endra K. Raj

Secure Access Control for Health Information Sharing Systems

The Health Information Technology for Economic and Clinical Health Act (HITECH) of 2009 encourages healthcare providers to share information to improve healthcare quality at reduced cost. Such information sharing, however, raises security and privacy concerns that require appropriate access control mechanisms to ensure Health Insurance Portability and Accountability Act (HIPAA) compliance. Current approaches such as Role-Based Access Control (RBAC) and its variants, and newer approaches such as Attribute-Based Access Control (ABAC) are inadequate. RBAC provides simple administration of access control and user permission review, but demands complex initial role engineering and makes access control inflexible. ABAC, on the other hand, simplifies initial setup but increases the complexity of managing privileges and user permissions. These limitations have motivated research into the development of newer access control models that use attributes and policies while preserving RBACs strengths. The BiLayer Access Control (BLAC) model is a two-step method being proposed to integrate attributes with roles: an access request is checked against pseudoroles, i.e., the list of subject attributes (first layer), and then against rules within the policies (second layer) associated with the requested object. This paper motivates the BLAC approach, outlines the BLAC model, and illustrates its usefulness to healthcare information sharing environments.

Using Open Source Software in Computer Science Courses

Open source software (OSS) has become mainstream in recent years, making a wide variety of software tools available to instructors and students. In particular, a large collection of OSS source code is now available for use in college courses in disciplines that involve software development. Concomitantly, computer science (CS) educators have been exploring different ways to reinvigorate the CS curriculum to make it more attractive, amenable, and applicable to college students. We regard appropriate OSS use to represent a major prong of a multi-pronged approach to a revamped CS curriculum. Due to our use of OSS in advanced CS courses, our students have gained useful insights into software design and development. They have also felt empowered as they worked on real-world team projects that do not necessarily end with the academic term. This paper uses a database system implementation course to illustrate our approach to OSS and provides an initial assessment

Measurement of locality specific resilience

Resilience has been defined at the local, state, and national levels, and subsequent attempts to refine the definition have added clarity. Quantitative measurements, however, are crucial to a shared understanding of resilience. This paper reviews the evolution of resiliency indicators and metrics and suggests extensions to current indicators to measure functional resilience at a jurisdictional or community level. Using a management systems approach, an input/output model may be developed to demonstrate abilities, actions, and activities needed to support a desired outcome. Applying systematic gap analysis and an improvement cycle with defined metrics, the paper proposes a model to evaluate a communitys operational capability to respond to stressors. As each locality is different-with unique risks, strengths, and weaknesses-the model incorporates these characteristics and calculates a relative measure of maturity for that community. Any community can use the resulting model output to plan and improve its resiliency capabilities.

Regional response to large-scale emergency events

A widespread emergency event in the United States triggers the activation of a regional emergency operations center that manages a coordinated response to the disaster. Historically, the time-critical decisions made by emergency managers in the face of incomplete information and inadequate historical emergency event data have been guided primarily by their experience. The learning curve for emergency managers, especially novice managers, is steep, and is exacerbated by the complexity and scope of emergency events. This paper proposes a methodology designed to provide emergency managers with locality-specific information and resource allocation recommendations for large-scale event response, creating the foundation for a decision support system that draws on emergency event data. This work is the first to use locally-specific data for an emergency management decision support system. Two major allocation scenarios that influence the number of resources allocated to an event are considered and solutions are suggested to address them. Although the methodology is developed for a mid-sized region, it is generalizable to any region.

Information management and decision support in critical infrastructure emergencies at the local level

In a critical infrastructure disaster incident, emergency managers are often compelled to make time-critical decisions based on incomplete information streaming in at disparate times from multiple data sources. As the incident progresses, the ability to predict where additional resources will be needed is crucial to both response and recovery. Decision making and prediction in this context requires combining (fusing) incoming data streams; presenting relevant information from these streams in a form appropriate for each user; and using data from similar historical events to predict resource needs and incident evolution. This paper discusses the role of data fusion, data integration, and data mining in decision making for municipal or regional emergency managers. It also explores the implementation of web-based decision support tools. Finally, the paper makes recommendations for improving information management and streamlining decision support.

