Center of Excellence in Information Systems Assurance Research and Education




Biomedical Data & Applications Security

Research Projects

Research Projects - Description

A New Framework for a Secure Federated Patient Healthcare System (S. Upadhyaya, CSE Dept., R. Sharman, MIS Dept., H.R. Rao, MIS Dept.) (2004-05)

Designing a framework for a secure federated database system for healthcare is the focus of this project. The design involves merging heterogeneous hospital databases (Microsoft Access, AL, MUMPS, etc.) with predefined merge rules and conflict resolution algorithms. A unified medical ontology has been incorporated during the merge process to prevent semantic divergence. New access controls are defined at metadata level and record level to provide a finely grained role based access in the design. Additionally, scrubbing of patient's personal information with the aid of a medical dictionary prevents he disclosure of patient's personal information for researchers. A relational data management system in Microsoft Access is developed by merging three heterogeneous medical databases (MS Access, MS Excel and text file) as a proof-of-concept.

Protecting Documents from Insider Threat – A Multiphase Approach (S. Upadhyaya, CSE Dept.) (2004-06)

This project develops a comprehensive document control and management system through several innovative schemes for secure access, on-line monitoring and support for log-based forensics. The uniqueness of the approach is the security consideration throughout the life cycle of a document, viz., pre-document access phase, mid-document access phase and post-document access phase. We are applying the concept of user profiling, document profiling and role-based access control mechanisms to accomplish the goals. The expected outcomes of this research are: more accurate modeling and mitigation of insider threat (graph-based), protection against subversion/circumvention of the monitoring mechanism itself (structural knowledge) and post-attack trace-back for attack identification (forensics) as applicable to the realm of document control.

Modeling Insider Threats and Reasoning about Intrusions (S. Upadhyaya, CSE Dept., Hung Ngo, CSE Dept.) (2005-07)

We have developed a theory of insider threat assessment. This is the first such work which systematically and specifically addressed insider threat. The team has developed a modeling methodology which captures several aspects of insider threat, and subsequently makes an assessment to reveal possible attack strategies of an insider in an organization.

HIPAA Compliant Medical Data Repository for Teaching (R. Sharman, MIS Dept., H.R. Rao, MIS Dept., S. Upadhyaya, CSE Dept.) (2004-05)

This project has focused on developing, stripping and identifying information from PHI data obtained from the Children's Hospital, Buffalo, New York. The main objective of the project was to explore critical factors that lead to a creation of a data warehouse that doesn't contain personally identifying information from a number of sources. The goal was also to measure the quality of the data after the identifying information has been removed. The project provided insight on data format issues and its impact on performance.

Protecting Senior Citizens from Cyber Security Attacks in the e-Health Scenario (H.R. Rao, MIS Dept., S. Upadhyaya, CSE CSE Dept.) (2009-)

Senior citizens represent a substantial percentage of population around the world and most of them need health care. Health care is becoming expensive around the world. As one of the cost-reduction measures, most of the health care providers are moving the patient’s data into electronic format (Electronic Medical Records). Even though this migration is necessary for efficient health care service, it opens up a big can of worms with respect to security and privacy issues. In particular, when the doctors and patients access this medical information through the Internet, there is a large room for cyber security attacks. Given that the senior citizens have less resources (memory, physical energy, technical skills), developing solutions and processes that will help them in not becoming a victim to attacks, is essential. In this research, we plan to study the social and cultural effect of using electronic health care services, and cyber security attacks due to using e-health care services.

Health Informatics and Data Privacy (Sheng Zhong, CSE Dept.) (2008-)

In this project, we are concerned with the protection of data owners' privacy in health data collection, processing, and mining, and proposed a number of algorithms that provide privacy guarantees using cryptographic techniques. Recently, we have also started exploring privacy issues brought forth by electronic health records. Our research suggest various methods to allow emergency access to personally controlled health data without violating patient privacy.      


BioNav: Effective navigation on query results of biomedical databases (Michalis Petropoulos, CSE Dept.) (2008-)

Search queries on biomedical databases like PubMed often return a large number of results, only a small subset of which is relevant to the user. Ranking and categorization, which can also be combined, have been proposed to alleviate this information overload problem. Results categorization for biomedical databases is the focus of this work. A natural way to organize biomedical citations is according to their MeSH annotations, a comprehensive concept hierarchy used by PubMed. In this project, we develop the BioNav system, a novel search interface that enables the user to navigate large number of query results by organizing them using the MeSH concept hierarchy. First, the query results are organized into a navigation tree. Previous works expand the hierarchy in a predefined static manner. In contrast, BioNav uses an intuitive navigation cost model to decide what concepts to display at each step. Another difference from previous works is that the hierarchy is not strictly displayed level-by-level.         


Copyright 2007 © CEISARE | Home | Site Map | Contact Info | Privacy