Skip to main content
SpringerLink
Log in

Preserving Data Privacy in e-Health

  • Chapter
Book cover Engineering Secure Future Internet Services and Systems

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8431))

  • 1339 Accesses

Abstract

Privacy of data is a crucial aspect in nowadays life, from economy to leisure, from public administration to healthcare. Specification, authoring, and validation of appropriate policies are the basis for the sound application of such policies during the subsequent enforcement phase. This chapter reviews different components in a framework for privacy policy management and specifically focuses on the e-health scenario. Starting from different existing approaches to policy authoring and policy validation, we then focus on a specific solution aiming at integrating three tools covering the whole phase of policy generation, i.e., a user-friendly authoring tool allowing definition of privacy preferences in natural language, a formal analysis tool to detect conflicts among policies, and a conflict solver implementing a solution strategy that privileges the most specific policy among a set of conflicting ones.

The research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grant no 256980 (NESSoS) and from the Registro.it project MobiCare.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Al-Shaer, E.S., Hamed, H.H.: Firewall policy advisor for anomaly discovery and rule editing. In: Goldszmidt, G., Schönwälder, J. (eds.) Integrated Network Management VII. IFIP, vol. 118, pp. 17–30. Springer, Boston (2003)

    Google Scholar 

  2. Arenas, A.E., Aziz, B., Bicarregui, J., Wilson, M.D.: An Event-B Approach to Data Sharing Agreements. In: Méry, D., Merz, S. (eds.) IFM 2010. LNCS, vol. 6396, pp. 28–42. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  3. Axiomatics.com. Policy Administrator Point, http://goo.gl/A5OEHW (last checked July 24, 2013)

  4. Bicarregui, J., Arenas, A., Aziz, B., Massonet, P., Ponsard, C.: Towards Modelling Obligations in Event-B. In: Börger, E., Butler, M., Bowen, J.P., Boca, P. (eds.) ABZ 2008. LNCS, vol. 5238, pp. 181–194. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  5. Brodie, C., et al.: An Empirical Study of Natural Language Parsing of Privacy Policy Rules using the SPARCLE Policy Workbench. In: SOUPS. ACM (2006)

    Google Scholar 

  6. Brodie, C., et al.: The Coalition Policy Management Portal for Policy Authoring, Verification, and Deployment. In: POLICY, pp. 247–249 (2008)

    Google Scholar 

  7. Cholvy, L., Cuppens, F.: Analyzing consistency of security policies. In: IEEE Symposium on Security and Privacy, pp. 103–112 (1997)

    Google Scholar 

  8. Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., Talcott, C. (eds.): All About Maude - A High-Performance Logical Framework. LNCS, vol. 4350. Springer, Heidelberg (2007)

    MATH  Google Scholar 

  9. Colombo, M., Martinelli, F., Matteucci, I., Petrocchi, M.: Context-aware analysis of data sharing agreements. In: Advances in Human-Oriented and Personalized Mechanisms, Technologies and Services (2010)

    Google Scholar 

  10. Consequence Project. Infrastructure for data sharing agreements (December 2010), http://goo.gl/is7cpR

  11. Conti, R., Matteucci, I., Mori, P., Petrocchi, M.: Expertise-driven Authoring Tool of Privacy Policies for e-Health. In: Computer-Based Medical Systems, Tech. Rep. IIT-CNR TR-02-2014 (2014)

    Google Scholar 

  12. Cuppens, F., Cuppens-Boulahia, N., Ghorbel, M.B.: High level conflict management strategies in advanced access control models. ENTCS 186, 3–26 (2007)

    Google Scholar 

  13. De Nicola, R., Ferrari, G.-L., Pugliese, R.: Programming Access Control: The KLAIM Experience. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, pp. 48–65. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  14. Dunlop, N., Indulska, J., Raymond, K.: Methods for conflict resolution in policy-based management systems. In: Enterprise Distributed Object Computing, pp. 98–109. IEEE (2003)

    Google Scholar 

  15. Hall-May, M., Kelly, T.: Towards conflict detection and resolution of safety policies. In: Intl. System Safety Conf. (2006)

    Google Scholar 

  16. Hansen, R.R., Nielson, F., Nielson, H.R., Probst, C.W.: Static Validation of Licence Conformance Policies. In: ARES, pp. 1104–1111 (2008)

    Google Scholar 

  17. Jin, J., Ahn, G.-J., Hu, H., Covington, M.J., Zhang, X.: Patient-centric authorization framework for electronic healthcare services. Computers & Security 30(2-3), 116–127 (2011)

    Article  Google Scholar 

  18. Johnson, M., Karat, J., Karat, C.-M., Grueneberg, K.: Optimizing a policy authoring framework for security and privacy policies. In: SOUPS, pp. 8:1–8:9. ACM (2010)

    Google Scholar 

  19. Joint NEMA/COCIR/JIRA Security and Privacy Committee (SPC). Break-glass: An approach to granting emergency access to healthcare systems (2004)

    Google Scholar 

  20. Karat, J., Karat, C.-M., Brodie, C., Feng, J.: Designing Natural Language and Structured Entry Methods for Privacy Policy Authoring. In: Costabile, M.F., Paternó, F. (eds.) INTERACT 2005. LNCS, vol. 3585, pp. 671–684. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  21. Kransner, G.E., Pope, S.: Cookbook for using the Model-View-Controller User Interface paradigm. Object Oriented Programming, 26–49 (1988)

