论文标题
健康访问经纪人:云中个人健康记录的安全,由患者控制的管理
Health Access Broker: Secure, Patient-Controlled Management of Personal Health Records in the Cloud
论文作者
论文摘要
事实证明,个人健康记录(PHR)的安全和隐私管理管理在现代医疗保健中是一个主要挑战。当前的解决方案通常不会为患者提供实际存储数据的选择,并且还依靠至少一个完全信任的元素,患者也必须信任数据。在这项工作中,我们介绍了健康访问经纪人(HAB),这是一项由患者控制的服务,用于安全性PHR共享(a)不会强加特定的存储位置(对PHR系统唯一地),并且(b)不认为其任何组件完全安全地安全,以防止对抗性威胁。取而代之的是,HAB引入了一种新颖的审计和入侵检测机制,在该机制中,其工作流程被牢固地记录并进行了不断检查,以提供数据访问的可审核性并迅速检测到任何入侵。
Secure and privacy-preserving management of Personal Health Records (PHRs) has proved to be a major challenge in modern healthcare. Current solutions generally do not offer patients a choice in where the data is actually stored and also rely on at least one fully trusted element that patients must also trust with their data. In this work, we present the Health Access Broker (HAB), a patient-controlled service for secure PHR sharing that (a) does not impose a specific storage location (uniquely for a PHR system), and (b) does not assume any of its components to be fully secure against adversarial threats. Instead, HAB introduces a novel auditing and intrusion-detection mechanism where its workflow is securely logged and continuously inspected to provide auditability of data access and quickly detect any intrusions.
