SlideShare a Scribd company logo
1 of 15
Download to read offline
USING A POLICY SPACES AUDITOR TO
CHECK FOR TEMPORAL INCONSISTENCIES
IN HEALTHCARE AUDIT LOG FILES
Tyrone Grandison, Sean Thorpe
LACCEI Symposium of Health Informatics in Latin America and the Caribbean 2013
Outline
 Motivation
 Goal
 Prior Work
 Policy Spaces
 Policy Evaluation Flow
 System
 Conclusion
August 14th, 2013LACCEI Symposium of Health Informatics in Latin America and the Caribbean
2
Motivation
 Healthcare Core Tenet – Nothing interferes with care
delivery.
 Healthcare security controls are often bypassed.
 Called „break the glass‟ (BtG).
 Though useful and necessary in emergencies, it is a security hole.
 Malicious users can gain unauthorized privileges & accesses by breaking
the glass.
 „Break the Glass‟ activity:
 Is no longer the exception.
 Is logged in healthcare audit files. August 14th, 2013LACCEI Symposium of Health Informatics in Latin America and the Caribbean
3
Goal
August 14th, 2013LACCEI Symposium of Health Informatics in Latin America and the Caribbean
4
 Help to determine when Break the Glass is being
abused
Leverage prior work.
Analyze audit logs to spot temporal inconsistencies.
Bring them to the attention of the security team.
Prior Work
August 14th, 2013LACCEI Symposium of Health Informatics in Latin America and the Caribbean
5
 Policy Coverage (Bhatti and Grandison, 2007).
 Access Control policy should state what happens in the security
system. Increase the coverage of policy by mining BtG
requests in audit log.
 Policy Spaces (Ardagna et al., 2008)
 Builds on Bhatti and Grandison (2007) & defines model of audit
log space.
 Exception-based access control (Ardagna et al., 2010)
 Creates a more rigorous model from Ardagna et. al. (2008).
Policy Spaces
August 14th, 2013LACCEI Symposium of Health Informatics in Latin America and the Caribbean
6
 Authorized Accesses (P+).
 Traditional access control policies.
 Intuitively, P+ includes positive authorizations regulating „common
practice‟.
 Denied Accesses (P−).
 Access control policies that are used to prevent abuses.
 Policies in this space are meant to limit exceptions that can result in
unauthorized accesses exploiting BtG.
Policy Spaces
August 14th, 2013LACCEI Symposium of Health Informatics in Latin America and the Caribbean
7
 Planned Exceptions (EP).
 Regulate access requests that do not fall into the normal routine.
 i.e. exceptions that can be foreseen, for example, according to past observations.
 Associated with, and indexed by, conditions on the context information
 represented by attributes in exception space E and on dynamic information in the profiles
(e.g., status of the patient), which are used to restrict their applicability.
 Policies in EP cannot override policies in P−.
 Unplanned Exceptions (EU).
 Policies regulating all access requests not covered by the previous policy spaces
(P+, P−, and EP).
 Space EU is composed of two sub-spaces, denoted EU+ and EU-, respectively.
 EU- enforces the deny-all default policy and is applicable to all requests that happen in non-
emergency cases, when the enforcement of the BtG principle would be an abuse.
 EU+ enforces the permit-all default policy and is applicable to all requests that happen in
emergency situations, thus allowing all accesses not explicitly allowed or denied by policies in
other spaces.
 All the accesses falling in EU are inserted into an auditing log for a posteriori analysis.
Policy Evaluation Flow
August 14th, 2013LACCEI Symposium of Health Informatics in Latin America and the Caribbean
8
System
August 14th, 2013LACCEI Symposium of Health Informatics in Latin America and the Caribbean
9
 Policy Spaces tool identifies log entries belonging to each
space.
 Our system (BtG policy space auditor) examines rules in EU.
 Enables the health care system administrator, an auditor or a
forensic user to specify a timeline and an unplanned exceptions (EU)
set to be checked for temporal inconsistencies.
 Uses
 Happened-before relation
 Implies an activity timeline.
 Assumes a set of records stating when action occurred.
 Simple logic
System Use
August 14th, 2013LACCEI Symposium of Health Informatics in Latin America and the Caribbean
10
 Construct an audit log timeline
 i.e. a sequence over the set of events
 The BtG space log auditor is launched to evaluate all the
events ordered by their timestamp.
 If an event evta has a happened-before relation to evtb, but the
audit kernel log timestamp (tb) of evtb suggests that evtb
occurred before evta then ta and tb are inconsistent.
Example
August 14th, 2013LACCEI Symposium of Health Informatics in Latin America and the Caribbean
11
 Event 1: A patient p must be admitted into the hospital before
any other actions are.
 Event 2: A healthcare practitioner x cannot prescribe
medication for patient p before they have been checked in.
 If a prescription event evtb occurs, the check-in event evta must
happen before it, and evtb must happen before the check-out
event evtc.
 The physical time tc at which the event evtc must have occurred
must be after the physical time tb at which the event evtb must
have occurred, which must in turn be after the physical time ta
at which the event evta must have occurred.
Conclusion
August 14th, 2013LACCEI Symposium of Health Informatics in Latin America and the Caribbean
12
 Breaking the Glass is a necessary evil.
 Policy Spaces streamlines and optimizes the different
types of healthcare security requests.
 Leveraging Policy Spaces and a rule-based auditing
tool, it is possible to easily detect suspicious activity.
 We present temporal inconsistencies.
 However, we expect to explore a range of other
inconsistencies.
THANK YOU
August 14th, 2013
13
LACCEI Symposium of Health Informatics in Latin America and the Caribbean
BACKUP
August 14th, 2013
14
LACCEI Symposium of Health Informatics in Latin America and the Caribbean
References
August 14th, 2013LACCEI Symposium of Health Informatics in Latin America and the Caribbean
15
 Ardagna, C. A., De Capitani di Vimercati, S., Foresti, S., Grandison, T. W., Jajodia, S., and Samarati, P.
(2010).“Access control for smarter healthcare using policy spaces”. Computers & Security, 29(8), 848-858.
 Ardagna, C. A., di Vimercati, S. D. C., Grandison, T., Jajodia, S., and Samarati, P. (2008).“Regulating exceptions in
healthcare using policy spaces”. In Data and Applications Security XXII (pp. 254-267). Springer Berlin Heidelberg.
 Bhatti, R., and Grandison, T. (2007). “Towards improved privacy policy coverage in healthcare using policy
refinement”. In Secure Data Management (pp. 158-173).Springer Berlin Heidelberg.
 Grandison, T., and Davis, J. (2007). “The impact of industry constraints on model-driven data disclosure
controls”, In Proc. of the 1st International Workshop on Model-Based Trustworthy Health Information
Systems, Nashville, Tennessee, USA.
 Rostad, L., and Edsberg, O. (2006). “A study of access control requirements for healthcare systems based on audit
trails from access logs”, in: Proc. of the 22ndAnnual Computer Security Applications Conference, Miami
Beach, Florida, USA.
 Thorpe, S., Ray, I., Grandison, T., Barbir, A., France, R. (2013). “Hypervisor Event Logs as a Source of Consistent
Virtual Machine Evidence for Forensic Cloud Investigations”, in: Proc. Of the 27th Annual IFIP WG11.3 Working
Conference on Data Security and Privacy(DBSEC), Newark, New Jersey, USA.
 Gladyshev, P., and Patel, A. (2005). “Formalizing event time bounding in digital investigations,” International Journal
of Digital Evidence. Vol. 4.

