsedomainspecificRBAContologytoaddsemanticswsau:rolename=“Physician“wsau:modelReference=Ontology1#Physician”84医疗系统安全课程规划AuthorizationPredicationExtensibilityElementspermission:i

130、stheoperationanauthenticatedclientisauthorizedtoperformonacertainobject,whichisaresourcerole:isafunctionwithinthecontextofanorganization;someassociatedsemanticsregardingtheauthorityandresponsibilityareconferredontheuserassignedtotherolesubjectCategory: todescribethetypeofasubject,subjectscanbeamachi

131、ne,network,orintelligentautonomousagentmodelReference:isusedtohandlethemappingofaschemaelementtoanontologicalconcept85医疗系统安全课程规划 wsse:X509v3 wsse:X509v3 AuthorizationPredication86医疗系统安全课程规划AuthorizationPredicationClientsideusesAuthorizationinformationfromWS-PolicyServiceontologyInformationaboutitsel

132、f,clientinformationClientontologySWRLrulesPredicationManagerImportsserviceontologyintoclientontologyFormulatesqueriesPredictsauthorization87医疗系统安全课程规划AuthorizationPredicationClientinformationCanbeplacedintheBPELsprocessWSDLsPolicyfileorCanbeplaceinaSemanticTemplatesPolicyfile 88医疗系统安全课程规划Authorizati

133、onPredicationSWRLrulesPreconfiguredrulesguesswhethertwoconceptsarethesameornotBasedoncertainrelationshipswithotherconceptsUsesthestructureofRBACClient OntologyService OntologyRole: Radiology TechRole: Radiology Technician89医疗系统安全课程规划AuthorizationPredicationTechnician(_department)sameAs(Technician,_d

134、epartment)HL7definesthenamesofdepartmentsClient OntologyService OntologyRole: Radiology TechRole: Radiology TechnicianSWRL increases the accuracy of our authorization predictionPrediction provides more accurate discovery of accessible Web services90医疗系统安全课程规划AuthorizationPredictionQueryingtheontolog

135、yQueriesareformulatedbytakingoneconceptfromtheservicepolicythecorrespondingconceptfromtheClientinformationJenanowhasabuiltinreasonerQueriesareexpanded,defaultisfivetimesIfapathisfoundbetweentwoconceptsthenwepredictthattheconstraintissatisfied91医疗系统安全课程规划OutlineIntroductionHL7RBACAuthorizationPredica

136、tionArchitectureDetailedExampleEvaluationConclusion92医疗系统安全课程规划ArchitectureTemplate BPEL WSDL PolicySemantic Template PolicyBPEL EngineOrWeb service ClientWeb service Discovery ModuleAuthorization Prediction Manager APMClient InformationorClient OntologyService OntologyJenaSWRL rulesWSDL WS-PolicyOn

137、tologies are loaded into JenaPolicy files are passed to APMClient information parsed out of documentClient information passed to APMRules load into JenaAPM queries JenaAuthorized services are returned123456793医疗系统安全课程规划OutlineIntroductionHL7RBACAuthorizationPredicationArchitectureDetailedExampleEval

138、uationConclusion94医疗系统安全课程规划DetailedExampleActorsThreeelectronichealthrecordrepositoriesImplementedwithWebservicesCompany1Company2Company3EmergencyRoomPhysicianatSt.FrancisHospitalAhospitalisaHealthCareorganization95医疗系统安全课程规划DetailedExampleCompany1Webservicesareannotatedsuchthatauthorizationistobeg

139、rantedtoaclientthathastheroleEmergencyPhysicianworkinginHealthServices,subjectCategoryCompany2annotatedsuchthatauthorizationistobegrantedtoaclientthathastheroleNurseworkinginHealthServices,subjectCategoryCompany3annotatedsuchthatauthorizationistobegrantedtoaclientthathastherolePhysicianworkinginPhys

140、iciansOffice,subjectCategory96医疗系统安全课程规划DetailedExampleCompany1roleEmergencyPhysicianworkinginHealthServices,subjectCategoryCompany2roleNurseworkinginHealthServices,subjectCategoryCompany3rolePhysicianworkinginPhysiciansOffice,subjectCategoryPhysicianHospitalHealth ServicesEmergency PhysicianEmergen

141、cy SurgeryHealth Care OrganizationSt. FrancisClassInstanceKeyioioiodepartmentprovidedByisaEmergency Room PhysiciandepartmentiosameAs97医疗系统安全课程规划OutlineIntroductionHL7RBACAuthorizationPredicationArchitectureDetailedExampleEvaluationConclusion98医疗系统安全课程规划EvaluationClientInformationService Authorizatio

142、nRequirementApproach 1:Ontology and RulesApproach 2:Ontologywithout RulesApproach 3: Without Rules or OntologyEmergencyPhysicianEmergency PhysicianYESNO, string matching must be implementedYES, simple string matchingEmergencyPhysicianEmergencyRoomPhysicianYESNOYes, only if matching on substrings but

