Simon Shiu

On identity assurance in the presence of federated identity management systems

In this paper we address the appropriate management of risk in federated identity management systems by presenting an identity assurance framework and supporting technologies. We start by discussing the risk mitigation framework that should be part of any identity assurance solution. We then demonstrate how our model based assurance technologies can be used to report success of an identity assurance programme. We discuss how this approach can be used to gain trust within a federated identity management solution both by communicating the nature of the assurance framework and that risks are successfully being mitigated. Finally, we show the importance of automation of controls in easing operational costs (and we describe related approaches developed at HP Labs and PRIME project); providing improved audit information and changing the risk mitigation landscape.

Towards accountability for Electronic Patient Records

The electronic patient record (EPR) is a fundamental part of health information technology and its use is growing quickly. There is an urgent need to record and trust events related with healthcare procedures. Accountability is, therefore, essential but still very difficult to achieve in terms of information security. This paper suggests an accountability model suitable for healthcare environments and describes how the model can be efficiently realized using secure hardware. This approach can be applied across heterogeneous infrastructures providing a separation of duties between people, processes and organizations whilst ensuring the confidentiality and integrity of information.

Privacy compliance and enforcement on European healthgrids: an approach through ontology

The sharing of medical data between different healthcare organizations in Europe must comply with the legislation of the Member State where the data were originally collected. These legal requirements may differ from one state to another. Privacy requirements such as patient consent may be subject to conflicting conditions between different national frameworks as well as between different legal and ethical frameworks within a single Member State. These circumstances have made the compliance management process in European healthgrids very challenging. In this paper, we present an approach to tackle these issues by relying on several technologies in the semantic Web stack. Our work suggests a direct mapping from high-level legislation on privacy and data protection to operational-level privacy-aware controls. Additionally, we suggest an architecture for the enforcement of these controls on access control models adopted in healthgrid security infrastructures.

Privacy compliance in european healthgrid domains: An ontology-based approach

The integration of different European medical systems by means of grid technologies will continue to be challenging if technology does not intervene to enhance interoperability between national regulatory frameworks on data protection. Achieving compliance in European healthgrid domains is crucial but challenging because of the diversity and complexity of Member State legislation across Europe. Lack of automation and inconsistency of processes across healthcare organizations increase the complexity of the compliance task. In the absence of automation, the compliance task entails human intervention. In this paper we present an approach to automate privacy requirements for the sharing of patient data between Member States across Europe in a healthgrid [1] domain and ensure its enforcement internally and within external domains where the data might travel. This approach is based on the semantic modelling of privacy obligations that are of legal, ethical or cultural nature. Our model reflects both similarities and conflicts, if any, between the different Member States. This will allow us to reason on the safeguards a data controller should demand from an organization belonging to another Member State before disclosing medical data to them. The system will also generate the relevant set of policies to be enforced at the process level of the grid to ensure privacy compliance before allowing access to the data.

Hardware security appliances for trust

This paper looks at the trust relationships that exist within an outsourcing scenario finding that whilst some of the trust relationships are clear other implicit trust relationships need exposing. These implicit trust relationships are often a result of information supplied for the main explicit task for which an entity is being trusted. The use of hardware security appliance based services is proposed allowing trust to be dissipated over multiple parties whilst retaining efficient execution. Such an approach helps mitigate these implicit trust relationships by increasing the control and transparency given to the trustor.

Providing secure services for a virtual infrastructure

Virtualization brings exibility to the data center and enables separations allowing for better security properties. For these security properties to be fully utilized, virtual machines need to be able to connect to secure services such as networking and storage. This paper addresses the problems associated with managing the cryptographic keys upon which such services rely by ensuring that keys remain within the trusted computing base. Here we describe a general architecture for managing keys tied to the underlying virtualized systems, with a specific example given for secure storage.

Enabling shared audit data

Audit is an important aspect of good security and business practice; however, current solutions are not supportive of electronic data and processes. This paper describes an audit service that both acts as a central place for logging from heterogeneous IT systems and a place to search and check the audit data. Notarisation structures enabling a user to check the integrity of audit records and subsets of the audit chain relating to their transactions have been developed. The audit system uses a secure hardware device to create an alternative trust domain in which to run processes, maintaining the integrity of the audit trail whilst allowing it to be tightly integration and co-located with the overall IT infrastructure.

Trust services: a framework for service-based solutions

It is well understood that using a software component methodology can simplify the development and maintenance of systems. Web services allow this vision to be extended allowing components to be made available on the Internet. This paper proposes the use of trust services as third party Web services that allow trust operations to be extracted from solutions and packaged as components. This has obvious advantages in simplifying the task of engendering trust in solutions-both during their creation and in simplifying the maintenance. The paper further argues that using a web service model supports reusability of not only the software but also the operational environment where the software runs. This operational environment is considered particularly critical in providing security and trust operations.

Assurance for federated identity management

Federated identity management is an emerging paradigm that is rightly getting a lot of standardization and research attention. One aspect that is not receiving enough attention is assurance. Given the challenges enterprises faced trying to demonstrate appropriate control of their internal and monolithic identity management systems, the problem of how to provide assurance to multiple stakeholders that controls, operations and technologies that cut across organisational boundaries, are appropriately mitigating risk, looks daunting. The paper provides an exposition of the assurance process, how it applies to identity management and particularly to federated identity management. Our contribution is to show technology can be used to overcome many of trust, transparency and information reconciliation problems. Specifically we show how declarative assurance models can orchestrate and automate much of the assurance work, how certain enforcement technologies can radically improve identity assurance, and how an assurance framework can provide a basis for judging the assurance value of security technologies.

Economic Methods and Decision Making by Security Professionals

Increasing reliance on IT and the worsening threat environment mean that organisations are under pressure to invest more in information security. A challenge is that the choices are hard: money is tight, objectives are not clear, and there are many relevant experts and stakeholders. A significant proportion of the research in security economics is about helping people and organisations make better security investment and policy decisions.This paper looks at the impact of methods based on security economics on a set of decision makers. Importantly, the study focused upon experienced security professionals using a realistic security problem relating to client infrastructure. Results indicated that the methods changed the decision processes for these experienced security professionals. Specifically, a broader range of factors were accounted for and included as justifications for the decisions selected. The security professional is an (important and influential) stakeholder in the organization decision making process, and arguably a more complete understanding of the problem is more suitable for persuading a broader business audience.More generally the study complements all research in security economics that is aimed at improving decision making, and suggests ways to proceed and test for the impact of new methods on the actual decision makers.