:::

詳目顯示

回上一頁
題名:雲端服務應用之安全機制研究
作者:呂俊超
作者(外文):Jun-Chao Lu
校院名稱:國立中興大學
系所名稱:資訊科學與工程學系所
指導教授:詹進科
學位類別:博士
出版日期:2013
主題關鍵詞:雲計算隱私權資訊安全電子病歷電子商務代理人cloud computingprivacysecurityelectronic health recordelectronic commerceagent
原始連結:連回原系統網址new window
相關次數:
  • 被引用次數被引用次數:期刊(0) 博士論文(0) 專書(0) 專書論文(0)
  • 排除自我引用排除自我引用:0
  • 共同引用共同引用:0
  • 點閱點閱:2
雲端運算藉由網際網路為我們提供了各種方便的隨選服務集合與資源,使用戶們能共享存儲和計算能力。已經有相當多的相關資訊廠商開始認真評估雲端運算的應用,將其做為下一波更新資訊系統的基礎設施。雲端運算提供了更方便的使用與更高的經濟效益,此技術也將在各領域被廣泛採用。然而,雲端運算的服務是將資訊外放,繞過組織內部的物理,邏輯和人事控制,將數據存放於雲端。此一機制卻也為所儲存的敏感訊息帶來了更高的風險。因此我們認為應發展相關的安全機制,為使用者、商業交易與醫療雲提供更具隱私性的雲端運算安全保護機制。
對於個人用戶,我們提出了一個雲端的認證架構,為雲端服務應用提供基礎認證服務。在這個設計中,用戶可以在各雲端服務應用供應商漫遊,無需重新註冊和重新認證,並且用戶的敏感訊息不會被洩露給雲端服務應用提供商,保障用戶的隱私,因此我們的設計為使用者在各雲端服務應用的建立了信任和匿名性。
對於商業交易,我們提出了一個安全的基於雲端代理人的交易協商模式。我們的研究藉由受信任的雲端代理人服務平台,來克服代理人在電子商務的應用中可能遭受的安全隱患,保護用戶的隱私。並且在我們的設計中,更包含公平的合約談判機制,進一步的降低網路上服務交易所可能發生的風險。
對於醫療雲,我們分析了電子健康記錄的需求與其安全和隱私問題後,提供了一個安全的電子病歷交換模式。藉由共享的醫療信訊息,醫療雲適合用來做為諮詢,評估和病患的追蹤治療,並提供無障礙的醫療服務或遠端的專業的醫療照護。但在其上,如何保護隱私也是重要的課題。我們設計的電子病歷交換模式,確保了在醫療雲中的相關資料只有病人在授權下,醫生才可以在雲上獲取病人的醫療記錄,有效地提高了醫療雲的安全與隱私性。
A cloud computing providing on-demand services on the Internet has a collection of servers. The contributed resources, such as storage and computing power, from servers are implicitly merged as one huge resource and shared among users. Many IT shops will begin to take a hard look at cloud computing on their capabilities and operations in their next round of infrastructure improvements in an incremental fashion. Cloud computing may offer such significant and easily accessed economic advantages that it has a good chance of being adopted a bit faster than usual. However, sensitive data processed outside the companies brings with an inherent level of risk, because outsourced services bypass the “physical, logical and personnel controls” over in-house programs. Not all the cloud services provide enough flexibility or security control. We proposed the related security mechanisms, which provide security protection of cloud computing with efficiency and practically.
For a user, we propose a cloud authentication architecture to provide a trust authentication infrastructure. In this design, user’s sensitive information will not leak to services provider. Moreover, user can roaming in various services providers without re-registration and re-authentication. This design is a foundation for meshing-up a trust and anonymous cloud.
For the business, we presents a secure negotiable transactions model based on the infrastructure of mobile agent technology on the cloud. This study reviews the security issues of the mobile agent paradigm for electronic commerce applications. And overcome this disadvantage by a trusted agent home to protect privacy. Moreover, a fair contract negotiation is discussed in this study, that it can effective reduce the risk of online service transaction.