More Related Content

Viewers also liked

The Creative Economy within the United States of America
The Creative Economy within the United States of AmericaThe Creative Economy within the United States of America
The Creative Economy within the United States of AmericaTyrone Grandison
 
Strategies and Tactics for Accelerating IT Modernization
Strategies and Tactics for Accelerating IT ModernizationStrategies and Tactics for Accelerating IT Modernization
Strategies and Tactics for Accelerating IT ModernizationTyrone Grandison
 
Direct marketing
Direct marketingDirect marketing
Direct marketingakulsingh
 
IFS Aplikace pro projektově řízenou výrobu
IFS Aplikace pro projektově řízenou výrobuIFS Aplikace pro projektově řízenou výrobu
IFS Aplikace pro projektově řízenou výrobuIFS Czech
 
Course 1: Create and Prepare CentOS 7 VM Template
Course 1: Create and Prepare CentOS 7 VM TemplateCourse 1: Create and Prepare CentOS 7 VM Template
Course 1: Create and Prepare CentOS 7 VM TemplateImad Daou
 
Andrea Johnson--Stage Management
Andrea Johnson--Stage ManagementAndrea Johnson--Stage Management
Andrea Johnson--Stage Managementkavitamenon1
 
تكبير الذكر
تكبير الذكرتكبير الذكر
تكبير الذكرalfosoromeo
 
Definition of a Technological Ecosystem for Scientific Knowledge Management i...
Definition of a Technological Ecosystem for Scientific Knowledge Management i...Definition of a Technological Ecosystem for Scientific Knowledge Management i...
Definition of a Technological Ecosystem for Scientific Knowledge Management i...Grial - University of Salamanca
 
Open hydro presentation workshop 20100507
Open hydro presentation   workshop 20100507Open hydro presentation   workshop 20100507
Open hydro presentation workshop 20100507Green17Creative
 
Project 2000
Project 2000Project 2000
Project 2000lexsing
 

Viewers also liked (20)

Foxworth Portfolio
Foxworth PortfolioFoxworth Portfolio
Foxworth Portfolio
 
JW day 3 (unit 2)
JW day 3 (unit 2)JW day 3 (unit 2)
JW day 3 (unit 2)
 
Jw day 6 (unit 3)
Jw day 6 (unit 3)Jw day 6 (unit 3)
Jw day 6 (unit 3)
 
The Creative Economy within the United States of America
The Creative Economy within the United States of AmericaThe Creative Economy within the United States of America
The Creative Economy within the United States of America
 
Strategies and Tactics for Accelerating IT Modernization
Strategies and Tactics for Accelerating IT ModernizationStrategies and Tactics for Accelerating IT Modernization
Strategies and Tactics for Accelerating IT Modernization
 
Direct marketing
Direct marketingDirect marketing
Direct marketing
 
079 fmi rapport
079 fmi  rapport079 fmi  rapport
079 fmi rapport
 
8 abc
8 abc8 abc
8 abc
 
IFS Aplikace pro projektově řízenou výrobu
IFS Aplikace pro projektově řízenou výrobuIFS Aplikace pro projektově řízenou výrobu
IFS Aplikace pro projektově řízenou výrobu
 
Course 1: Create and Prepare CentOS 7 VM Template
Course 1: Create and Prepare CentOS 7 VM TemplateCourse 1: Create and Prepare CentOS 7 VM Template
Course 1: Create and Prepare CentOS 7 VM Template
 
Wat Is Digital Creator Eigenlijk
Wat Is Digital Creator EigenlijkWat Is Digital Creator Eigenlijk
Wat Is Digital Creator Eigenlijk
 
3 a ukraine
3 a ukraine3 a ukraine
3 a ukraine
 
Fixing Blemishes
Fixing BlemishesFixing Blemishes
Fixing Blemishes
 
Andrea Johnson--Stage Management
Andrea Johnson--Stage ManagementAndrea Johnson--Stage Management
Andrea Johnson--Stage Management
 
تكبير الذكر
تكبير الذكرتكبير الذكر
تكبير الذكر
 
Definition of a Technological Ecosystem for Scientific Knowledge Management i...
Definition of a Technological Ecosystem for Scientific Knowledge Management i...Definition of a Technological Ecosystem for Scientific Knowledge Management i...
Definition of a Technological Ecosystem for Scientific Knowledge Management i...
 
