MobiCom '99 Proceedings of the 5th annual ACM/IEEE international conference on Mobile computing and networking
Charting past, present, and future research in ubiquitous computing
ACM Transactions on Computer-Human Interaction (TOCHI) - Special issue on human-computer interaction in the new millennium, Part 1
Security: for ubiquitous computing
Security: for ubiquitous computing
Pervasive Health Care Applications Face Tough Security Challenges
IEEE Pervasive Computing
The Ponder Policy Specification Language
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Privacy by Design - Principles of Privacy-Aware Ubiquitous Systems
UbiComp '01 Proceedings of the 3rd international conference on Ubiquitous Computing
An architecture for privacy-sensitive ubiquitous computing
Proceedings of the 2nd international conference on Mobile systems, applications, and services
Extending Problem Frames to deal with stakeholder problems: An Agent- and Goal-Oriented Approach
Proceedings of the 2009 ACM symposium on Applied Computing
Ninja: non identity based, privacy preserving authentication for ubiquitous environments
UbiComp '07 Proceedings of the 9th international conference on Ubiquitous computing
Hi-index | 0.00 |
Ubiquitous computing has the potential to significantly improve the quality of healthcare delivery by making relevant patient health history and vital signs readily available on-demand to caregivers. However, this promise of the ability to track electronic health information signals from distributed ubiquitous devices, conflicts with the security and privacy concerns that most people have regarding their personal information and medical history. While security and privacy concerns have been dealt with extensively in mainstream computing, there is need for new techniques and tools that can enable ubiquitous system designers in healthcare domains to build in appropriate levels of protection. Such techniques can help ensure that patient information is minimally but sufficiently available to different stakeholders in the care giving chain, and are useful in ubiquitous environments where traditional security mechanisms may be either impractical or insufficient. This paper presents a goal-centric and policy-driven framework for deriving security and privacy risk mitigation strategies in ubiquitous health information interchange. Specifically, we use scenario analysis and goal-oriented techniques to model security and privacy objectives, threats, and mitigation strategies in the form of safeguards or countermeasures. We demonstrate that traditional solutions are insufficient, while introducing the notion of purpose-driven security policies based on sensitivity meta-tags. We also show how administrative safeguards (such as those required by HIPAA rules) can be refined into intermediate specifications that can be analyzed more systematically. To validate the utility of our approach, we illustrate our major concepts using examples from ubiquitous emergency response scenarios.