143、 not Visa versa EmergencyPhysicianPhysicianYESYESNOSt. FrancisHealth ServicesYESYes, withinferencing enabledNO99医疗系统安全课程规划OutlineIntroductionHL7RBACAuthorizationPredicationArchitectureDetailedExampleEvaluationConclusion100医疗系统安全课程规划ConclusionFirstcreatedXMLSchemaDefinitionforWS-AuthorizationFirstRBA

144、CUpperLevelOntologydevelopedinconjunctionwithNISTandINCSTIRBACOntologyextendedintotheHL7DomainAuthorizationcriteriaismadeavailabletoWebserviceclientsthroughannotationstotheWSDLPolicyfileInformationregardingtheclientisincludedinaclientsidepolicyfile,eitherBPELWSDLPolicyorSemanticTemplatePolicyfileSWR

145、Lrulesareusedtoguessiftwoconceptsfromdifferentontologiesshouldbeconsideredequivalent101医疗系统安全课程规划ConclusionUsingaclientontologyandaServiceontologytogetherwithSWRLtopredictauthorizationAbletodiscoverinferredrelationshipssameAsrelationshipsRelationshipsthroughproperties102医疗系统安全课程规划ReferencesActiveBPE

146、L2.0,2006Copyright20042006,ActiveBPEL,LLC.,http:/ActiveEnpoints,2006Copyright2004-2006ActiveEndpoints,Akkirajuetal.,2005AkkirajuR,FarellJ,MillerJ,NagarajanM,ShethAandVermaK,WebServiceSemantics-WSDL-S,ProceedingsoftheW3CWorkshoponFrameworksforSemanticsinWebService(W3CW05),Innsbruck,Austria(June2005)p

147、ages5.Anyanwuetal.,2003KemaforAnyanwu,AmitP.Sheth,JorgeCardoso,JohnA.MillerandKrysJ.Kochut,HealthcareEnterpriseProcessDevelopmentandIntegration,Journal of Research and Practice in Information Technology ( JRPIT), SpecialIssueonHealthKnowledgeManagement,Vol.35,No.2(May2003)pp.83-98.AustralianComputer

148、Society,Inc.Agarwaletal.,2004S.Agarwal,B.Sprick,S.Wortmann;CredentialBasedAccessControlforSemanticWebServices;.Census2000CensusBureau,2000IndustryCategoriesfortheSpecialEEOFile,2000.103医疗系统安全课程规划ReferencesChristensenet.al.2001ChristensenE.,CurberaF.,MeredithG.andWeerawaranaS.,2001,WebServicesDescrip

149、tionLanguage(WSDL)1.1,W3CNote,.Dogacetal.,2002DogacA.,CingilI.,LaleciG.,KabakY.,ImprovingtheFunctionalityofUDDIRegistriesthroughWebServiceSemantics,3rdVLDBWorkshoponTechnologiesforEservices(TES-02),HongKong,China,August23-24,2002FaCT2005FaCT(2005)FaCT+,.Fenselet.al.FenselD.andBusslerC.,TheWebService

150、ModelingFrameworkWSMF,Gavirlaet.al.S.Gavrila,D.Kuhn,R.Chandramouli;Proposed NIST Standard for Role-Based Access Control;GandonandSadeh2003Gandon,F.L.andN.M.Sadeh,OWLinferenceengineusingXSLTandJESS,2003.HL7HL7HL7SecurityTechnicalCommittee,2005HL7SecurityTechnicalCommittee,RoleBasedAccessControl(RBAC)

151、HealthcareScenariosVersion1.0,2005.104医疗系统安全课程规划ReferencesHL7SecurityTechnicalCommittee,2005HL7SecurityTechnicalCommittee,RoleBasedAccessControl(RBAC)HealthcarePermissionsCatalogVersion2.0,2005HullandEast,2006HullandEastYorkshireHospitalsNHSTrust,2006.IBM,Microsoft2002IBMCorporationandMicrosoftCorpo

152、ration,SecurityinaWebServicesWorld:AProposedArchitectureandRoadmapVersion1.0,2002.Jena,2006Hewlett-PackardDevelopmentCompany,LP.,2006.Kagalet.al.2004L.Kagal,M.Paolucci,N.Srinivasan,G.Denker,T.Finin,K.Sycara;AuthorizationandPrivacyforSemanticWebServices;IEEEIntelligentSystems(SpecialIssueonSemanticWe

153、bServices),July2004.Leymannet.al.2002LeymannF,RollerD,SchmidtMT-IBMSystemsJournal,2002WebservicesandbusinessprocessmanagementLpezetal.,2005G.Lpez,.Cnovas,A.Gmez-Skarmeta,S.Otenko,D.Chadwick;AHeterogeneousNetworkAccessServicebasedonPERMISandSAML;InProceedingsof2ndEuroPKIWorkshop,UniversityofKent,July