Book1
Book1Book1
Book1
 
Open hydro presentation workshop 20100507
Open hydro presentation   workshop 20100507Open hydro presentation   workshop 20100507
Open hydro presentation workshop 20100507
 
Project 2000
Project 2000Project 2000
Project 2000
 
Post ero
Post eroPost ero
Post ero
 

Similar to Using a Policy Spaces Auditor to Check for Temporal Inconsistencies in Healthcare Audit Log Files

Next Generation Analytics: The Backbone of the High Performing Health System
Next Generation Analytics: The Backbone of the High Performing Health SystemNext Generation Analytics: The Backbone of the High Performing Health System
Next Generation Analytics: The Backbone of the High Performing Health SystemInvestnet
 
Information Governance in the Healthcare Industry
Information Governance in the Healthcare IndustryInformation Governance in the Healthcare Industry
Information Governance in the Healthcare IndustryAmber Guy
 
InternetOfThingBuildsCapacity
InternetOfThingBuildsCapacityInternetOfThingBuildsCapacity
InternetOfThingBuildsCapacityKelly Delaney
 
The Future of Wearables - From a fitness accessory to a clinical tool - uli c...
The Future of Wearables - From a fitness accessory to a clinical tool - uli c...The Future of Wearables - From a fitness accessory to a clinical tool - uli c...
The Future of Wearables - From a fitness accessory to a clinical tool - uli c...Uli Chettipally, MD., MPH.
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)ijceronline
 
Paper id 36201506
Paper id 36201506Paper id 36201506
Paper id 36201506IJRAT
 
Challenges and Opportunities Around Integration of Clinical Trials Data
Challenges and Opportunities Around Integration of Clinical Trials DataChallenges and Opportunities Around Integration of Clinical Trials Data
Challenges and Opportunities Around Integration of Clinical Trials DataCitiusTech
 
Data Analytics and Artificial Intelligence in Healthcare Industry
Data Analytics and Artificial Intelligence in Healthcare IndustryData Analytics and Artificial Intelligence in Healthcare Industry
Data Analytics and Artificial Intelligence in Healthcare IndustryIRJET Journal
 
Public Health Surveillance Systems
Public Health Surveillance SystemsPublic Health Surveillance Systems
Public Health Surveillance SystemsRochelle Schear
 
Cloud based Health Prediction System
Cloud based Health Prediction SystemCloud based Health Prediction System
Cloud based Health Prediction SystemIRJET Journal
 
Human factors in GMP (7 February 2014)
Human factors in GMP (7 February 2014)Human factors in GMP (7 February 2014)
Human factors in GMP (7 February 2014)Ajaz Hussain
 
How Big Data Transforms Reactive Drug Safety to Proactive Pharmacovigilance
How Big Data Transforms Reactive Drug Safety to Proactive PharmacovigilanceHow Big Data Transforms Reactive Drug Safety to Proactive Pharmacovigilance
How Big Data Transforms Reactive Drug Safety to Proactive PharmacovigilanceClinosolIndia
 
ai in clinical trails.pptx
ai in clinical trails.pptxai in clinical trails.pptx
ai in clinical trails.pptxRajdeepMaji3
 
aiinclinicaltrails-221008052225-c7ed8a95.pdf
aiinclinicaltrails-221008052225-c7ed8a95.pdfaiinclinicaltrails-221008052225-c7ed8a95.pdf
aiinclinicaltrails-221008052225-c7ed8a95.pdfMartaHC1
 
PATIENT AWOL GUESS AFTER BOOKING SESSION
PATIENT AWOL GUESS AFTER BOOKING SESSIONPATIENT AWOL GUESS AFTER BOOKING SESSION
PATIENT AWOL GUESS AFTER BOOKING SESSIONIRJET Journal
 
Ethical & Legal Issues of AI in Medicine (March 7, 2019)
Ethical & Legal Issues of AI in Medicine (March 7, 2019)Ethical & Legal Issues of AI in Medicine (March 7, 2019)
Ethical & Legal Issues of AI in Medicine (March 7, 2019)Nawanan Theera-Ampornpunt
 
Three Approaches to Predictive Analytics in Healthcare
Three Approaches to Predictive Analytics in HealthcareThree Approaches to Predictive Analytics in Healthcare
Three Approaches to Predictive Analytics in HealthcareHealth Catalyst
 
Predictions And Analytics In Healthcare: Advancements In Machine Learning
Predictions And Analytics In Healthcare: Advancements In Machine LearningPredictions And Analytics In Healthcare: Advancements In Machine Learning
Predictions And Analytics In Healthcare: Advancements In Machine LearningIRJET Journal
 
New Access Models for Healthcare
New Access Models for HealthcareNew Access Models for Healthcare
New Access Models for HealthcareTyrone Grandison
 

Similar to Using a Policy Spaces Auditor to Check for Temporal Inconsistencies in Healthcare Audit Log Files (20)

Next Generation Analytics: The Backbone of the High Performing Health System
Next Generation Analytics: The Backbone of the High Performing Health SystemNext Generation Analytics: The Backbone of the High Performing Health System
Next Generation Analytics: The Backbone of the High Performing Health System
 
Information Governance in the Healthcare Industry
Information Governance in the Healthcare IndustryInformation Governance in the Healthcare Industry
Information Governance in the Healthcare Industry
 
InternetOfThingBuildsCapacity
InternetOfThingBuildsCapacityInternetOfThingBuildsCapacity
InternetOfThingBuildsCapacity
 
The Future of Wearables - From a fitness accessory to a clinical tool - uli c...
The Future of Wearables - From a fitness accessory to a clinical tool - uli c...The Future of Wearables - From a fitness accessory to a clinical tool - uli c...
The Future of Wearables - From a fitness accessory to a clinical tool - uli c...
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)
 