For the medical cloud, we propose an electronic health record sharing and integration system in medical clouds and analyze the arising security and privacy issues in access and management of electronic health records. Sharing medical information can provide professional medical programs with consultancy, evaluation, and tracing services can certainly improve accessibility to the public receiving medical services or medical information at remote sites. Cloud computing paradigm is one of the popular health IT infrastructures for facilitating electronic health record sharing and integration. Our design proposed a method to make authorized doctor can get the patient’s medical record on the cloud. This design improve the security and privacy on the medical cloud.
[1] Stanoevska-Slabeva, Katarina, & Wozniak, Thomas. (2010). Cloud Basics – An Introduction to Cloud Computing. In K. Stanoevska-Slabeva, T. Wozniak & S. Ristol (Eds.), Grid and Cloud Computing (pp. 47-61): Springer Berlin Heidelberg.
[2] National Institute of Standards and Technology, The NIST Definition of Cloud Computing, Information Technology Laboratory, 2011., http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf, seen: 2013-04-20
[3] Reese, George. (2009). Cloud Application Architectures: Building Applications and Infrastructure in the Cloud: O''Reilly Media. , ISBN: 0596156367.
[4] Buyya, Rajkumar, Yeo, Chee Shin, Venugopal, Srikumar, Broberg, James, & Brandic, Ivona. (2009). Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility. Future Generation computer systems, 25(6), pp. 599-616.
[5] Amazon. Amazon Elastic Compute Cloud (EC2), http://www.amazon.com/ec2/, 2011, seen: 2013-04-20
[6] Cloud Security Alliance (CSA), Security Guidance for Critical Areas of Focus in Cloud Computing, v3. https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf, 2011, seen: 2013-04-20
[7] MarketsandMarkets, Healthcare Cloud Computing (Clinical, EMR, SaaS, Private, Public, Hybrid) Market - Global Trends, Challenges, Opportunities & Forecasts (2012–2017), http://www.marketsandmarkets.com/Market-Reports/cloud-computing-healthcare-market-347.html, 2013, seen: 2013-04-28
[8] Subashini, S., & V. Kavitha. (2011) A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications 34(1) (2011): pp.1-11.
[9] IDC-Study: Cloud Computing in Deutschland ist noch nicht angekommen http://www.idc.com/germany/press/presse_c1oudcomp.jsp, 2009, seen: 2011-06-15
[10] The Cloud Security Alliance: Top Threats to Cloud Computing, http://www.c1oudsecurityalliance.org , 2010, seen: 2011-06-15
[11] Baran, D. "Cloud Computing Basics. 2008.", http://www.webguild.org/20080729/cloud-computing-basics, 2008, seen: 2011-06-15
[12] Google. http://www.google.com
[13] Facebook. http://www.facebook.com
[14] RealityServer. Nvidia. http://www.nvidia.com/object/realityserver.html. seen: 2011-06-15
[15] Lenk, Alexander, Klems, Markus, Nimis, Jens, Tai, Stefan, & Sandholm, Thomas. (2009). What''s inside the Cloud? An architectural map of the Cloud landscape. Proceedings of the 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing., IEEE Computer Society.
[16] Google app engine. http://appengine.google.com
[17] Amazon simple storage service (S3). http://www.amazon.com/s3/
[18] Mansfield-Devine, S. (2008). Danger in the clouds. Network Security, 2008(12), pp. 9-11.
