Secure audit logs to support computer forensics
ACM Transactions on Information and System Security (TISSEC)
Log Auditing through Model-Checking
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Rewriting-Based Techniques for Runtime Verification
Automated Software Engineering
Anonymous Hierarchical Identity-Based Encryption with Constant Size Ciphertexts
Irvine Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography: PKC '09
Monitoring Algorithms for Metric Temporal Logic Specifications
Electronic Notes in Theoretical Computer Science (ENTCS)
Runtime verification using a temporal description logic
FroCoS'09 Proceedings of the 7th international conference on Frontiers of combining systems
Policy auditing over incomplete logs: theory, implementation and applications
Proceedings of the 18th ACM conference on Computer and communications security
Proceedings of the VLDB Endowment
IEEE Security and Privacy
Efficient Selective Identity-Based Encryption Without Random Oracles
Journal of Cryptology
Policy monitoring in first-order temporal logic
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
Hierarchical identity based encryption with constant size ciphertext
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Hi-index | 0.00 |
Developments in health information technology have encouraged the establishment of distributed systems known as Health Information Exchanges (HIEs) to enable the sharing of patient records between institutions. In many cases, the parties running these exchanges wish to limit the amount of information they are responsible for holding because of sensitivities about patient information. Hence, there is an interest in broker-based HIEs that keep limited information in the exchange repositories. However, it is essential to audit these exchanges carefully due to risks of inappropriate data sharing. In this paper, we consider some of the requirements and present a design for auditing broker-based HIEs in a way that controls the information available in audit logs and regulates their release for investigations. Our approach is based on formal rules for audit and the use of Hierarchical Identity-Based Encryption (HIBE) to support staged release of data needed in audits and a balance between automated and manual reviews. We test our methodology via an extension of a standard for auditing HIEs called the Audit Trail and Node Authentication Profile (ATNA) protocol.