This document proposes a risk-aware integrity management framework for distributed healthcare systems. It integrates measures of trust and risk with an existing credentials-based access control model. The framework uses a knowledge representation called Many Worlds on a Frame to capture context for interactions. It associates trust values with user roles and privilege packages, and calculates risk scores based on the sensitivity of data and likelihood of undesirable events. The framework aims to provide flexible policies while mitigating risks like illegitimate access of sensitive health information in distributed healthcare environments.

1. RISK-AWARE INTEGRITY MANAGEMENT FRAMEWORK
FOR DISTRIBUTED HEALTHCARE SYSTEMS
Aastha Madaan
Research Fellow, WSL, IIIT-B
※ Research work done as a part of Work Package – 3 of the TRUMP Project [2]
Collaborative Healthcare Setup
Appointments/
Patient information
Pathology
Results
Treatment/Procedures/
Problem Lists
Nursing
Notes
EHR

2. TRUMP: REQUIREMENTS
o Collaborating & Heterogeneous Care
providers and receivers
2
 Self-Intervention for Chronic Illnesses
Multi-agency Care
Disjoint/distributed
agencies
Limited Resources
CHALLENGES
o Unit of Exchange of Health Information  EHRs  TRUMP Unit
Subjective
UtilityBounded
Validity
Interrelated
Utility
Divergent
Aggregation

3. TRUMP UNIT
Attributes
RecordId PName Age Sex Version_id
Data
Imported Worlds and Participation
Organization Treatment Person Person ……
…
Primary care
Provider
Therapy Physician Specialist ……
…
DISTRIBUTED KNOWLEDGE REPRESENTATION
FRAMEWORK
3
• Many Worlds on a Frame (MWF) Knowledge Representation framework proposed in [3], [5]
EHR UoD
Schema

4. AN EXAMPLE (1)
* Screenshots Source: MTech Students - TRUMP Project

5. AN EXAMPLE (2)
5

6. AN EXAMPLE (3)
6

7. AN EXAMPLE (4)
7

8. AN EXAMPLE (5)
8

9. AN EXAMPLE (6)
9

10. RISK-AWARE INTEGRITY MANAGEMENT
 Integrating “Trust” and “Risk” measures with earlier proposed
Credentials based Access Control (CBAC) [4]
 Flexible, bottom-up approach
 Associate policies based on user credentials
 Define Risk and Trust Measures

11. INTEGRATING TRAAC AND CBAC (1)
 Access control  Agnostic to actual end-users
 Zoned Policy Model [TRAAC]  Zoned Privilege Packages
11
share
deny
readu
reads
undefined
o Type of Requests  Read & Share
o Data Object Policy  Zones assigned
o Risk  Request & Trust  Requestor
o Types of Trust  Obligation & Sharing
Hospital X
Department
of Health
Health-care
Providers
Association
Role: Heart Specialist
Role: Secretary
Role: President

12. 12
 TRAAC approach  Misses CONTEXT during Trust Update
 E.g in Which context was the particular violation made
 TRAAC+ CBAC  MWF captures the context of a given interaction
 Visibility of Policies  Critical to avoid unintentional violation
 TRAAC+CBAC  Policy viewed as a Data Element
 Credentials of a user  participation set
 Credentials  Privilege Package  View applicable policies
 Update of Sharing and Obligation based Trust
 Assignment of Sensitivity Category  Information
INTEGRATING TRAAC AND CBAC (2)

13. ASSOCIATING TRUST
 Trust  Probability with which a Privilege Package is entrusted to a world
 Privilege package  Assertion1, Assertion2, Assertion3,…., Assertionn
 Assertion  Set of role(Type, Location)
 Trust value  Aggregation of trust values associated with each role in a the
user’s participation set
 Trust across system elements
 User trust in system  Privacy of Information
 System trust in users  Authenticated information
 Trust between users  History of Events
 Evaluating trust  Risk Mitigation Strategy  Obligations to be performed in
a given domain
 Sharing Trust & Obligation Trust 13

14. ASSOCIATING RISK
 Risk  Probability with which a data-access is granted to a World
with a Stakeholder with a Privilege Package, P
 Assign  Sensitivity category to  Worlds
 Calculate  Loss sustained due to access
 Undesirable Events  Fake credentials of a user
Illegitimate access made by user
 Risk Score = Loss * Probability of Undesirable Events
 Risk Domain  Type and Location of a World
 Risk Mitigation Strategy ?
14
Allow
Deny
Access based
On Risk

15. CONCERNS
 Emergency Access  Bypassing Access Rules
 Patient  Owner of data or subject of data
 Modelling stakeholder as a data element answer this?
 Complex Information Flows  Involve Delegation
 Responsibility
 Update Trust
15
 Quantification of Risk and Trust
 Revocation of Privilege Packages  Boundary conditions
Risk & Trust
 Risk Mitigation Strategies and Obligation  Trust Delegation
 Visualization of Risk  Access granted to a stakeholder

16. REFERENCES
1. Burnett, C., Chen, L., Norman, T.~J. and Edwards, P. (2014). TRAAC: Trust and Risk Aware
Access Control. Proceedings of the 12th Annual Conference on Privacy, Security and Trust
(PST2014), Toronto, Canada.
2. Burnett, C., Edwards, P., Norman, T. J., Chen, L., Rahulamathavan, Y., Jaffray, M., & Pignotti,
E. (2013). TRUMP: A Trusted Mobile Platform for Self-management of Chronic Illness in
Rural Areas. In Trust and Trustworthy Computing (pp. 142-150). Springer Berlin Heidelberg.
3. Chinmay Jog, Sweety Agrawal, Srinath Srinivasa. Distributing a Trust Framework for
Utilitarian Data Exchanges in Inter-Organizational Collaborations. Proceedings of the Second
ACM iKDD Conference on Data Sciences (CoDS 2015), March 2015, Bangalore, India.
4. Sweety Agrawal, Chinmay Jog, Srinath Srinivasa. Integrity Management in a Trusted
Utilitarian Data Exchange Platform. Proceedings of the 13th International Conference on
Ontologies, Databases and Applications of Semantics (ODBASE 2014), Amantea, Italy,
October 2014.
5. Srinath Srinivasa, Sweety Agrawal, Chinmay Jog and Jayati Deshmukh. Characterizing Open
Utilitarian Knowledge. Proceedings of the First IKDD Conference on Data Sciences (CoDS
2014), New Delhi, India, March 2014.
16