Paper id 36201506
Paper id 36201506Paper id 36201506
Paper id 36201506
 
Challenges and Opportunities Around Integration of Clinical Trials Data
Challenges and Opportunities Around Integration of Clinical Trials DataChallenges and Opportunities Around Integration of Clinical Trials Data
Challenges and Opportunities Around Integration of Clinical Trials Data
 
Environmental scanning
Environmental scanningEnvironmental scanning
Environmental scanning
 
Data Analytics and Artificial Intelligence in Healthcare Industry
Data Analytics and Artificial Intelligence in Healthcare IndustryData Analytics and Artificial Intelligence in Healthcare Industry
Data Analytics and Artificial Intelligence in Healthcare Industry
 
Public Health Surveillance Systems
Public Health Surveillance SystemsPublic Health Surveillance Systems
Public Health Surveillance Systems
 
Cloud based Health Prediction System
Cloud based Health Prediction SystemCloud based Health Prediction System
Cloud based Health Prediction System
 
Human factors in GMP (7 February 2014)
Human factors in GMP (7 February 2014)Human factors in GMP (7 February 2014)
Human factors in GMP (7 February 2014)
 
How Big Data Transforms Reactive Drug Safety to Proactive Pharmacovigilance
How Big Data Transforms Reactive Drug Safety to Proactive PharmacovigilanceHow Big Data Transforms Reactive Drug Safety to Proactive Pharmacovigilance
How Big Data Transforms Reactive Drug Safety to Proactive Pharmacovigilance
 
ai in clinical trails.pptx
ai in clinical trails.pptxai in clinical trails.pptx
ai in clinical trails.pptx
 
aiinclinicaltrails-221008052225-c7ed8a95.pdf
aiinclinicaltrails-221008052225-c7ed8a95.pdfaiinclinicaltrails-221008052225-c7ed8a95.pdf
aiinclinicaltrails-221008052225-c7ed8a95.pdf
 
PATIENT AWOL GUESS AFTER BOOKING SESSION
PATIENT AWOL GUESS AFTER BOOKING SESSIONPATIENT AWOL GUESS AFTER BOOKING SESSION
PATIENT AWOL GUESS AFTER BOOKING SESSION
 
Ethical & Legal Issues of AI in Medicine (March 7, 2019)
Ethical & Legal Issues of AI in Medicine (March 7, 2019)Ethical & Legal Issues of AI in Medicine (March 7, 2019)
Ethical & Legal Issues of AI in Medicine (March 7, 2019)
 
Three Approaches to Predictive Analytics in Healthcare
Three Approaches to Predictive Analytics in HealthcareThree Approaches to Predictive Analytics in Healthcare
Three Approaches to Predictive Analytics in Healthcare
 
Predictions And Analytics In Healthcare: Advancements In Machine Learning
Predictions And Analytics In Healthcare: Advancements In Machine LearningPredictions And Analytics In Healthcare: Advancements In Machine Learning
Predictions And Analytics In Healthcare: Advancements In Machine Learning
 
New Access Models for Healthcare
New Access Models for HealthcareNew Access Models for Healthcare
New Access Models for Healthcare
 

More from Tyrone Grandison

Global Scientific Research as a Tool to Unlock and Engage Talent and Expand t...
Global Scientific Research as a Tool to Unlock and Engage Talent and Expand t...Global Scientific Research as a Tool to Unlock and Engage Talent and Expand t...
Global Scientific Research as a Tool to Unlock and Engage Talent and Expand t...Tyrone Grandison
 
Learning From the COViD-19 Global Pandemic
Learning From the COViD-19 Global PandemicLearning From the COViD-19 Global Pandemic
Learning From the COViD-19 Global PandemicTyrone Grandison
 
Systemic Barriers in Technology: Striving for Equity and Access
Systemic Barriers in Technology: Striving for Equity and AccessSystemic Barriers in Technology: Striving for Equity and Access
Systemic Barriers in Technology: Striving for Equity and AccessTyrone Grandison
 
Are There Ethical Limits to What Science Can Achieve or Should Pursue?
Are There Ethical Limits to What Science Can Achieve or Should Pursue?Are There Ethical Limits to What Science Can Achieve or Should Pursue?
Are There Ethical Limits to What Science Can Achieve or Should Pursue?Tyrone Grandison
 
Using Data and Computing for the Greater Good
Using Data and Computing for the Greater GoodUsing Data and Computing for the Greater Good
Using Data and Computing for the Greater GoodTyrone Grandison
 
How to effectively collaborate with your IT Departments to Develop Secure IA ...
How to effectively collaborate with your IT Departments to Develop Secure IA ...How to effectively collaborate with your IT Departments to Develop Secure IA ...
How to effectively collaborate with your IT Departments to Develop Secure IA ...Tyrone Grandison
 
DOES innovation Lab Launch
DOES innovation Lab LaunchDOES innovation Lab Launch
DOES innovation Lab LaunchTyrone Grandison
 
Creating Chandler's IT Strategic Plan
Creating Chandler's IT Strategic PlanCreating Chandler's IT Strategic Plan
Creating Chandler's IT Strategic PlanTyrone Grandison
 
Inventing with Purpose, Intention and Focus
Inventing with Purpose, Intention and FocusInventing with Purpose, Intention and Focus
Inventing with Purpose, Intention and FocusTyrone Grandison
 
Becoming a Nation of Innovation
Becoming a Nation of InnovationBecoming a Nation of Innovation
Becoming a Nation of InnovationTyrone Grandison
 
Running Mixed Workloads on Kubernetes at IHME
Running Mixed Workloads on Kubernetes at IHMERunning Mixed Workloads on Kubernetes at IHME
Running Mixed Workloads on Kubernetes at IHMETyrone Grandison
 
ISPAB Presentation - The Commerce Data Service
ISPAB Presentation - The Commerce Data ServiceISPAB Presentation - The Commerce Data Service
ISPAB Presentation - The Commerce Data ServiceTyrone Grandison
 
