tailieunhanh - A new approach for healthcare information and communication systems
Details about the implementation and analysis of our solution are also presented. Our approach takes the purpose of use into consideration, guarantees the citizen’s consent, resists dictionary attacks, respects the least privilege principle and thus fulfills the European legislation requirements. Even if our approach is applied in this paper to healthcare examples, it could also be suitable to every system with security and privacy needs. | International Journal of Computer Networks and Communications Security VOL. 3, NO. 5, MAY 2015, 208–219 Available online at: E-ISSN 2308-9830 (Online) / ISSN 2410-0595 (Print) SECURITY & PRIVACY BY DESIGN: A new approach for Healthcare Information and Communication Systems Anas ABOU EL KALAM1, Jean-Philippe LEROY2, Larbi BESSA3 and Jean-Marie MAHE4 1, 2, 3, 4 IPI –LISER / Propedia, Paris, France E-mail: 1aabouelkalam, 2jpleroy, , 4jmmahe}@ ABSTRACT Nowadays, more and more applications use sensitive and personal information. Subsequently, respecting citizens’ privacy while preserving information security is becoming extremely important. Initially, deploying security mechanisms as well as Privacy-Enhancing Technologies (PETs) was seen as the solution. Today, we realize that a more substantial approach is required, taking into account the security and privacy needs from the earlier steps of the system specification. Dedicated to this issue, this paper is organized as follows: after defining the topic through several examples, this paper analyzes the most typical anonymization procedures used in various countries and presents the main privacy-related concepts. Then, it suggests a rigorous approach to define suitable anonymization solutions and mechanisms through the needs, objectives and requirements. Afterwards, a representative range of scenarios is presented and confronted to the approach already described. Finally, a new generic procedure to anonymize and link identities is suggested. Details about the implementation and analysis of our solution are also presented. Our approach takes the purpose of use into consideration, guarantees the citizen’s consent, resists dictionary attacks, respects the least privilege principle and thus fulfills the European legislation requirements. Even if our approach is applied in this paper to healthcare examples, it could also be suitable to every system with security and privacy .
đang nạp các trang xem trước