ID-Based User-Centric Data Usage Auditing Scheme for Distributed Environments

Kaaniche, Nesrine; Laurent, Maryline; Levallois-Barth, Claire

doi:10.3389/fbloc.2020.00017

Cited by 6 publications

(3 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Agrawal et al [262] introduced an auditing framework for determining whether a database system is adhering to its data disclosure policies by allowing users to formulate audit expressions to specify the data subject to disclosure review. Kaaniche et al [263] proposed the usage of hierarchical ID-based encryption and signature schemes. Noura et al [146] presented a security and protection audit that can be done by using an audit management system to collect and store logs in a distributed system.…”

Section: B Cybersecurity Audit Modelsmentioning

confidence: 99%

A Survey on Forensics and Compliance Auditing for Critical Infrastructure Protection

Henriques,

Caldeira,

Cruz

et al. 2024

IEEE Access

View full text Add to dashboard Cite

The broadening dependency and reliance that modern societies have on essential services provided by Critical Infrastructures is increasing the relevance of their trustworthiness. However, Critical Infrastructures are attractive targets for cyberattacks, due to the potential for considerable impact, not just at the economic level but also in terms of physical damage and even loss of human life. Complementing traditional security mechanisms, forensics and compliance audit processes play an important role in ensuring Critical Infrastructure trustworthiness. Compliance auditing contributes to checking if security measures are in place and compliant with standards and internal policies. Forensics assist the investigation of past security incidents. Since these two areas significantly overlap, in terms of data sources, tools and techniques, they can be merged into unified Forensics and Compliance Auditing (FCA) frameworks. In this paper, we survey the latest developments, methodologies, challenges, and solutions addressing forensics and compliance auditing in the scope of Critical Infrastructure Protection. This survey focuses on relevant contributions, capable of tackling the requirements imposed by massively distributed and complex Industrial Automation and Control Systems, in terms of handling large volumes of heterogeneous data (that can be noisy, ambiguous, and redundant) for analytic purposes, with adequate performance and reliability. The achieved results produced a taxonomy in the field of FCA whose key categories denote the relevant topics in the literature. Also, the collected knowledge resulted in the establishment of a reference FCA architecture, proposed as a generic template for a converged platform. These results are intended to guide future research on forensics and compliance auditing for Critical Infrastructure Protection.

show abstract

Section: B Cybersecurity Audit Modelsmentioning

confidence: 99%

A Survey on Forensics and Compliance Auditing for Critical Infrastructure Protection

Henriques,

Caldeira,

Cruz

et al. 2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…However, if a patient register ID is forgotten or lost, it can be traced back by matching previously patient-authorized tracking tags such as type of procedure, anesthesiologist ID, date, geolocation or specific patient characteristics. The implementation of smart contracts to support data usage consent can further ensure the confidentiality of personal information shared with multiple data controllers and processors (Kaaniche et al, 2020).…”

Section: Overviewmentioning

confidence: 99%

Technology optimization for patient safety: a blockchain-based anesthesia record system architecture

Giambastiani

Sáenz²,

Lahitte

et al. 2023

Front. Blockchain

View full text Add to dashboard Cite

Patient safety is acknowledged as a primary aim of anesthesiology. Anesthesia records constitute the main document of the intraoperative course of anesthesia administration. In this paper, we postulate that anesthesia record systems should be based on an integral tamper-proof design and provide specific technology characteristics to ensure data immutability, accessibility and transparency. Issues and limitations regarding current anesthesia record technologies are reviewed. We introduce a novel anesthesia record system designed for patient safety optimization which integrates dedicated hardware, blockchain technology and decentralized storage solutions. We propose an oracle network in which anesthesiologists run independent Sybil-resistant nodes which broadcast biosensor time series to decentralized storage systems and generate proofs of existence on public blockchains. Records are biometrically signed and incorporate information on the temporo-spatial relation between the anesthetized patient and the professional in charge through a unique personal-transponder wearable device. Compatibility for data science and machine learning implementation are discussed. Finally, we evaluate future impact and technological potential.

show abstract

“…Enforcing Compliance: by respecting users' privacy through ensuring data access regulatory compliance that processes CPS's big data via clouds, especially when stored by utility providers (Trusted Third Party (TTP)) to prevent any data leakage and users privacy violations. Therefore, maintaining a suitable trade-off between users privacy and systems' security and performance, while also ensuring firmer accountability measures [405,406] . 7.…”

Section: Learnt Lessonsmentioning

confidence: 99%