Building APIs in Government for Social Good
Building APIs in Government for Social GoodBuilding APIs in Government for Social Good
Building APIs in Government for Social GoodTyrone Grandison
 
Enabling Data-Driven Private-Public Collaborations
Enabling Data-Driven Private-Public CollaborationsEnabling Data-Driven Private-Public Collaborations
Enabling Data-Driven Private-Public CollaborationsTyrone Grandison
 
Creating a Data-Driven Government: Big Data With Purpose
Creating a Data-Driven Government: Big Data With PurposeCreating a Data-Driven Government: Big Data With Purpose
Creating a Data-Driven Government: Big Data With PurposeTyrone Grandison
 
Security and Privacy in Healthcare
Security and Privacy in HealthcareSecurity and Privacy in Healthcare
Security and Privacy in HealthcareTyrone Grandison
 
Publishing in Biomedical Data Science
Publishing in Biomedical Data SciencePublishing in Biomedical Data Science
Publishing in Biomedical Data ScienceTyrone Grandison
 

More from Tyrone Grandison (20)

Global Scientific Research as a Tool to Unlock and Engage Talent and Expand t...
Global Scientific Research as a Tool to Unlock and Engage Talent and Expand t...Global Scientific Research as a Tool to Unlock and Engage Talent and Expand t...
Global Scientific Research as a Tool to Unlock and Engage Talent and Expand t...
 
Learning From the COViD-19 Global Pandemic
Learning From the COViD-19 Global PandemicLearning From the COViD-19 Global Pandemic
Learning From the COViD-19 Global Pandemic
 
Systemic Barriers in Technology: Striving for Equity and Access
Systemic Barriers in Technology: Striving for Equity and AccessSystemic Barriers in Technology: Striving for Equity and Access
Systemic Barriers in Technology: Striving for Equity and Access
 
COVID and the Ederly
COVID and the EderlyCOVID and the Ederly
COVID and the Ederly
 
Are There Ethical Limits to What Science Can Achieve or Should Pursue?
Are There Ethical Limits to What Science Can Achieve or Should Pursue?Are There Ethical Limits to What Science Can Achieve or Should Pursue?
Are There Ethical Limits to What Science Can Achieve or Should Pursue?
 
Using Data and Computing for the Greater Good
Using Data and Computing for the Greater GoodUsing Data and Computing for the Greater Good
Using Data and Computing for the Greater Good
 
How to effectively collaborate with your IT Departments to Develop Secure IA ...
How to effectively collaborate with your IT Departments to Develop Secure IA ...How to effectively collaborate with your IT Departments to Develop Secure IA ...
How to effectively collaborate with your IT Departments to Develop Secure IA ...
 
DOES innovation Lab Launch
DOES innovation Lab LaunchDOES innovation Lab Launch
DOES innovation Lab Launch
 
Creating Chandler's IT Strategic Plan
Creating Chandler's IT Strategic PlanCreating Chandler's IT Strategic Plan
Creating Chandler's IT Strategic Plan
 
Inventing with Purpose, Intention and Focus
Inventing with Purpose, Intention and FocusInventing with Purpose, Intention and Focus
Inventing with Purpose, Intention and Focus
 
Becoming a Nation of Innovation
Becoming a Nation of InnovationBecoming a Nation of Innovation
Becoming a Nation of Innovation
 
Running Mixed Workloads on Kubernetes at IHME
Running Mixed Workloads on Kubernetes at IHMERunning Mixed Workloads on Kubernetes at IHME
Running Mixed Workloads on Kubernetes at IHME
 
The Power Of Open
The Power Of OpenThe Power Of Open
The Power Of Open
 
ISPAB Presentation - The Commerce Data Service
ISPAB Presentation - The Commerce Data ServiceISPAB Presentation - The Commerce Data Service
ISPAB Presentation - The Commerce Data Service
 
Building APIs in Government for Social Good
Building APIs in Government for Social GoodBuilding APIs in Government for Social Good
Building APIs in Government for Social Good
 
Enabling Data-Driven Private-Public Collaborations
Enabling Data-Driven Private-Public CollaborationsEnabling Data-Driven Private-Public Collaborations
Enabling Data-Driven Private-Public Collaborations
 
Creating a Data-Driven Government: Big Data With Purpose
Creating a Data-Driven Government: Big Data With PurposeCreating a Data-Driven Government: Big Data With Purpose
Creating a Data-Driven Government: Big Data With Purpose
 
Security and Privacy in Healthcare
Security and Privacy in HealthcareSecurity and Privacy in Healthcare
Security and Privacy in Healthcare
 
Publishing in Biomedical Data Science
Publishing in Biomedical Data SciencePublishing in Biomedical Data Science
Publishing in Biomedical Data Science
 
The Big Think
The Big ThinkThe Big Think
The Big Think
 

Recently uploaded

Nutrition of OCD for my Nutritional Neuroscience Class
Nutrition of OCD for my Nutritional Neuroscience ClassNutrition of OCD for my Nutritional Neuroscience Class
Nutrition of OCD for my Nutritional Neuroscience Classmanuelazg2001
 
Plasma proteins and their functions for Nursing .pptx
Plasma proteins and their functions for Nursing .pptxPlasma proteins and their functions for Nursing .pptx
Plasma proteins and their functions for Nursing .pptxRajendra Dev Bhatt
 
Hypersensitivity and its classification .pptx
Hypersensitivity and its classification .pptxHypersensitivity and its classification .pptx
Hypersensitivity and its classification .pptxAkshay Shetty
 
SHOCK (Medical SURGICAL BASED EDITION)).pptx
SHOCK (Medical SURGICAL BASED EDITION)).pptxSHOCK (Medical SURGICAL BASED EDITION)).pptx
SHOCK (Medical SURGICAL BASED EDITION)).pptxAbhishek943418
 
