Michael Karlinger

Pseudonymization with Metadata Encryption for Privacy-Preserving Searchable Documents

The average costs of data leakage are steadily on the rise. As a consequence, several data security and access control mechanisms have been introduced, ranging from data encryption to intrusion detection or role-based access control, doing a great work in protecting sensitive information. However, the majority of these concepts are centrally controlled by administrators, who are one of the major threats to corporate security. This work presents a security protocol for data privacy that is strictly controlled by the data owner. Therefore, we integrate pseudonymization and encryption techniques to create a methodology that uses pseudonyms as access control mechanism, protects secret cryptographic keys by a layer-based security model, and provides privacy-preserving querying.

A HYBRID APPROACH INTEGRATING ENCRYPTION AND PSEUDONYMIZATION FOR PROTECTING ELECTRONIC HEALTH RECORDS

Federated Health Information Systems (FHIS) integrate autonomous information systems of participating health care providers to facilitate the exchange of Electronic Health Records (EHR), which improve the quality and efficiency of patients’ care. However, the main problem with collecting and maintaining the sensitive data in electronic form is the issue of preserving data confidentiality and patients’ privacy. Although multiple technical measures to restrict access to only authorized persons are implemented, they are usually aimed against external attackers. In this work, we propose to integrate pseudonymization and encryption to a hybrid approach which not only protects against external attackers, but also ensures that even potential internal attackers with full data access, like administrators, cannot gain any useful information.

PERiMETER – pseudonymization and personal metadata encryption for privacy-preserving searchable documents

The average costs of data leakage are steadily on the rise. Especially in healthcare, the disclosure of sensitive information may have unfavorable consequences for the patient. As a consequence, several data security and access control mechanisms have been introduced, ranging from data encryption to intrusion detection or role-based access control, doing a great work in protecting sensitive information. However, the majority of these concepts are centrally controlled by administrators who are a major threat to the patients’ privacy. Apart from administrators, other internal persons, such as hospital staff members, may exploit their access rights to snoop around in private health data. This work presents PERiMETER, a security protocol for data privacy that is strictly controlled by the data owner. It integrates pseudonymization and encryption to create a methodology that uses pseudonyms as access control mechanism, protects secret cryptographic keys by a layer-based security model, and provides privacy-preserving querying.

Exploiting Process Patterns and Process Instances to Support Adaptability of Dynamic Business Processes

The traditional approach for business process modeling is rather static, since all possible process flows must be specified at design-time. This restricts the possibility of the user to react to unexpected situations, so conventional business processes cannot represent the flexible way in which human actors would handle discrepancies between real-world and computerized activities. This paper presents a new approach for dynamic business processes that automatically adapts to changed circumstances based on domain-specific process patterns and an evaluation of related process instances. The presented approach not only finds potential alternatives for failed activities, it also ranks them by exploiting process knowledge implicitly captured by former business process execution.

Keys in XML: Capturing Identification and Uniqueness

In this article a new type of key constraint in XML, called an XKey , is proposed. The motivation for an XKey is based on the observation that existing approaches do not always capture the fundamental properties of a key, namely identification and uniqueness, and it is shown that an XKey always has these properties. It is also shown that an XKey has the desirable property of extending the notion of a relational key.

Converting Opinion into Knowledge

A vast majority of internet users has adopted new ways and possibilities of interaction and information exchange on the social web. Individuals are becoming accustomed to contribute and express their opinion on various platforms and websites. Commercial online polls allow operators of online newspapers, blogs and other forms of media sites to provide such services to their users. Consequently, their popularity is rapidly increasing and more and more potential areas of application emerge. However, in most cases the expressed opinions are stored and displayed without any further actions and the knowledge that lies in the answers is discarded.

Verschlüsselung bei ausgelagerter Datenhaltung

ZusammenfassungenTraditionell wird Vertraulichkeit bei ausgelagerten Daten durch das den Serviceprovidern entgegengebrachte Vertrauen, durch vertragliche Regelungen zum Datenschutz sowie Mechanismen zur Zugriffskontrolle und - protokollierung erreicht. Zunehmende Datendiebstähle und dadurch verursachte Schäden erfordern weitere technische Maßnahmen. Sichere Datenverschlüsselung und effiziente Abfragebearbeitung sind schwierig gemeinsam zu erreichen, sodass diesbezüglich oft Kompromisse eingegangen werden. Gleichzeitig bestehen Wahlmöglichkeiten hinsichtlich der Entscheidung, ob Datenverschlüsselung und Abfragebearbeitung am Server oder am Client stattfindet.

Exploiting Semantic Activity Labels to Facilitate Consistent Specialization of Abstract Process Activities

Designing business processes from scratch is an intricate and challenging task for process modellers. For this reason, the reuse of process patterns has become an integral part of process modelling in order to deal with recurring design issues in a given domain when modelling new business processes and variants thereof. The specialization of abstract process activities remains a key issue in process pattern reuse. Depending on the intended purpose of process pattern reuse, the specialization of abstract process activities typically ranges from the substitution of abstract process activities with sub-processes to the substitution of activity labels with specialized labels. The specialization of abstract process activities through label specialization has been hardly investigated so far in the business process community. The approach presented in this paper achieves consistent specialization of abstract process activities by ensuring consistent specialization of activity labels through exploitation of semantic activity labels as introduced in previous work. Semantic activity labels encode the linguistic meaning of process activities and thereby facilitate the establishment of consistency criteria based on the implicit semantics captured by activity labels.