On tracker attacks in health grids

The utilisation of grid computing to support healthcare research is becoming increasingly widespread, as is the use of IT to support healthcare delivery. Furthermore, it seems that the two areas are on an inevitable convergence path as clinical communities in several countries start to investigate how real data stored in electronic patient records can be utilised to facilitate research. The use of IT within healthcare gives rise to unique social and ethical challenges; the area of grid computing has given rise to significant novel security challenges; and the anticipated convergence of these two fields will inevitably give a new lease of life to established challenges. In this paper we consider the phenomenon of tracker attacks in this emerging context, and outline a potential approach to addressing the problem.

[1]  Michael Stonebraker,et al.  Access control in a relational data base management system by query modification , 1974, ACM '74.

[2]  Reind P. van de Riet,et al.  Answering queries without revealing secrets , 1983, TODS.

[3]  Csilla Farkas,et al.  Dynamic Disclosure Monitor (D2Mon): An Improved Query Processing Solution , 2005, Secure Data Management.

[4]  Sushil Jajodia,et al.  The inference problem: a survey , 2002, SKDD.

[5]  Andrew C. Simpson,et al.  Protecting sensitive patient data via query modification , 2005, SAC '05.

[6]  Ian Foster,et al.  The Grid 2 - Blueprint for a New Computing Infrastructure, Second Edition , 1998, The Grid 2, 2nd Edition.

[7]  Michael Brady,et al.  eDiamond: A Grid‐Enabled Federated Database of Annotated Mammograms , 2003 .

[8]  David Alan Hanson,et al.  Data security , 1979, ACM-SE 17.

[9]  M. Humber National programme for information technology , 2004, BMJ : British Medical Journal.

[10]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[11]  Theodore D. Friedman,et al.  Towards a Fail-Safe Approach to Secure Databases , 1980, 1980 IEEE Symposium on Security and Privacy.

[12]  Jan Schlörer Disclosure from Statistical Databases: Quantitative Aspects of Trackers , 1980, ACM Trans. Database Syst..

[13]  Nabil R. Adam,et al.  Security-control methods for statistical databases: a comparative study , 1989, ACM Comput. Surv..

[14]  Peter J. Denning,et al.  The tracker: a threat to statistical database security , 1979, TODS.

[15]  J. Powell,et al.  Electronic Health Records Should Support Clinical Research , 2005, Journal of medical Internet research.

[16]  Richard J. Lipton,et al.  Secure databases: protection against user influence , 1979, TODS.

[17]  The Caldicott Report. , 1999, IHRIM : the journal of the Institute of Health Record Information and Management.

[18]  Norman S. Matloff,et al.  A modified random perturbation method for database security , 1994, TODS.

[19]  S. Reiss,et al.  Data-swapping: A technique for disclosure control , 1982 .

[20]  L. Willenborg,et al.  Elements of Statistical Disclosure Control , 2000 .

[21]  George T. Duncan,et al.  Optimal Disclosure Limitation Strategy in Statistical Databases: Deterring Tracker Attacks through Additive Noise , 2000 .

[22]  Andrew C. Simpson,et al.  On Deducibility and Anonymisation in Medical Databases , 2005, Secure Data Management.

[23]  W. Keller,et al.  Disclosure control of microdata , 1990 .

[24]  Farshad Fotouhi,et al.  Disclosure risk measures for the sampling disclosure control method , 2004, SAC '04.

[25]  Sushil Jajodia,et al.  Securing OLAP data cubes against privacy breaches , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[26]  R. Priest Data Protection Act , 1988 .

[27]  Andrew C. Simpson,et al.  Towards secure Grid‐enabled healthcare , 2005, Softw. Pract. Exp..

[28]  Martyn Fletcher,et al.  Applying Security Design Analysis to a service‐based system , 2005, Softw. Pract. Exp..

[29]  Ami Marowka,et al.  The GRID: Blueprint for a New Computing Infrastructure , 2000, Parallel Distributed Comput. Pract..

[30]  Zbigniew Michalewicz Statistical and Scientific Databases , 1991 .

[31]  Niv Ahituv,et al.  Protecting statistical databases against retrieval of private information , 1988, Comput. Secur..

[32]  David S. Munro,et al.  In: Software-Practice and Experience , 2000 .

[33]  Francine Berman,et al.  Overview of the Book: Grid Computing – Making the Global Infrastructure a Reality , 2003 .

[34]  S. Keller-McNulty,et al.  Estimation of Identi ® cation Disclosure Risk in Microdata , 1999 .

[35]  J. Schlörer Identification and Retrieval of Personal Records from a Statistical Data Bank , 1975, Methods of Information in Medicine.

[36]  Dorothy E. Denning,et al.  Are statistical databases secure? , 1899, AFIPS National Computer Conference.

[37]  Jan Schlörer,et al.  Security of statistical databases: multidimensional transformation , 1980, TODS.

[38]  Michael Stonebraker,et al.  Implementation of integrity constraints and views by query modification , 1975, SIGMOD '75.

[39]  Joachim Biskup,et al.  Controlled query evaluation for enforcing confidentiality in complete information systems , 2004, International Journal of Information Security.