COVID-19 (NOVEL CORONA VIRUS DISEASE PANDEMIC ).pptx
COVID-19  (NOVEL CORONA  VIRUS DISEASE PANDEMIC ).pptxCOVID-19  (NOVEL CORONA  VIRUS DISEASE PANDEMIC ).pptx
COVID-19 (NOVEL CORONA VIRUS DISEASE PANDEMIC ).pptxBibekananda shah
 
Musculoskeletal disorders: Osteoarthritis,.pptx
Musculoskeletal disorders: Osteoarthritis,.pptxMusculoskeletal disorders: Osteoarthritis,.pptx
Musculoskeletal disorders: Osteoarthritis,.pptxraviapr7
 
Tans femoral Amputee : Prosthetics Knee Joints.pptx
Tans femoral Amputee : Prosthetics Knee Joints.pptxTans femoral Amputee : Prosthetics Knee Joints.pptx
Tans femoral Amputee : Prosthetics Knee Joints.pptxKezaiah S
 
Prince Paulraj W HERBAL DRUG TECHNO.pptx
Prince Paulraj W HERBAL DRUG TECHNO.pptxPrince Paulraj W HERBAL DRUG TECHNO.pptx
Prince Paulraj W HERBAL DRUG TECHNO.pptxprincebieber28
 
Study on the Impact of FOCUS-PDCA Management Model on the Disinfection Qualit...
Study on the Impact of FOCUS-PDCA Management Model on the Disinfection Qualit...Study on the Impact of FOCUS-PDCA Management Model on the Disinfection Qualit...
Study on the Impact of FOCUS-PDCA Management Model on the Disinfection Qualit...MehranMouzam
 
CEHPALOSPORINS.pptx By Harshvardhan Dev Bhoomi Uttarakhand University
CEHPALOSPORINS.pptx By Harshvardhan Dev Bhoomi Uttarakhand UniversityCEHPALOSPORINS.pptx By Harshvardhan Dev Bhoomi Uttarakhand University
CEHPALOSPORINS.pptx By Harshvardhan Dev Bhoomi Uttarakhand UniversityHarshChauhan475104
 
METHODS OF ACQUIRING KNOWLEDGE IN NURSING.pptx by navdeep kaur
METHODS OF ACQUIRING KNOWLEDGE IN NURSING.pptx by navdeep kaurMETHODS OF ACQUIRING KNOWLEDGE IN NURSING.pptx by navdeep kaur
METHODS OF ACQUIRING KNOWLEDGE IN NURSING.pptx by navdeep kaurNavdeep Kaur
 
Presentation on Parasympathetic Nervous System
Presentation on Parasympathetic Nervous SystemPresentation on Parasympathetic Nervous System
Presentation on Parasympathetic Nervous SystemPrerana Jadhav
 
Glucagon-9.pptx- Physiology, functions, regulation
Glucagon-9.pptx- Physiology, functions, regulationGlucagon-9.pptx- Physiology, functions, regulation
Glucagon-9.pptx- Physiology, functions, regulationSai Sailesh Kumar Goothy
 
Systemic Lupus Erythematosus -SLE PT2.ppt
Systemic  Lupus  Erythematosus -SLE PT2.pptSystemic  Lupus  Erythematosus -SLE PT2.ppt
Systemic Lupus Erythematosus -SLE PT2.pptraviapr7
 
PNEUMOTHORAX AND ITS MANAGEMENTS.pdf
PNEUMOTHORAX   AND  ITS  MANAGEMENTS.pdfPNEUMOTHORAX   AND  ITS  MANAGEMENTS.pdf
PNEUMOTHORAX AND ITS MANAGEMENTS.pdfDolisha Warbi
 
Aditi Jagtap (Daughter of Ranjit Jagtap).pdf
Aditi Jagtap (Daughter of Ranjit Jagtap).pdfAditi Jagtap (Daughter of Ranjit Jagtap).pdf
Aditi Jagtap (Daughter of Ranjit Jagtap).pdfAditi Jagtap Pune
 
Informed Consent Empowering Healthcare Decision-Making.pptx
Informed Consent Empowering Healthcare Decision-Making.pptxInformed Consent Empowering Healthcare Decision-Making.pptx
Informed Consent Empowering Healthcare Decision-Making.pptxSasikiranMarri
 
PULMONARY EDEMA AND ITS MANAGEMENT.pdf
PULMONARY EDEMA AND  ITS  MANAGEMENT.pdfPULMONARY EDEMA AND  ITS  MANAGEMENT.pdf
PULMONARY EDEMA AND ITS MANAGEMENT.pdfDolisha Warbi
 

Recently uploaded (20)

Nutrition of OCD for my Nutritional Neuroscience Class
Nutrition of OCD for my Nutritional Neuroscience ClassNutrition of OCD for my Nutritional Neuroscience Class
Nutrition of OCD for my Nutritional Neuroscience Class
 
Plasma proteins and their functions for Nursing .pptx
Plasma proteins and their functions for Nursing .pptxPlasma proteins and their functions for Nursing .pptx
Plasma proteins and their functions for Nursing .pptx
 
JANGAMA VISHA .pptx-
JANGAMA VISHA .pptx-JANGAMA VISHA .pptx-
JANGAMA VISHA .pptx-
 
Hypersensitivity and its classification .pptx
Hypersensitivity and its classification .pptxHypersensitivity and its classification .pptx
Hypersensitivity and its classification .pptx
 
SHOCK (Medical SURGICAL BASED EDITION)).pptx
SHOCK (Medical SURGICAL BASED EDITION)).pptxSHOCK (Medical SURGICAL BASED EDITION)).pptx
SHOCK (Medical SURGICAL BASED EDITION)).pptx
 
COVID-19 (NOVEL CORONA VIRUS DISEASE PANDEMIC ).pptx
COVID-19  (NOVEL CORONA  VIRUS DISEASE PANDEMIC ).pptxCOVID-19  (NOVEL CORONA  VIRUS DISEASE PANDEMIC ).pptx
COVID-19 (NOVEL CORONA VIRUS DISEASE PANDEMIC ).pptx
 
Navigating Advances in Alzheimer’s Disease: An Expert Consult on Integrating ...
Navigating Advances in Alzheimer’s Disease: An Expert Consult on Integrating ...Navigating Advances in Alzheimer’s Disease: An Expert Consult on Integrating ...
Navigating Advances in Alzheimer’s Disease: An Expert Consult on Integrating ...
 