    Google Scholar 

  22. Lunardelli, A., Matteucci, I., Mori, P., Petrocchi, M.: A Prototype for Solving Conflicts in XACML-based e-Health Policies. In: Computer-Based Medical Systems, pp. 449–452. IEEE (2013)

    Google Scholar 

  23. Lupu, E.C., Sloman, M.: Conflicts in policy-based distributed systems management. IEEE Trans. Softw. Eng. 25(6), 852–869 (1999)

    Article  Google Scholar 

  24. Martinelli, F., Matteucci, I., Petrocchi, M., Wiegand, L.: A formal support for collaborative data sharing. In: Quirchmayr, G., Basl, J., You, I., Xu, L., Weippl, E. (eds.) CD-ARES 2012. LNCS, vol. 7465, pp. 547–561. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  25. Masoumzadeh, A., Amini, M., Jalili, R.: Conflict detection and resolution in context-aware authorization. In: Security in Networks and Distributed Systems, pp. 505–511. IEEE (2007)

    Google Scholar 

  26. Matteucci, I., Mori, P., Petrocchi, M.: Prioritized Execution of Privacy Policies. In: Di Pietro, R., Herranz, J., Damiani, E., State, R. (eds.) DPM 2012 and SETOP 2012. LNCS, vol. 7731, pp. 133–145. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  27. Matteucci, I., Mori, P., Petrocchi, M., Wiegand, L.: Controlled data sharing in e-health. In: STAST, pp. 17–23 (2011)

    Google Scholar 

  28. Matteucci, I., Petrocchi, M., Sbodio, M.L.: CNL4DSA: A Controlled Natural Language for Data Sharing Agreements. In: SAC: Privacy on the Web Track. ACM (2010)

    Google Scholar 

  29. Matteucci, I., Petrocchi, M., Sbodio, M.L., Wiegand, L.: A design phase for data sharing agreements. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds.) DPM 2011 and SETOP 2011. LNCS, vol. 7122, pp. 25–41. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  30. Matteucci, I., Petrocchi, M., Sbodio, M.L., Wiegand, L.: A design phase for data sharing agreements. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds.) DPM 2011 and SETOP 2011. LNCS, vol. 7122, pp. 25–41. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  31. Milner, R.: A Calculus of Communicating Systems. Springer-Verlag New York, Inc., Secaucus (1982)

    Google Scholar 

  32. Ni, Q., et al.: Privacy-aware Role-based Access Control. ACM Transactions on Information and System Security 13 (2010)

    Google Scholar 

  33. OASIS. eXtensible Access Control Markup Language (XACML) Version 3.0 (January 2013)

    Google Scholar 

  34. Policy Design Tool (2009), http://www.alphaworks.ibm.com/tech/policydesigntool

  35. Reeder, R.W., Karat, C.-M., Karat, J., Brodie, C.: Usability challenges in security and privacy policy-authoring interfaces. In: Baranauskas, C., Abascal, J., Barbosa, S.D.J. (eds.) INTERACT 2007. LNCS, vol. 4663, pp. 141–155. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  36. Saaty, T.L.: A scaling method for priorities in hierarchical structures. Journal of Mathematical Psychology 15(3), 234–281 (1977)

    Article  MATH  MathSciNet  Google Scholar 

  37. Saaty, T.L.: Decision-making with the AHP: Why is the principal eigenvector necessary. European Journal of Operational Research 145(1), 85–91 (2003)

    Article  MATH  MathSciNet  Google Scholar 

  38. Saaty, T.L.: Decision making with the Analytic Hierarchy Process. International Journal of Services Sciences 1(1), 83–98 (2008)

    Article  MathSciNet  Google Scholar 

  39. Syukur, E.: Methods for policy conflict detection and resolution in pervasive computing environments. In: Policy Management for Web (WWW 2005), pp. 10–14. ACM (2005)

    Google Scholar 

  40. Verdejo, A., Martí-Oliet, N.: Implementing CCS in Maude 2. ENTCS 71 (2002)

    Google Scholar 

  41. Wishart, R., Corapi, D., Marinovic, S., Sloman, M.: Collaborative Privacy Policy Authoring in a Social Networking Context. In: POLICY, pp. 1–8. IEEE (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Istituto di Informatica e Telematica - C.N.R., Pisa, Italy

    Riccardo Conti, Alessio Lunardelli, Ilaria Matteucci, Paolo Mori & Marinella Petrocchi

Authors
  1. Riccardo Conti
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alessio Lunardelli
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ilaria Matteucci
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Paolo Mori
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Marinella Petrocchi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. INKO, Software Engineering, Universität Duisburg-Essen, 47048, Duisburg, Germany

    Maritta Heisel

  2. Department of Computer Science, KU Leuven, Celestijnenlaan 200A, 3001, Heverlee, Belgium

    Wouter Joosen

  3. Computer Science Department, Network, Information and Computer Security Lab, University of Malaga, 29071, Malaga, Spain

    Javier Lopez

  4. Istituto di Informatica e Telematica (IIT), Consiglio Nazionale delle Ricerche (CNR), Via G. Moruzzi 1, 56124, Pisa, Italy

    Fabio Martinelli

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Conti, R., Lunardelli, A., Matteucci, I., Mori, P., Petrocchi, M. (2014). Preserving Data Privacy in e-Health. In: Heisel, M., Joosen, W., Lopez, J., Martinelli, F. (eds) Engineering Secure Future Internet Services and Systems. Lecture Notes in Computer Science, vol 8431. Springer, Cham. https://doi.org/10.1007/978-3-319-07452-8_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-07452-8_15

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-07451-1

  • Online ISBN: 978-3-319-07452-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation