Dynamic trust negotiation for decentralised e-health collaborations

In the Internet-age, the geographical boundaries that have previously impinged upon inter-organisational collaborations have become decreasingly important. Of more importance for such collaborations is the notion and subsequent nature of security and trust - this is especially so in open collaborative environments like the Grid where resources can be both made available, subsequently accessed and used by remote users from a multitude of institutions with a variety of different privileges spanning across the collaboration. In this context, the ability to dynamically negotiate and subsequently enforce security policies driven by various levels of inter-organisational trust is essential. Numerous access control solutions exist today to address aspects of inter-organisational security. These include the use of centralised access control lists where all collaborating partners negotiate and agree on privileges required to access shared resources. Other solutions involve delegating aspects of access right management to trusted remote individuals in assigning privileges to their (remote) users. These solutions typically entail negotiations and delegations which are constrained by organisations, people and the static rules they impose. Such constraints often result in a lack of flexibility in what has been agreed; difficulties in reaching agreement, or once established, in subsequently maintaining these agreements. Furthermore, these solutions often reduce the autonomous capacity of collaborating organisations because of the need to satisfy collaborating partners demands. This can result in increased security risks or reducing the granularity of security policies. Underpinning this is the issue of trust. Specifically trust realisation between organisations, between individuals, and/or between entities or systems that are present in multi-domain authorities. Trust negotiation is one approach that allows and supports trust realisation. The thesis introduces a novel model called dynamic trust negotiation (DTN) that supports n-tier negotiation hops for trust realisation in multi-domain collaborative environments with specific focus on e-Health environments. DTN describes how trust pathways can be discovered and subsequently how remote security credentials can be mapped to local security credentials through trust contracts, thereby bridging the gap that makes decentralised security policies difficult to define and enforce. Furthermore, DTN shows how n-tier negotiation hops can limit the disclosure of access control policies and how semantic issues that exist with security attributes in decentralised environments can be reduced. The thesis presents the results from the application of DTN to various clinical trials and the implementation of DTN to Virtual Organisation for Trials of Epidemiological Studies (VOTES). The thesis concludes that DTN can address the issue of realising and establishing trust between systems or agents within the e-Health domain, such as the clinical trials domain.

[1]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[2]  Marianne Winslett,et al.  Limiting the Disclosure of Access Control Policies during Automated Trust Negotiation , 2001, NDSS.

[3]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[4]  Guo Wei,et al.  Dynamic trust evaluation based routing model for ad hoc networks , 2005, Proceedings. 2005 International Conference on Wireless Communications, Networking and Mobile Computing, 2005..

[5]  York Sure-Vetter,et al.  Ontology Mapping - An Integrated Approach , 2004, ESWS.

[6]  Srinivasan Keshav,et al.  REAL: A Network Simulator , 1988 .

[7]  Nicholas R. Jennings,et al.  Efficient mechanisms for the supply of services in multi-agent environments , 1998, ICE '98.

[8]  Robert Thurlow,et al.  RPC: Remote Procedure Call Protocol Specification Version 2 , 2009, RFC.

[9]  Richard O. Sinnott,et al.  Towards Decentralised Security Policies for e-Health Collaborations , 2008, 2008 Second International Conference on Emerging Security Information, Systems and Technologies.

[10]  K.E. Seamons,et al.  Automated trust negotiation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[11]  Russell Housley,et al.  Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructure , 2001 .

[12]  Martin Gaedke,et al.  A modeling approach to federated identity and access management , 2005, WWW '05.

[13]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[14]  Dennis Gannon,et al.  Performance comparison of security mechanisms for grid services , 2004, Fifth IEEE/ACM International Workshop on Grid Computing.

[15]  Richard O. Sinnott,et al.  Trust realisation in collaborative clinical trials systems , 2007 .

[16]  Ian Foster,et al.  The Security Architecture for Open Grid Services , 2002 .

[17]  He Huang,et al.  An approach to certificate path discovery in mobile Ad Hoc networks , 2003, SASN '03.

[18]  Michael Wooldridge,et al.  Semantic Issues in the Verification of Agent Communication Languages , 2000, Autonomous Agents and Multi-Agent Systems.

[19]  P. Macfarlane,et al.  The design of a prospective study of Pravastatin in the Elderly at Risk (PROSPER). PROSPER Study Group. PROspective Study of Pravastatin in the Elderly at Risk. , 1999, The American journal of cardiology.

[20]  Deborah Ashby,et al.  Informed patient consent to participation in cluster randomized trials: an empirical exploration of trials in primary care , 2005, Clinical trials.

[21]  Brian A. Coghlan,et al.  On-demand Trust Evaluation , 2006, 2006 7th IEEE/ACM International Conference on Grid Computing.

[22]  Kerry L. Taylor,et al.  Implementing Role Based Access Control for Federated Information Systems on the Web , 2003, ACSW.

[23]  Richard O. Sinnott,et al.  Advanced Security for Virtual Organizations: The Pros and Cons of Centralized vs Decentralized Security Models , 2008, 2008 Eighth IEEE International Symposium on Cluster Computing and the Grid (CCGRID).

[24]  John Moy,et al.  OSPF Version 2 , 1998, RFC.

[25]  Mahmoud Boufaïda,et al.  Integration of the viewpoint mechanism in federated databases , 2001, SAC.

[26]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[27]  Messaoud Benantar,et al.  Access Control Systems: Security, Identity Management and Trust Models , 2005 .

[28]  Richard O. Sinnott,et al.  Towards a Virtual Anonymisation Grid for Unified Access to Remote Clinical Data , 2008, HealthGrid.

[29]  Ronald L. Rivest,et al.  Certificate Chain Discovery in SPKI/SDSI , 2002, J. Comput. Secur..

[30]  Dennis McLeod,et al.  A federated architecture for information management , 1985, TOIS.

[31]  William Stallings Zhu,et al.  Network Security Essentials : Applications and Standards , 2007 .

[32]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[33]  David R. Karger,et al.  A scalable location service for geographic ad hoc routing , 2000, MobiCom '00.

[34]  Jianxin Li,et al.  TOWER: Practical Trust Negotiation Framework for Grids , 2006, 2006 Second IEEE International Conference on e-Science and Grid Computing (e-Science'06).

[35]  Diana Elbourne,et al.  Data monitoring in randomized controlled trials: surveys of recent practice and policies , 2005, Clinical trials.

[36]  Richard O. Sinnott,et al.  Development of Grid Frameworks for Clinical Trials and Epidemiological Studies , 2006, HealthGrid.

[37]  Marianne Winslett,et al.  Negotiating Trust on the Grid , 2005, Semantic Grid.

[38]  Andy C. Bavier,et al.  Decentralized trust management and accountability in federated systems , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[39]  Ravi S. Sandhu,et al.  Framework for role-based delegation models , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[40]  Elisa Bertino,et al.  Trust-X: A Peer-to-Peer Framework for Trust Establishment , 2004, IEEE Trans. Knowl. Data Eng..

[41]  E. Ferrari,et al.  Trust negotiations: concepts, systems, and languages , 2004, Computing in Science & Engineering.

[42]  Sabrina De Capitani di Vimercati,et al.  An Authorization Model for Federated Systems , 1996, ESORICS.

[43]  Steve Hanna,et al.  Building Certifications Paths: Forward vs. Reverse , 2001, NDSS.

[44]  Richard O. Sinnott,et al.  Formalising Dynamic Trust Negotiations in Decentralised Collaborative e-Health Systems , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[45]  Moritz Y. Becker Cassandra: flexible trust management and its application to electronic health records , 2005 .

[46]  Iain E. Buchan,et al.  Design and implementation of security in a data collection system for epidemiology , 2006, HealthGrid.

[47]  Pedro M. Domingos,et al.  Learning to map between ontologies on the semantic web , 2002, WWW '02.

[48]  William T. Polk,et al.  Public Key Infrastructures that Satisfy Security Goals , 2003, IEEE Internet Comput..

[49]  Jordi Sabater-Mir,et al.  Review on Computational Trust and Reputation Models , 2005, Artificial Intelligence Review.

[50]  Michael D. Green,et al.  Reference Guide on Epidemiology , 1994 .

[51]  Martín Abadi,et al.  A calculus for access control in distributed systems , 1991, TOPL.

[52]  Marianne Winslett,et al.  PeerTrust: Automated Trust Negotiation for Peers on the Semantic Web , 2004, Secure Data Management.

[53]  F. Toni,et al.  Logic agents , dialogues and negotiation : an abductive approach , 2001 .

[54]  Paul A. Karger,et al.  Improving security and performance for capability systems , 1988 .

[55]  Emil C. Lupu,et al.  Reconciling role based management and role based access control , 1997, RBAC '97.