Musculoskeletal disorders: Osteoarthritis,.pptx
Musculoskeletal disorders: Osteoarthritis,.pptxMusculoskeletal disorders: Osteoarthritis,.pptx
Musculoskeletal disorders: Osteoarthritis,.pptx
 
Tans femoral Amputee : Prosthetics Knee Joints.pptx
Tans femoral Amputee : Prosthetics Knee Joints.pptxTans femoral Amputee : Prosthetics Knee Joints.pptx
Tans femoral Amputee : Prosthetics Knee Joints.pptx
 
Prince Paulraj W HERBAL DRUG TECHNO.pptx
Prince Paulraj W HERBAL DRUG TECHNO.pptxPrince Paulraj W HERBAL DRUG TECHNO.pptx
Prince Paulraj W HERBAL DRUG TECHNO.pptx
 
Study on the Impact of FOCUS-PDCA Management Model on the Disinfection Qualit...
Study on the Impact of FOCUS-PDCA Management Model on the Disinfection Qualit...Study on the Impact of FOCUS-PDCA Management Model on the Disinfection Qualit...
Study on the Impact of FOCUS-PDCA Management Model on the Disinfection Qualit...
 
CEHPALOSPORINS.pptx By Harshvardhan Dev Bhoomi Uttarakhand University
CEHPALOSPORINS.pptx By Harshvardhan Dev Bhoomi Uttarakhand UniversityCEHPALOSPORINS.pptx By Harshvardhan Dev Bhoomi Uttarakhand University
CEHPALOSPORINS.pptx By Harshvardhan Dev Bhoomi Uttarakhand University
 
METHODS OF ACQUIRING KNOWLEDGE IN NURSING.pptx by navdeep kaur
METHODS OF ACQUIRING KNOWLEDGE IN NURSING.pptx by navdeep kaurMETHODS OF ACQUIRING KNOWLEDGE IN NURSING.pptx by navdeep kaur
METHODS OF ACQUIRING KNOWLEDGE IN NURSING.pptx by navdeep kaur
 
Presentation on Parasympathetic Nervous System
Presentation on Parasympathetic Nervous SystemPresentation on Parasympathetic Nervous System
Presentation on Parasympathetic Nervous System
 
Glucagon-9.pptx- Physiology, functions, regulation
Glucagon-9.pptx- Physiology, functions, regulationGlucagon-9.pptx- Physiology, functions, regulation
Glucagon-9.pptx- Physiology, functions, regulation
 
Systemic Lupus Erythematosus -SLE PT2.ppt
Systemic  Lupus  Erythematosus -SLE PT2.pptSystemic  Lupus  Erythematosus -SLE PT2.ppt
Systemic Lupus Erythematosus -SLE PT2.ppt
 
PNEUMOTHORAX AND ITS MANAGEMENTS.pdf
PNEUMOTHORAX   AND  ITS  MANAGEMENTS.pdfPNEUMOTHORAX   AND  ITS  MANAGEMENTS.pdf
PNEUMOTHORAX AND ITS MANAGEMENTS.pdf
 
Aditi Jagtap (Daughter of Ranjit Jagtap).pdf
Aditi Jagtap (Daughter of Ranjit Jagtap).pdfAditi Jagtap (Daughter of Ranjit Jagtap).pdf
Aditi Jagtap (Daughter of Ranjit Jagtap).pdf
 
Informed Consent Empowering Healthcare Decision-Making.pptx
Informed Consent Empowering Healthcare Decision-Making.pptxInformed Consent Empowering Healthcare Decision-Making.pptx
Informed Consent Empowering Healthcare Decision-Making.pptx
 
PULMONARY EDEMA AND ITS MANAGEMENT.pdf
PULMONARY EDEMA AND  ITS  MANAGEMENT.pdfPULMONARY EDEMA AND  ITS  MANAGEMENT.pdf
PULMONARY EDEMA AND ITS MANAGEMENT.pdf
 

Using a Policy Spaces Auditor to Check for Temporal Inconsistencies in Healthcare Audit Log Files

