KSU to design security tools for health IT, government information systems
Computer scientists from Kansas State University (KSU) are in the process of developing tools to strengthen the security of information systems, including those that hold patient medical records and other sensitive information.
The scientists noted that as the government and various industries, including the healthcare industry, move towards complex information storing systems, high-level policy languages and verification techniques, the security and integrity of these systems need to be strengthened.
“As data are exchanged between various users, there's a danger that information could be released to unauthorized parties,” explained John Hatcliff, professor of computing and information sciences at KSU.
In March 2009, Hatcliff, along with his KSU computing and information sciences colleagues and researchers at Princeton University in Princeton, N.J., received a $3 million research grant to develop tools to ensure that when information is transferred from one large system to another, no information is accidently exposed in the process.
Noting that information leakage is a particular concern to the healthcare industry, Hatcliff said, “Millions of dollars are being invested by federal and state governments to set up health information exchanges. The challenge is that the information in patients' records has different levels of sensitivity or security. These exchanges eventually are going to need a way to specify policies describing what information can be released and to whom, and the exchange will need to guarantee that those policies are adhered to."
The tools currently under development by the research group include graphical visualizations of information flowing through a system so that designers and auditors can more quickly understand a system's information flow behavior.
The research is focusing on systems where very high levels of assurance are required, said Hatcliff and colleagues, and mathematical and logic models are being employed to these new tools in order to dictate to computer-based auditing programs what particular information is allowed to flow from one system to another.
“We're building tools to help [the designers] use those mathematical techniques to verify that their systems are correct," said Hatcliff.
Funding for the research project is being provided by communications and aviation electronics company, Rockwell Collins, and the tools are slated to be applied to developing U.S. Department of Defense security research projects, said KSU.
The scientists noted that as the government and various industries, including the healthcare industry, move towards complex information storing systems, high-level policy languages and verification techniques, the security and integrity of these systems need to be strengthened.
“As data are exchanged between various users, there's a danger that information could be released to unauthorized parties,” explained John Hatcliff, professor of computing and information sciences at KSU.
In March 2009, Hatcliff, along with his KSU computing and information sciences colleagues and researchers at Princeton University in Princeton, N.J., received a $3 million research grant to develop tools to ensure that when information is transferred from one large system to another, no information is accidently exposed in the process.
Noting that information leakage is a particular concern to the healthcare industry, Hatcliff said, “Millions of dollars are being invested by federal and state governments to set up health information exchanges. The challenge is that the information in patients' records has different levels of sensitivity or security. These exchanges eventually are going to need a way to specify policies describing what information can be released and to whom, and the exchange will need to guarantee that those policies are adhered to."
The tools currently under development by the research group include graphical visualizations of information flowing through a system so that designers and auditors can more quickly understand a system's information flow behavior.
The research is focusing on systems where very high levels of assurance are required, said Hatcliff and colleagues, and mathematical and logic models are being employed to these new tools in order to dictate to computer-based auditing programs what particular information is allowed to flow from one system to another.
“We're building tools to help [the designers] use those mathematical techniques to verify that their systems are correct," said Hatcliff.
Funding for the research project is being provided by communications and aviation electronics company, Rockwell Collins, and the tools are slated to be applied to developing U.S. Department of Defense security research projects, said KSU.