[19] Heiser, Jay, & Nicolett, Mark. (2008). Assessing the security risks of cloud computing. Gartner Report. http://www.gartner.com/DisplayDocument?id=685308, seen: 2011-06-15
[20] Securetest, http://www.securetest.com/
[21] Sim, K. M. (2012), Agent-Based Cloud Computing, Services Computing, IEEE Transactions on , vol.5, no.4, pp.564-577, Fourth Quarter 2012 ,doi: 10.1109/TSC.2011.52
[22] Hui, Chen, Lam, P. P. Y., Chan, H. C. B., Dillon, Tharam S., Jiannong, Cao, & Lee, R. S. T. (2007). Business-to-Consumer Mobile Agent-Based Internet Commerce System (MAGICS). Systems, Man, and Cybernetics, Part C: Applications and Reviews, IEEE Transactions on, 37(6), pp. 1174-1189. doi: 10.1109/TSMCC.2007.900653
[23] Ma, L., & Tsai, J. J. (2008). Formal modeling and analysis of a secure mobile-agent system. Systems, Man and Cybernetics, Part A: Systems and Humans, IEEE Transactions on, 38(1), pp. 180-196.
[24] Grossman, Robert L. (2009). The case for cloud computing. IT professional, 11(2), pp.23-27.
[25] Sharpe, S. A. (1990). Asymmetric information, bank lending, and implicit contracts: A stylized model of customer relationships.The Journal of Finance,45(4), pp.1069-1087
[26] GSA Apps.Gov, https://www.apps.gov/cloud/advantage/main/start_page.do, seen: 2009-08-15, 2009.
[27] Lange, D. B., & Oshima, M. (1999). Seven Good reasons for mobile agents.Communications of the ACM, 42(3), pp. 88-89, doi: 10.1145/295685.298136
[28] Jansen, W., & Karygiannis, T. (1998). Mobile agent security (No. NIST-SP-800-19). NATIONAL INST OF STANDARDS AND TECHNOLOGY GAITHERSBURG MD. http://csrc.nist.gov/publications/nistpubs/800-19/sp800-19.pdf.
[29] Yi, X., Wang, X. F., & Lam, K. Y. (1998). A secure intelligent trade agent system. In Trends in Distributed Systems for Electronic Commerce (pp. 218-228). Springer Berlin Heidelberg.
[30] Wang, C., & Leung, H. F. (2005, March). Mobile agents for secure electronic commerce transactions with privacy protection of the customers. In e-Technology, e-Commerce and e-Service, 2005. EEE''05. Proceedings. The 2005 IEEE International Conference on (pp. 530-535). IEEE. , DOI: 10.1109/EEE.2005.91.
[31] Marques, P. J., Silva, L. M., & Silva, J. G. (1999). Security mechanisms for using mobile agents in electronic commerce. In Reliable Distributed Systems, 1999. Proceedings of the 18th IEEE Symposium on (pp. 378-383). IEEE.
[32] Chen, Y. Y., Lui, J. C., & Chen, S. I. (2008, November). A Customer Privacy Protection Protocol on Agent-Based Electronic Commerce Transaction. InIntelligent Systems Design and Applications, 2008. ISDA''08. Eighth International Conference on (Vol. 3, pp. 6-10). IEEE.
[33] Zhou, Jianying, and Tan, Chunfu. (2001). Playing lottery on the Internet. Information and Communications Security (pp. 189-201): Springer Berlin Heidelberg.
[34] Park, J. M., Chong, E. K., & Siegel, H. J. (2003, July). Constructing fair-exchange protocols for E-commerce via distributed computation of RSA signatures. In Proceedings of the twenty-second annual symposium on Principles of distributed computing (pp. 172-181). ACM.
[35] Vincent, D. R. (1989). Bargaining with common values. Journal of Economic Theory, 48(1), pp. 47-62.
[36] Asokan, N., Shoup, V., & Waidner, M. (2000). Optimistic fair exchange of digital signatures. Selected Areas in Communications, IEEE Journal on, 18(4), pp.593-610., DOI: 10.1109/49.839935.
[37] Borselius, N. (2002). Mobile agent security. Electronics & Communication Engineering Journal, 14(5), pp.211-218.
[38] Braun, P., & Rossak, W. R. (2005).Mobile Agents: Basic Concepts, Mobility Models, and the Tracy Toolkit. Morgan Kaufmann.
[39] Jansen, W. A. (2000). Countermeasures for mobile agent security. Computer Communications, 23(17), pp.1667-1676.