  • 1. USING A POLICY SPACES AUDITOR TO CHECK FOR TEMPORAL INCONSISTENCIES IN HEALTHCARE AUDIT LOG FILES Tyrone Grandison, Sean Thorpe LACCEI Symposium of Health Informatics in Latin America and the Caribbean 2013
  • 2. Outline  Motivation  Goal  Prior Work  Policy Spaces  Policy Evaluation Flow  System  Conclusion August 14th, 2013LACCEI Symposium of Health Informatics in Latin America and the Caribbean 2
  • 3. Motivation  Healthcare Core Tenet – Nothing interferes with care delivery.  Healthcare security controls are often bypassed.  Called „break the glass‟ (BtG).  Though useful and necessary in emergencies, it is a security hole.  Malicious users can gain unauthorized privileges & accesses by breaking the glass.  „Break the Glass‟ activity:  Is no longer the exception.  Is logged in healthcare audit files. August 14th, 2013LACCEI Symposium of Health Informatics in Latin America and the Caribbean 3
  • 4. Goal August 14th, 2013LACCEI Symposium of Health Informatics in Latin America and the Caribbean 4  Help to determine when Break the Glass is being abused Leverage prior work. Analyze audit logs to spot temporal inconsistencies. Bring them to the attention of the security team.
  • 5. Prior Work August 14th, 2013LACCEI Symposium of Health Informatics in Latin America and the Caribbean 5  Policy Coverage (Bhatti and Grandison, 2007).  Access Control policy should state what happens in the security system. Increase the coverage of policy by mining BtG requests in audit log.  Policy Spaces (Ardagna et al., 2008)  Builds on Bhatti and Grandison (2007) & defines model of audit log space.  Exception-based access control (Ardagna et al., 2010)  Creates a more rigorous model from Ardagna et. al. (2008).
  • 6. Policy Spaces August 14th, 2013LACCEI Symposium of Health Informatics in Latin America and the Caribbean 6  Authorized Accesses (P+).  Traditional access control policies.  Intuitively, P+ includes positive authorizations regulating „common practice‟.  Denied Accesses (P−).  Access control policies that are used to prevent abuses.  Policies in this space are meant to limit exceptions that can result in unauthorized accesses exploiting BtG.
  • 7. Policy Spaces August 14th, 2013LACCEI Symposium of Health Informatics in Latin America and the Caribbean 7  Planned Exceptions (EP).  Regulate access requests that do not fall into the normal routine.  i.e. exceptions that can be foreseen, for example, according to past observations.  Associated with, and indexed by, conditions on the context information  represented by attributes in exception space E and on dynamic information in the profiles (e.g., status of the patient), which are used to restrict their applicability.  Policies in EP cannot override policies in P−.  Unplanned Exceptions (EU).  Policies regulating all access requests not covered by the previous policy spaces (P+, P−, and EP).  Space EU is composed of two sub-spaces, denoted EU+ and EU-, respectively.  EU- enforces the deny-all default policy and is applicable to all requests that happen in non- emergency cases, when the enforcement of the BtG principle would be an abuse.  EU+ enforces the permit-all default policy and is applicable to all requests that happen in emergency situations, thus allowing all accesses not explicitly allowed or denied by policies in other spaces.  All the accesses falling in EU are inserted into an auditing log for a posteriori analysis.
  • 8. Policy Evaluation Flow August 14th, 2013LACCEI Symposium of Health Informatics in Latin America and the Caribbean 8
  • 9. System August 14th, 2013LACCEI Symposium of Health Informatics in Latin America and the Caribbean 9  Policy Spaces tool identifies log entries belonging to each space.  Our system (BtG policy space auditor) examines rules in EU.  Enables the health care system administrator, an auditor or a forensic user to specify a timeline and an unplanned exceptions (EU) set to be checked for temporal inconsistencies.  Uses  Happened-before relation  Implies an activity timeline.  Assumes a set of records stating when action occurred.  Simple logic
  • 10. System Use August 14th, 2013LACCEI Symposium of Health Informatics in Latin America and the Caribbean 10  Construct an audit log timeline  i.e. a sequence over the set of events  The BtG space log auditor is launched to evaluate all the events ordered by their timestamp.  If an event evta has a happened-before relation to evtb, but the audit kernel log timestamp (tb) of evtb suggests that evtb occurred before evta then ta and tb are inconsistent.
  • 11. Example August 14th, 2013LACCEI Symposium of Health Informatics in Latin America and the Caribbean 11  Event 1: A patient p must be admitted into the hospital before any other actions are.  Event 2: A healthcare practitioner x cannot prescribe medication for patient p before they have been checked in.  If a prescription event evtb occurs, the check-in event evta must happen before it, and evtb must happen before the check-out event evtc.  The physical time tc at which the event evtc must have occurred must be after the physical time tb at which the event evtb must have occurred, which must in turn be after the physical time ta at which the event evta must have occurred.
  • 12. Conclusion August 14th, 2013LACCEI Symposium of Health Informatics in Latin America and the Caribbean 12  Breaking the Glass is a necessary evil.  Policy Spaces streamlines and optimizes the different types of healthcare security requests.  Leveraging Policy Spaces and a rule-based auditing tool, it is possible to easily detect suspicious activity.  We present temporal inconsistencies.  However, we expect to explore a range of other inconsistencies.
  • 13. THANK YOU August 14th, 2013 13 LACCEI Symposium of Health Informatics in Latin America and the Caribbean
  • 14. BACKUP August 14th, 2013 14 LACCEI Symposium of Health Informatics in Latin America and the Caribbean
  • 15. References August 14th, 2013LACCEI Symposium of Health Informatics in Latin America and the Caribbean 15  Ardagna, C. A., De Capitani di Vimercati, S., Foresti, S., Grandison, T. W., Jajodia, S., and Samarati, P. (2010).“Access control for smarter healthcare using policy spaces”. Computers & Security, 29(8), 848-858.  Ardagna, C. A., di Vimercati, S. D. C., Grandison, T., Jajodia, S., and Samarati, P. (2008).“Regulating exceptions in healthcare using policy spaces”. In Data and Applications Security XXII (pp. 254-267). Springer Berlin Heidelberg.  Bhatti, R., and Grandison, T. (2007). “Towards improved privacy policy coverage in healthcare using policy refinement”. In Secure Data Management (pp. 158-173).Springer Berlin Heidelberg.  Grandison, T., and Davis, J. (2007). “The impact of industry constraints on model-driven data disclosure controls”, In Proc. of the 1st International Workshop on Model-Based Trustworthy Health Information Systems, Nashville, Tennessee, USA.  Rostad, L., and Edsberg, O. (2006). “A study of access control requirements for healthcare systems based on audit trails from access logs”, in: Proc. of the 22ndAnnual Computer Security Applications Conference, Miami Beach, Florida, USA.  Thorpe, S., Ray, I., Grandison, T., Barbir, A., France, R. (2013). “Hypervisor Event Logs as a Source of Consistent Virtual Machine Evidence for Forensic Cloud Investigations”, in: Proc. Of the 27th Annual IFIP WG11.3 Working Conference on Data Security and Privacy(DBSEC), Newark, New Jersey, USA.  Gladyshev, P., and Patel, A. (2005). “Formalizing event time bounding in digital investigations,” International Journal of Digital Evidence. Vol. 4.