[56]  Jin Tong,et al.  Attributed based access control (ABAC) for Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[57]  Ninghui Li,et al.  Towards practical automated trust negotiation , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[58]  Yildiray Kabak,et al.  Artemis: Deploying semantically enriched Web services in the healthcare domain , 2006, Inf. Syst..

[59]  David Shaw,et al.  OpenPGP Message Format , 1998, RFC.

[60]  Marianne Winslett,et al.  Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation , 2003, TSEC.

[61]  Steven Tuecke,et al.  The Physiology of the Grid An Open Grid Services Architecture for Distributed Systems Integration , 2002 .

[62]  Charles L. Hedrick,et al.  Routing Information Protocol , 1988, RFC.

[63]  Fillia Makedon,et al.  Collaborative automated trust negotiation , 2009 .

[64]  Sabrina De Capitani di Vimercati,et al.  Access control in federated systems , 1996, NSPW '96.

[65]  Marianne Winslett,et al.  Interoperable strategies in automated trust negotiation , 2001, CCS '01.

[66]  Peter Thompson,et al.  Liberty ID-FF Architecture Overview , 2003 .

[67]  David J. Kerr,et al.  Clinical Trials Explained: A Guide to Clinical Trials in the NHS for Healthcare Professionals , 2006 .

[68]  D. Richard Kuhn,et al.  Role-Based Access Controls , 2009, ArXiv.

[69]  A coronary primary prevention study of Scottish men aged 45-64 years: trial design. The West of Scotland Coronary Prevention Study Group. , 1992, Journal of clinical epidemiology.

[70]  Joan Feigenbaum,et al.  The Role of Trust Management in Distributed Systems Security , 2001, Secure Internet Programming.

[71]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[72]  Josep Domingo-Ferrer,et al.  Inference Control in Statistical Databases, From Theory to Practice , 2002 .

[73]  Elizabeth Chang,et al.  Role of the Ontologies in the Context of Grid Computing and Application for the Human Disease Studies , 2004, ICSNW.

[74]  Silvana Castano,et al.  Semantic Information Interoperability in Open Networked Systems , 2004, ICSNW.

[75]  Jacob Slonim,et al.  Owner-controlled information , 2003, NSPW '03.

[76]  Joel H. Saltz,et al.  The Cancer Biomedical Informatics Grid (caBIG™) Security Infrastructure , 2007, AMIA.

[77]  D Kalra,et al.  Security and Confidentiality Approach for the Clinical E-Science Framework (CLEF) , 2003, Methods of Information in Medicine.

[78]  Ninghui Li,et al.  Safety in Automated Trust Negotiation , 2004, IEEE Symposium on Security and Privacy.

[79]  Vern Paxson,et al.  Computing TCP's Retransmission Timer , 2000, RFC.

[80]  Richard O. Sinnott,et al.  Secure, reliable and dynamic access to distributed clinical data , 2006 .

[81]  Richard O. Sinnott,et al.  Blind data aggregation from distributed, protected sources: the future model for security-oriented collaborations , 2008 .

[82]  Robert L. Jesse,et al.  The Clinician as Investigator: Participating in Clinical Trials in the Practice Setting , 2004, Circulation.

[83]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[84]  John S. Baras,et al.  Towards automated negotiation of access control policies , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[85]  Ninghui Li,et al.  Distributed Credential Chain Discovery in Trust Management , 2003, J. Comput. Secur..

[86]  Eric Andonoff,et al.  Agent-based negotiation between partners in loose inter-organizational workflow , 2005, IEEE/WIC/ACM International Conference on Intelligent Agent Technology.

[87]  Yu Zhang,et al.  Access control in peer-to-peer collaborative systems , 2005, 25th IEEE International Conference on Distributed Computing Systems Workshops.

[88]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System Version 2 , 1999, RFC.

[89]  Tahsin Kurc,et al.  Enabling the Provisioning and Management of a Federated Grid Trust Fabric , 2007 .

[90]  William H. Winsborough,et al.  Automated trust negotiation technology with attribute-based access control , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[91]  Andreas Schmid,et al.  Solution for the Counting to Infinity Problem of Distance Vector Routing , 1998 .

[92]  Morris Sloman,et al.  A Security Framework Supporting Domain Based Access Control in Distributed Systems , 1996, NDSS.

[93]  Richard O. Sinnott,et al.  Supporting Decentralized, Security Focused Dynamic Virtual Organizations across the Grid , 2006, 2006 Second IEEE International Conference on e-Science and Grid Computing (e-Science'06).

