The goal of the project is to develop an approach to the problem of security and privacy for eHealth applications based on policy-driven security services. The project achieves its goal using the following approaches: (1) Develop an architectural framework supporting the interoperation of security services. The framework combines the service oriented architecture paradigm with the event-based model and also includes a context-management service; (2) Develop an identity management service based on the life-cycle of digital identities;(3) Develop an authentication service supporting multi-factor authentication policies;(4) Develop a privacy-aware role-based access control (RBAC) service able to support content-based authorization;(5) Develop policy modularization and policy activation/deactivation mechanisms to support emergency situations and the ”break-the-glass” principle that are relevant for eHealth applications; and (6) Prototype the framework and the services and integrate them with a Web-based prototype of a Personal Health Record (PHR) management system being developed by one of the Co-PIs.

The results of the project will benefit the IT providers of eHealth solutions by offering enhanced architectural solutions for security and privacy, as well as insights about their complexity, their manageability and their interoperability. The results will provide useful insights for those eHealth IT providers wanting to evaluate the feasibility of the ”Software As A Service” (SAAS) model for security and privacy, as well as for IT security managers of caregiver organizations. This project supports Ph.D and master students to pursue research in security architectures and services, and in advanced IT systems for eHealth. Several course modules will be developed based on the project results, including modules on: HIPAA - Security and Privacy Requirements; Security Architectures for eHealth; Security as a Service - Concepts, Architectures, and Techniques. Publications, technical reports, and software from this research will be disseminated via the project web site (http://www.cs.purdue.edu/homes/bertino/IIS-eHealth)

This collaborative SGER proposal investigates management and autonomic operational issues in running distributed virtual private environments. The proposal calls this environment a “VP-Grid”; organic in function, a VP-Grid acts as an overlay on top of existing grid resources and dynamically adjusts at run-time in response to resource and network conditions in emulating a virtual grid environment. The SGER proposal introduces management mechanisms to support functions associated with creation and operation of a VP-Grid. This “self-management” environment will then be evaluated using an emulation program for dynamic worm infection.

Specifically, the research tasks are outlined to include: explore application-specific administration policy specification and enforcement through instantiation of self-management agents within the virtual VP-Grid and outside (i.e. on the underlying Grid resources); investigate effectiveness of orchestration methods (scaling, re-location and topology adjustment) by application-driven conditions and demands; and perform a system emulation based on a real Internet worm code.

Wireless networks of sensor nodes cooperating among themselves for information gathering and analysis are becoming an important platform in several domains. The area has seen growing research interest in different layers - devices, communication, network protocols and to a limited extent, applications. For sensor networks to become viable platforms for the large class of applications it is being targeted towards, there is the need to consider the cross-interaction between the different layers. For example, the fact that the sensors are equipped with smart antennas capable of power optimization should be utilized by the routing protocols. The novelty of the proposed research is manifold. We propose to design a sensor node that integrates innovative ideas for the radio frequency (RF) based communication device, the MAC layer, and a fault-tolerant and real-time middleware. The integrated node will be used in building a sensor network and evaluating the network for tradeoffs of performance, cost, robustness, simplicity, and flexibility. Uncertainty will be an undeniable fact of life with sensor networks in their real world deployments. The uncertainty will stem from environmental variability (e.g., lack of line of sight communication), node variability (e.g., faster drainage of battery than expected), traffic variability (such as, higher than expected sensed data traffic due to frequent occurrence of the event of interest) and attacker induced variability (e.g., jamming of the physical channels by a malicious intruder). In our research, we propose to provide in-built support in the nodes to tolerate the uncertainty in the different dimensions. We propose several novel low power modes of operation based on the features of our proposed smart antenna in the RF communication equipment. Our proposed sensor node will be capable of not simply tolerating uncertainty, but exploiting the uncertainty to its advantage. We propose to make use of limited mobility in case it causes the neighbors of a node to be aligned in a narrow band. In such a situation, the antenna can be switched from its omni-directional mode of operation to a lower power unidirectional mode. Adaptivity of the sensor node will be another important driving factor in its design. The sensor node should lend itself to reconfiguration in the face of uncertainty through easy to use mechanisms. In our proposed node, a common thread of adaptivity will be built in at all the three levels under investigation. The issues of trade-off between adaptivity or flexibility and performance, cost, and simplicity will be considered for each layer as well as for the cross-interaction between layers. For example, at the communication device layer, the key tradeoff against cost will feature prominently since expensive antenna arrays can provide the flexibility we require, but at a cost infeasible for the sensor nodes. Adaptivity at the system software level will focus on performing tasks on an as-needed basis, such as activating the sensor only when there is an event of interest. Adaptivity at the middleware level will focus on adjusting the communication and computation to tune the fault -tolerance and real-time quality of service provided by the node. The proposed research comprises three key tasks: (i) Building diverse and intelligent RF hardware on electrically small nodes, which will enable more robust and lower power operation. The key issues addressed here will be directionality, electromagnetically small size, and tradeoff between attractive radiation shaping and cost and complexity; (ii) Building MAC and networking mechanisms which can leverage the flexibility provided by the RF hardware and provide hooks to the middleware. The MAC and network layers will balance the tradeoffs of resource cost against performance and optimize it based on the application requirements; (iii) Building a middleware layer that optimizes the operations for fault- tolerance and real-time requirements and balances these criteria against the cost and performance impact. Broad Impact in Technology and Teaching: An important goal of the research is to develop sensor nodes with the new technology and create a sensor network testbed with the nodes equipped with mobility. The testbed will serve as an intuitive and attractive vehicle for disseminating the research results. This trend of popularizing research follows the earlier experience of the co-PI Rosenberg who has developed and deployed locality aware wireless services (such as, printing services) on the Purdue campus for widespread community use. The research findings will be disseminated to the RF, network, and middleware research community through publications and conference presentations. This project will help in teaching and training the graduate and undergraduate students who are implementing the techniques and performing the testbed development and evaluation. The research results may be incorporated in several graduate and undergraduate courses taught by the PI and the co-PIs (i-Fault Tolerant System Designlt, ieAdvanced Course in Networkingl., ieDistributed Parameter Systemslr).

The installation and use of steganographic applications leave traces of these activities on the host system. Using disk images from seized computers, researchers use host system artifact detection software to determine if there is evidence of steganography software installed on these seized hard drives. The results are then be analyzed to determine the relative percentage of hard drives in the sample which showed evidence of installation and/or use of steganographic embedding applications, and what the applications of choice were in relation to the crimes committed with the computers in question. Results of research to date are being published.