UBITECH hosts the kick-off meeting, in Athens, Greece (January 17-18, 2019) of the ASCLEPIOS Research and Innovation Action, officially started on December 1st, 2018. The project is funded by European Commission under Horizon 2020 Programme (Grant Agreement No. 826093) and spans on the period December 2018 – November 2021. The key goal of ASCLEPIOS is to maximize and fortify the trust of users on Cloud-based healthcare services by developing mechanisms for protecting both corporate and personal sensitive data. ASCLEPIOS utilizes several modern cryptographic approaches to build a Cloud-based eHealth framework that protects users’ privacy and prevents both internal and external attacks. ASCLEPIOS offers, on the one hand, the ability to users to verify the integrity of their medical devices prior using them while at the same time receiving certain guarantees about the trustworthiness of their Cloud service provider, while, on the other hand, ASCLEPIOS offers a novel solution through which healthcare practitioners and medical researchers are able to calculate statistics on medical data in a privacy-preserving way.
Within ASCLEPIOS, UBITECH R&D team will be responsible for the implementation of all the appropriate middleware to enforce access policies in modern healthcare systems that, besides authorization capabilities, also considers the importance of security awareness, encapsulating capabilities for creating necessary knowledge background, for declaring context-aware policy enforcement rules and attribute-based encryption policies and enforcing them.
In particular, UBITECH will drive the project’s integration activities and work towards the development of an adequate context model for formally describing classes and properties with respect to: i) associations between types of access to sensitive data and situations under which this access should be permitted; ii) matching policies between private keys and ciphertexts for permitting decryption of sensitive data; and iii) concepts that capture and highlight possible cyber security threats for enhancing the security awareness of actors in hospitals and care centres; as well as a policy model for formally describing dynamically-generated context-based access control policies, as well as static policies concerning the manner in which medical data can be decrypted according to the ABE paradigm, comprising two critical parts: i) an XACML-based part for defining declaratively authorization policies for permitting or denying access requests to sensitive data, in real-time; and ii) an ABE-oriented part that will allow the declaration of attribute-based dependency between actors’ private keys and ciphertexts which upon matching are to be decrypted.
Moreover, UBITECH is going to develop the mechanism that is able to translate the developed policies (and cope with their run-time updates) into the appropriate format for enabling either the ABAC enforcement or the realization of ABE. Such mechanism implements the essential decoupling between the access decisions and the points of use (i.e. Policy Enforcement Points (PEP) of the XACML standard specification). Finally, UBITECH will implement the components for enforcing efficient authorization enforcement on sensitive medical data access requests by considering contextual information. These mechanisms will be able to cope with run-time changes of any authorization policy deployment without any downtime in order to grant, deny and manage any incoming access request, and will build on the authorization decisions along with the security awareness aspects of the aforementioned context model in order to inform and educate the healthcare actors with respect to possible security issues concerning certain types of access attempts.
