Logic programming and databases
Logic programming and databases
The platform for privacy preferences
Communications of the ACM
Logic, Programming, and PROLOG
Logic, Programming, and PROLOG
Efficient comparison of enterprise privacy policies
Proceedings of the 2004 ACM symposium on Applied computing
Privacy and Contextual Integrity: Framework and Applications
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Privacy APIs: Access Control Techniques to Analyze and Verify Legal Privacy Policies
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Attribute-based encryption for fine-grained access control of encrypted data
Proceedings of the 13th ACM conference on Computer and communications security
Ciphertext-Policy Attribute-Based Encryption
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Privacy and Utility in Business Processes
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Attribute-based encryption with non-monotonic access structures
Proceedings of the 14th ACM conference on Computer and communications security
Analyzing Regulatory Rules for Privacy and Security Requirements
IEEE Transactions on Software Engineering
A formal framework for reflective database access control policies
Proceedings of the 15th ACM conference on Computer and communications security
A Formalization of HIPAA for a Medical Messaging System
TrustBus '09 Proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business
A medical database case study for reflective database access control
Proceedings of the first ACM workshop on Security and privacy in medical and home-care systems
Attribute-based encryption with partially hidden encryptor-specified access structures
ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
Attribute-Based Messaging: Access Control and Confidentiality
ACM Transactions on Information and System Security (TISSEC)
PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
Proceedings of the 18th ACM symposium on Access control models and technologies
| Hi-index | 0.00 |
Regulations and policies regarding Electronic Health Information (EHI) are increasingly complex. Federal and State policy makers have called for both education to increase stakeholder understanding of complex policies and improved systems that impose policy restrictions on access and transmission of EHI. Building on prior work formalizing privacy laws as logic programs, we prove that for any privacy policy that conforms to patterns evident in HIPAA, there exists a finite representative hospital database that illustrates how the law applies in all possible hospitals. This representative illustrative example can support new education, new policy development, and new policy debugging tools. Addressing the need for secure transmission of usable EHI, we show how policy formalized as a logic program can also be used to automatically generate a form of access control policy used in Attribute-Based Encryption (ABE). This approach, testable using our representative hospital model, makes it possible to share policy-encrypted data on untrusted cloud servers, or send strategically encrypted data across potentially insecure networks. As part of our study, we built a prototype to secure Health Information Exchange (HIE), with automatically generated ABE policies, and measure its performance.