154、2005.NIST,1993NationalInstituteofStandardsandTechnology(NIST)FIPSPublication180:SecureHashStandard(SHS).May1993.NIST,2004NationalInstituteofStandardsandTechnology(NIST)RoleBasedAccessControlStandard(RBACS).April2004.105医疗系统安全课程规划ReferencesOWL,2004DeborahL.McGuinness,FrankvanHarmelen,W3CRecommendatio

155、n10February2004Pellet,2003Minswap,2003Pennington,2006CaryPennington,PolicyBasedOptimalCompositionofWebServices,MastersThesis(M.S.inCSDegree)July2006.Rosenberg,Remy,2004JothyRosenbergandDavidRemy,Securing Web Services Security with WS-Security,Sams,2004.SAML2.0,2005SAML2.0proXACMLv2.0OASISStandard,1F

156、ebruary2005,Sirinetal.,2004EvrenSirin,BijanParsia,BernardoCuencaGrau,AdityaKalyanpur,andYardenKatz.Pellet:Apracticalowl-dlreasoner.SubmittedforpublicationtoJournalofWebSemantics.Sivashanmugamet.al.2003Sivashanmugam,K.,Verma,K.,Sheth,A.,Miller,J.,AddingSemanticstoWebServicesStandards,Proceedingsofthe

157、1stInternationalConferenceonWebServices(ICWS03),LasVegas,Nevada(June2003).106医疗系统安全课程规划ReferencesToninellietal.,2005A.Toninelli,J.Bradshaw,L.Kagal,R.Montanari;Rule-basedandOntology-basedPolicies:TowardaHybridApproachtoControlAgentsinPervasiveEnvironments;ProceedingsoftheSemanticWebandPolicyWorkshop,

158、InternationalSemanticWebConference,7November,2005.UDDI,2002UDDISpecTechnicalCommitteeSpecification,2002.published-20020719.htmVermaetal.,2005VermaK,SivashanmugamK,ShethA,AbhijitPatil,OundhakarSandMillerJ,METEOR-SWSDI:AScalableInfrastructureofRegistriesforSemanticPublicationandDiscoveryofWebServices,

159、JournalofInformationTechnologyandManagement,SpecialIssueonUniversalGlobalIntegration,Vol.6,No.1(2005)pp.17-39.KluwerAcademicPublishers.Verma,2006KunalVerma,ConfigurationandAdaptationofSemanticWebProcesses,DoctoralDissertation(Ph.D.inCSDegree)June2006Vermaetal.,2005K.Verma,R.Akkiraju,RGoodwin;Semanti

160、cMatchingofWebServicePolicies;SecondInternationalWorkshoponSemanticandDynamicWebProcesses(SDWP2005),ThirdInternationalConferenceonWebServices(ICWS05),July,2005.Vermaetal.,2004VermaK,AggarwalR,MillerJandMilnorW,ConstraintDrivenWebServiceCompositioninMETEOR-S,Proceedingsofthe2004IEEEInternationalConfe

161、renceonServicesComputing(SCC04),Shanghai,China(September2004)pp.23-32107医疗系统安全课程规划ReferencesWielemaker2005Wielemaker,J.,SWI-PrologSemanticWebLibrary,2005.WSArchitecture,2004WebServicesArchitecture(WSArchitecture),D.Booth,H.Haas,F.McCabe,E.Newcomer,M.Champion,C.Ferris,D.Orchard;Feb.2004WS-Policyet al

162、SiddharthBajaj,DonBox;Web Services Policy Framework (WS-Policy);WS-Security,2002WebServicesSecurity(WS-Security)Version1.005,2002et alBobAtkinson,GiovanniDella-Libera;Specification: Web Services Security);April2002Wuetal.,2002S.Wu,A.Sheth,J.Miller,ZLuo;AuthorizationandAccessControlofApplicationDatai

163、nWorkflowSystems;JournalofIntelligentInformationSystems:IntegratingArtificialIntelligenceandDatabaseTechnologies(JIIS),Vol.18,No.1(January2002)pp.71-94.KluwerAcademicPublishers.108医疗系统安全课程规划ReferencesXACML,2005eXtensibleAccessControlMarkupLanguage,(XACML)Version2.0OASISStandard,1Feb2005,XML-Signatur

164、e,2002XMLSignatureSyntaxandProcessing(XML-Signature)W3CRecommendation2002XML-Encryption,202XMLEncryptionSyntaxandProcessing(XML-Encryption)W3CRecommendation2002Yagueetal.,2003M.Yague,A.Mana,J.Lopez,J.Troya;ApplyingtheSemanticWebLayerstoAccessControl;14thInternationalWorkshoponDatabaseandExpertSystemsApplications(DEXA03)109医疗系统安全课程规划

展开阅读全文
相关资源
正为您匹配相似的精品文档
相关搜索

最新文档


当前位置:首页 > 建筑/环境 > 施工组织

电脑版 |金锄头文库版权所有
经营许可证:蜀ICP备13022795号 | 川公网安备 51140202000112号