In support of my candidature for a master's degree at Lakehead University I researched the topic of privacy and security in cloud environments and produced a thesis entitled "A Role and Attribute Based Encryption Approach to Privacy and Security in Cloud Based Health Services". My research and thesis writing was supervised by Sabah Mohammed.
Cloud computing is a rapidly emerging computing paradigm which replaces static and expensive data centers, network and software infrastructure with dynamically scalable "cloud based" services offered by third party providers on an on-demand basis. However, with the potential for seemingly limitless scalability and reduced infrastructure costs comes new issues regarding security and privacy as processing and storage tasks are delegated to potentially untrustworthy cloud providers. For the eHealth industry this loss of control makes adopting the cloud problematic when compliance with privacy laws (such HIPAA, PIPEDA and PHIPA) is required and limits third party access to patient records.
The presented thesis will demonstrate a role based access control (RBAC) enabled solution to cloud privacy and security issues resulting from this loss of control to a potentially untrustworthy third party cloud provider, which remains both scalable and distributed. This is accomplished through four major components presented, implemented and evaluated within this thesis; the DOSGi based Health Cloud eXchange (HCX) architecture for managing and exchanging EHRs between authorized users, the Role Based Access Control as a Service (RBACaaS) model and web service providing RBAC policy enforcement and services to cloud applications, the Role Based Single Sign On (RBSSO) protocol, and the Distributed Multi-Authority Ciphertext-Policy Shared Attribute-Based Encryption (DMACPSABE) scheme for limiting access to sensitive records dependent on attributes (or roles) assigned to users. The work presented will show that when these components are combined the resulting system is both scalable (scaling at least linearly with users, request, records and attributes), secure and provides a level of protection from the cloud provider which preserves the privacy of user's records from any third party.
- Thesis Document
- Defence Slides - Powerpoint 2010, with notes
- Simple Defence Slides - Powerpoint 2010
- Simple Defence Slides - PDF
- ICDIM 2010 Tutorial Slides - Powerpoint 2007/2010
- RBSSO Slides - Powerpoint 2007/2010
- ICDIM 2010 Tutorial - Cloud Based EHR Sharing Using DOSGi and CCR
- RBACaaS Admin Demo - no sound
- Prototype Auth Demo - no sound (to be uploaded)
Daniel Servos, Sabah Mohammed, Jinan Fiaidh, Tai hoon Kim (2013). Extensions to Ciphertext-Policy Attribute-Based Encryption to Support Distributed Environments. International Journal of Computer Applications in Technology Volume: 47 (2), 215-226. DOI: 10.1504/IJCAT.2013.054354
Sabah Mohammed, Daniel Servos, and Jinan Fiaidhi (2011). Developing a Secure Distributed OSGi Cloud Computing Infrastructure for Sharing Health Records. Autonomous and Intelligent Systems, Lecture Notes in Computer Science Volume: 6752, 241-252. (Chapter 2 and 3.2). DOI: 10.1007/978-3-642-21538-4_24
Sabah Mohammed, Daniel Servos, and Jinan Fiaidhi (2010). HCX: A Distributed OSGi Based Web Interaction System for Sharing Health Records in the Cloud. In Proceedings of the 2010 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology - Volume 03, 102-107. (Chapter 2). DOI: 10.1109/WI-IAT.2010.26