[94]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[95]  Luigi Rizzo,et al.  Dummynet: a simple approach to the evaluation of network protocols , 1997, CCRV.

[96]  Richard O. Sinnott,et al.  Shibboleth-based Access to and Usage of Grid Resources , 2006, 2006 7th IEEE/ACM International Conference on Grid Computing.

[97]  Ian T. Foster,et al.  A community authorization service for group collaboration , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[98]  David W. Chadwick,et al.  The PERMIS X.509 role based privilege management infrastructure , 2003, Future Gener. Comput. Syst..

[99]  Screening experience and baseline characteristics in the West of Scotland Coronary Prevention Study. The WOSCOPS Study Group. West of Scotland Coronary Prevention Study. , 1995, The American journal of cardiology.

[100]  Richard O. Sinnott,et al.  Dynamic trust negotiation for flexible e-health collaborations , 2008, Mardi Gras Conference.

[101]  Mike J. Boniface,et al.  ARTEMIS: Towards a Secure Interoperability Infrastructure for Healthcare Information Systems , 2005, HealthGrid.

[102]  David W. Chadwick,et al.  Role-Based Access Control With X.509 Attribute Certificates , 2003, IEEE Internet Comput..

[103]  Iain E. Buchan,et al.  PsyGrid: Applying e-Science to Epidemiology , 2006, 19th IEEE Symposium on Computer-Based Medical Systems (CBMS'06).

[104]  Michael Wooldridge,et al.  Languages for Negotiation , 2000, ECAI.

[105]  Andrew Simpson,et al.  On XACML‚ role−based access control‚ and health grids , 2005 .

[106]  Gail-Joon Ahn,et al.  A rule-based framework for role based delegation , 2001, SACMAT '01.

[107]  Steven Tuecke,et al.  An online credential repository for the Grid: MyProxy , 2001, Proceedings 10th IEEE International Symposium on High Performance Distributed Computing.

[108]  Emil C. Lupu,et al.  Role-based security for distributed object systems , 1996, Proceedings of WET ICE '96. IEEE 5th Workshop on Enabling Technologies; Infrastucture for Collaborative Enterprises.

[109]  Mark Handley,et al.  Internet Denial-of-Service Considerations , 2006, RFC.

[110]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[111]  Nikolaos Yialelis Domain-based security for distributed object systems , 1996 .

[112]  P. Macfarlane,et al.  Pravastatin in elderly individuals at risk of vascular disease (PROSPER): a randomised controlled trial , 2002, The Lancet.

[113]  Von Welch Globus toolkit version 4 grid security infras-tructur: A standards perspective , 2004 .

[114]  Dennis McLeod,et al.  Semantic heterogeneity resolution in federated databases by metadata implantation and stepwise evolution , 1999, The VLDB Journal.

[115]  David W. Chadwick Delegation Issuing Service , 2005 .

[116]  B. Lampson,et al.  Protection 1 , 2022 .

[117]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[118]  Ian T. Foster,et al.  A security architecture for computational grids , 1998, CCS '98.

[119]  Fred Baker,et al.  Ingress Filtering for Multihomed Networks , 2004, RFC.

[120]  Ákos Frohner,et al.  From gridmap-file to VOMS: managing authorization in a Grid environment , 2005, Future Gener. Comput. Syst..

[121]  Marianne Winslett,et al.  Traust: a trust negotiation-based authorization service for open systems , 2006, SACMAT '06.

[122]  Richard O. Sinnott,et al.  Initial experiences in developing e-health solutions across Scotland , 2006 .

[123]  P. Elliott,et al.  The UK Biobank sample handling and storage protocol for the collection, processing and archiving of human blood and urine. , 2008, International journal of epidemiology.

[124]  Eric C. Rosen,et al.  The New Routing Algorithm for the ARPANET , 1980, IEEE Trans. Commun..

[125]  Letizia Tanca,et al.  What you Always Wanted to Know About Datalog (And Never Dared to Ask) , 1989, IEEE Trans. Knowl. Data Eng..

[126]  Paul C. van Oorschot,et al.  Countering Identity Theft Through Digital Uniqueness, Location Cross-Checking, and Funneling , 2005, Financial Cryptography.

[127]  H. Yarnaki,et al.  A dynamic programming approach to automated trust negotiation for multiagent systems , 2005, Rational, Robust, and Secure Negotiation Mechanisms in Multi-Agent Systems (RRS'05).