A curricular framework for critical infrastructure protection education for engineering, technology and computing majors

The 16 critical infrastructure sectors identified by the US Department of Homeland Security employ many engineering, technology and computing graduates who increasingly face critical infrastructure protection (CIP) issues. However, most undergraduate curricula in these disciplines do not incorporate CIP in any meaningful way. This paper proposes a flexible curricular framework for integrating CIP into undergraduate education via self-contained inter-disciplinary CIP course modules; a course module is a distinct curricular unit such as a lab or teaching component for use by an instructor in existing courses without requiring any course or program modifications. The proposed course modules cover physical, human, and cyber aspects of CIP. The framework is designed for use in multiple disciplines, and the modules are designed for presentation at different levels of the undergraduate experience, with subsequent modules building on those presented earlier. This approach is intended to prepare students for careers solving problems in design, implementation, and maintenance of robust, sustainable infrastructure assets.

Mapping a community resilience management system: Building operational knowledge

System standards have been implemented in many contexts over the last few decades. Using closely aligned standards such as the emerging ISO 37120 typology for sustainable and resilient communities, and by drawing from various recognized capability models and indices, this paper develops a structure for operationalization of a community resilience management system, and then maps the system against the key attributes of a resilient community. This effort is a first step toward the management of long term resilience in our communities.

On providing successful Research Experiences for Undergraduates

This paper presents strategies for providing successful Research Experiences for Undergraduates (REU). The authors have advised several undergraduates on research for the past few years, and have jointly supervised around twenty-five students, over two summers, on a project funded by an NSF-funded REU program in areas relating to the visualization of astrophysical data using high performance file systems. Several of these student projects have led to research publications. The paper briefly motivates the need for research in modern computing and engineering education. It then presents specific details about the development of summer REU programs including how to: secure funding and institutional support; plan a summer program including the design of scalable research projects; develop strategies to advertise and recruit students, especially from underrepresented groups; create a dynamic research and social environment through one-on-one mentoring; develop appropriate assessment and evaluation processes; and track student participants after they graduate from the program.

Information Technology as a Cyber Science

Emerging technologies are proliferating and the computing profession continues to evolve to embrace the many opportunities and solve the many challenges this brings. Among the challenges is identifying and describing the competencies, responsibilities, and curriculum content needed for cybersecurity. As part of addressing these issues, there are efforts taking place that both improve integration of cybersecurity into the established computing disciplines while other efforts are developing and articulating cybersecurity as a new meta-discipline. The various individual computing disciplines, such as Computer Science, Information Technology, and Information Systems, have increased and improved the amount of cybersecurity in their model curricula. In parallel, organizations such as the Cyber Education Project, an ACM/IEEE Joint Task Force, and the accrediting body ABET are producing such artifacts as a multi-disciplinary Body of Knowledge and accreditation program criteria for cybersecurity writ large. This paper explores these various cybersecurity initiatives from the perspective of the Information Technology discipline, and it addresses the degree to which cybersecurity and Information Technology are both similar and different.

Integrating highly-capable corobots into a computing curriculum

Robots are typically used at the college level either as a pedagogic platform for introductory programming or for more advanced courses in robotics. With robots becoming cheaper and more plentiful, personal interactions with them will become more commonplace. This project therefore takes the position that undergraduate computing students need the opportunity to explore core computing concepts in a robotics context. Specifically, we will give students the ability to work alongside teams of highly capable and easily programmable corobots, a term used to identify robots that work side by side with humans, rather than being completely autonomous and isolated. A modular approach is used to incorporate corobotics into various computer science (CS) courses such as first-year computing, networking, and data management, thus permitting the students to see these corobots in multiple contexts. This work-in-progress paper describes the corobotics infrastructure that has been developed, and outlines how this infrastructure can be used to support diverse courses in the CS curriculum.