[40] Burkle, A., Hertel, A., Muller, W., & Wieser, M. (2009). Evaluating the security of mobile agent platforms. Autonomous Agents and Multi-Agent Systems, 18(2), pp.295-311.DOI: 10.1007/s10458-008-9043-z.
[41] Hyungjick, L., Alves-Foss, J., & Harrison, S. (2004, 5-8 Jan. 2004). The use of encrypted functions for mobile agent security. Paper presented at the System Sciences, 2004. Proceedings of the 37th Annual Hawaii International Conference on.
[42] Allan Hoffman, Definition of an Electronic Health Record, HIMSS, http://www.himss.org/ResourceLibrary/ResourceDetail.aspx?ItemNumber=13003. seen: 2013-04-28
[43] Rau, H. H., Hsu, C. Y., Lee, Y. L., Chen, W., & Jian, W. S. (2010). Developing electronic health records in Taiwan. IT professional, 12(2), pp.17-25.
[44] Schabetsberger, T., Ammenwerth, E., Andreatta, S., Gratl, G., Haux, R., Lechleitner, G., Schindelwig, K., Stark, C., Vogl , R., Wilhelmy, I., & Wozak, F. (2006). From a paper-based transmission of discharge summaries to electronic communication in health care regions.International journal of medical informatics, 75(3), pp. 209-215.
[45] Hsu, C. Y., Chen, Y. C., Luo, R. C., Rau, H. H., Fan, C. T., Hsiao, B. S., & Chiu, H. W. (2010). A resource-sharing platform for trading biomedical intellectual property. IT professional, 12(2), pp. 42-49.
[46] Li, S. H., Wang, C. Y., Lu, W. H., Lin, Y. Y., & Yen, D. C. (2012). Design and implementation of a telecare information platform. Journal of medical systems,36(3), pp. 1629-1650.
[47] Takemura, T., Araki, K., Arita, K., Suzuki, T., Okamoto, K., Kume, N., ... & Yoshihara, H. (2012). Development of fundamental infrastructure for nationwide EHR in Japan. Journal of medical systems, 36(4), 2213-2218.
[48] Heslop, L., Weeding, S., Dawson, L., Fisher, J., & Howard, A. (2010). Implementation issues for mobile-wireless infrastructure and mobile health care computing devices for a hospital ward setting. Journal of medical systems,34, pp.509-518.
[49] Moore, P. (2009). Navigating The Tech Maze. Physicians Practice. Retrieved, pp.08-23. http://www.physicianspractice.com/display/article/1462168/1590647 , seen: 2011-06-15
[50] Zhang, R., & Liu, L. (2010, July). Security models and requirements for healthcare application clouds. In Cloud Computing (CLOUD), 2010 IEEE 3rd International Conference on (pp. 268-275). IEEE , doi: 10.1109/CLOUD.2010.62
[51] van der Linden, H., Kalra, D., Hasman, A., & Talmon, J. (2009). Inter-organizational future proof EHR systems: A review of the security and privacy related issues. International journal of medical informatics, 78(3), pp. 141-160.
[52] United States Congress H.R. 3103 (104th): Health Insurance Portability and Accountability Act of 1996 (HIPPA), http://aspe.hhs.gov/admnsimp/pl104191.htm , seen: 2013-04-20
[53] Pritts, J., & Connor, K. (2007). The implementation of e-Consent mechanisms in three countries: Canada, England, and The Netherlands. SAMHSA report. http://ihcrp.georgetown.edu/pdfs/prittse-consent.pdf ; 2007. seen: 2011-04-15
[54] Kunzi, J., Koster, P., & Petković, M. (2009). Emergency access to protected health records. Stud Health Technol Inform, 150, pp.705-709.
[55] Coskun, N., & Erol, R. (2010). An optimization model for locating and sizing emergency medical service stations. Journal of medical systems, 34(1), pp.43-49., doi: 10.1007/s10916-008-9214-0, 2010.
[56] MacKenzie, P., & Reiter, M. K. (2001). Networked cryptographic devices resilient to capture. In Security and Privacy, 2001. S&P 2001. Proceedings. 2001 IEEE Symposium on (pp. 12-25). IEEE.