[128]  Sebastian Clauß,et al.  Identity management and its support of multilateral security , 2001, Comput. Networks.

[129]  Zhaoyu Liu,et al.  A dynamic trust model for mobile ad hoc networks , 2004, Proceedings. 10th IEEE International Workshop on Future Trends of Distributed Computing Systems, 2004. FTDCS 2004..

[130]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[131]  Paddy Nixon,et al.  Trust Lifecycle Management in a Global Computing Environment , 2004, Global Computing.

[132]  H. Zimmermann,et al.  OSI Reference Model - The ISO Model of Architecture for Open Systems Interconnection , 1980, IEEE Transactions on Communications.

[133]  Richard O. Sinnott,et al.  Trust Realisation in Multi-domain Collaborative Environments , 2007, 6th IEEE/ACIS International Conference on Computer and Information Science (ICIS 2007).

[134]  Peter W. Macfarlane,et al.  Prevention of Coronary Heart Disease with Pravastatin in Men with Hypercholesterolemia , 2004 .

[135]  Joan Feigenbaum,et al.  KeyNote: Trust Management for Public-Key Infrastructures (Position Paper) , 1998, Security Protocols Workshop.

[136]  Robert Edson,et al.  Evaluating the quality of informed consent , 2005, Clinical trials.

[137]  Charles E. Perkins,et al.  Ad-hoc on-demand distance vector routing , 1999, Proceedings WMCSA'99. Second IEEE Workshop on Mobile Computing Systems and Applications.

[138]  Diana K. Smetters,et al.  Domain-Based Administration of Identity-Based Cryptosystems for Secure Email and IPSEC , 2003, USENIX Security Symposium.

[139]  Roberto Tamassia,et al.  Visualization of automated trust negotiation , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[140]  Nicholas R. Jennings,et al.  A Software Framework for Automated Negotiation , 2004, SELMAS.

[141]  Richard O. Sinnott,et al.  Single Sign-On And Authorization For Dynamic Virtual Organizations , 2006, PRO-VE.

[142]  Mark Turner,et al.  IBHIS: integration broker for heterogeneous information sources , 2003, Proceedings 27th Annual International Computer Software and Applications Conference. COMPAC 2003.

[143]  C.J.H. Mann,et al.  Information Sharing on the Semantic web , 2005 .

[144]  Vijay Varadharajan,et al.  Role-based access control and the access control matrix , 2001, OPSR.

[145]  A Gouveia Oliveira,et al.  Design Aspects of a Distributed Clinical Trials Information System on Behalf Of: the Society for Clinical Trials Data Management and Study Conduct Design Aspects of a Distributed Clinical Trials Information System , 2006 .

[146]  D. Richard Kuhn,et al.  Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems , 1997, RBAC '97.

[147]  Larry Kerschberg,et al.  Knowledge Sifter: Agent-Based Ontology-Driven Search over Heterogeneous Databases Using Semantic Web Services , 2004, ICSNW.

[148]  Charles E. Perkins,et al.  Ad hoc On-Demand Distance Vector (AODV) Routing , 2001, RFC.

[149]  Ronald L. Rivest,et al.  Introduction to Algorithms , 1990 .

[150]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[151]  R. Sandhu,et al.  Access control: principles and practice , 1994, IEEE Commun. Mag..

[152]  Mukesh Singhal,et al.  A Secure Routing Protocol for Wireless Ad Hoc Networks , 2006, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06).

[153]  Bruce Schneier,et al.  Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish) , 1993, FSE.

[154]  John Norrie,et al.  Current Controlled Trials in Cardiovascular Medicine a Prospective Study of Pravastatin in the Elderly at Risk (prosper): Screening Experience and Baseline Characteristics , 2002 .

[155]  Ian T. Foster,et al.  Security for Grid services , 2003, High Performance Distributed Computing, 2003. Proceedings. 12th IEEE International Symposium on.

[156]  Richard O. Sinnott,et al.  A Shibboleth-protected privilege management infrastructure for e-science education , 2006, Sixth IEEE International Symposium on Cluster Computing and the Grid (CCGRID'06).

[157]  Rafael Alonso,et al.  Negotiating data access in federated database systems , 1989, [1989] Proceedings. Fifth International Conference on Data Engineering.

[158]  Ákos Frohner,et al.  VOMS, an Authorization System for Virtual Organizations , 2003, European Across Grids Conference.

[159]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.