[57] MacKenzie, P., & Reiter, M. K. (2003). Delegation of cryptographic servers for capture-resilient devices. Distributed Computing, 16(4), pp.307-327.
[58] Takeda, H., Matsumura, Y., Kuwata, S., Nakano, H., Sakamoto, N., & Yamamoto, R. (2000). Architecture for networked electronic patient record systems. International Journal of Medical Informatics, 60(2), pp.161-167.
[59] Chan, A. T., Cao, J., Chan, H., & Young, G. (2001). A web-enabled framework for smart card applications in health services. Communications of the ACM,44(9), pp.76-82.
[60] Wang, D. W., Liu, D. R., & Chen, Y. C. (1999). A mechanism to verify the integrity of computer-based patient records. J China Assoc Med Inform, 10, pp.71-84..
[61] Yang, Y., Han, X., Bao, F., & Deng, R. H. (2004). A smart-card-enabled privacy preserving E-prescription system. Information Technology in Biomedicine, IEEE Transactions on, 8(1), pp. 47-58.
[62] Wu, Z. Y., Chung, Y., Lai, F., & Chen, T. S. (2012). A password-based user authentication scheme for the integrated EPR information system. Journal of medical systems, 36(2), pp. 631-638.
[63] Debiao, H., Jianhua, C., & Rui, Z. (2012). A more secure authentication scheme for telecare medicine information systems. Journal of Medical Systems, 36(3), pp.1989-1995.
[64] Pu, Q., Wang, J., & Zhao, R. (2012). Strong authentication scheme for telecare medicine information systems. Journal of medical systems, 36(4), pp. 2609-2619.
[65] Farzandipour, M., Sadoughi, F., Ahmadi, M., & Karimi, I. (2010). Security requirements and solutions in electronic health records: lessons learned from a comparative study. Journal of medical systems, 34(4), pp.629-642.
[66] Lekkas, D., & Gritzalis, D. (2007). Long-term verifiability of the electronic healthcare records’ authenticity. International Journal of Medical Informatics,76(5), pp.442-448.
[67] Pharow, P., & Blobel, B. (2005). Electronic signatures for long-lasting storage purposes in electronic archives. International journal of medical informatics,74(2-4), pp.279-287.
[68] Kluge, E. H. W. (2007). Secure e-health: managing risks to patient health data.International Journal of Medical Informatics, 76(5), pp.402-406.
[69] Ahmad, N. (2009). Restrictions on cryptography in India–A case studyof encryption and privacy. Computer Law & Security Review, 25(2), pp.173-180.
[70] Takeda, H., Matsumura, Y., Kuwata, S., Nakano, H., Shanmai, J., Qiyan, Z., . . . Matsuoka, M. (2004). An assessment of PKI and networked electronic patient record system: lessons learned from real patient data exchange at the platform of OCHIS (Osaka Community Healthcare Information System). International journal of medical informatics, 73(3), pp.311-316. doi: http://dx.doi.org/10.1016/j.ijmedinf.2003.12.013
[71] Hu, J., Chen, H. H., & Hou, T. W. (2010). A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations. Computer Standards & Interfaces, 32(5), pp.274-280.
[72] Sucurovic, S. (2007). Implementing security in a distributed web-based EHCR.International Journal of Medical Informatics, 76(5), pp.491-496.
[73] Bonacina, S., Marceglia, S., Bertoldi, M., & Pinciroli, F. (2010). Modelling, designing, and implementing a family-based health record prototype.Computers in Biology and Medicine, 40(6), pp.580-590. doi: 10.1016/j.compbiomed.2010.04.002, 2010
[74] Gobi, M., & Vivekanandan, K. (2009). A new digital envelope approach for secure electronic medical records. International Journal of Computer Science and Network Securit IJCSNS, 9(1), pp.1-6.


 
 
 
 
第一頁 上一頁 下一頁 最後一頁 top
QR Code
QRCODE