Research Paper Presentation Software Engineering in agent systems.

Slides:

Advertisements

Similar presentations

Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.

Advertisements

Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?

NATIONAL INFORMATION GOVERNANCE BOARD

Administrative Systems and the Law What you need to know to produce an oral presentation for Unit 7 When the presentations will take place Resources you.

TEAM 4 Case Study Mauritius: Mrs Nandini Kissoon-Luckputtya

Archive, Records Management and Museum Services Confidentiality, Personal Data and the Data Protection Act 1998 Alan R Bell Records Manager and Information.

1 1 30th International Conference on Software Engineering Leipzig, Germany, May 2008 Dr. Liang Xiao University of Southampton United Kingdom Developing.

The Data Protection (Jersey) Law 2005.

Getting data sharing right for every child

Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.

1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.

Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.

A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.

DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales   

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Overview

The Data Protection Act

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.

The Information Commissioner’s Office David Evans.

Handling information 14 Standard.

Health & Social Care Apprenticeships & Diploma

EHRs and the European Union – current legislation and future directions. Dr Richard Fitton.

Computers, the law and ethics  Lesson Objective: Understand some of the legal & ethical issues in developing computer systems  Learning Outcome: Know.

The Data Protection Act 1998 The Eight Principles.

GEOG3025 Confidentiality and social implications.

Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.

Processing personal health data: the regulator’s perspective Ken Macdonald Assistant Commissioner Information Commissioner’s Office.

A Formal Security Model for Collaboration in Multi-agency Networks Salem Aljareh Newcastle University, UK Nick Rossiter & Michael Heather Northumbria University,

What is personal data? Personal data is data about an individual which they consider to be private.

The Data Protection Act - Confidentiality and Associated Problems.

The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;

Everyone has a duty to comply with the Act, including employers, employees, trainees, self-employed, manufacturers, suppliers, designers, importers of.

Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.

Legal issues The Data Protection Act Legal issues What the Act covers The misuse of personal data By organizations and businesses.

Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.

ICT and the Law: We are going to look at 3 areas.  The Copyright, Design, and Patents Act controls Illegal Copying  The Computer Misuse Act prevents.

The Data Protection Act What the Act covers The misuse of personal data by organisations and businesses.

PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.

University of Sunderland MSc HIM Computer Legislation.

Computer Laws Data Protection Act 1998 Computer Misuse Act 1990.

Computing, Ethics & The Law. The Law Copyright, Designs and Patents Act (1988) Computer Misuse Act (1990) Data Protection Act (1998) (8 Main Principles)

Data Protection Philip Reed. Introduction What is data? What is data protection? Who needs your data? Who wants your data? Who does not need your data?

DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,

DATA PROTECTION ACT DATA PROTECTION ACT  Gives rights to data subjects (i.e. people who have data stored about them on a computer)  Information.

Business Ethics and Social Responsibility GCSE Business and Communication Systems Business and Communication Systems.

Computing and Ethics & The Law. The Law Copyright, Designs and Patents Act (1988) Computer Misuse Act (1990) Data Protection Act (1998) (8 Main Principles)

Security of, privacy of and access to personal/confidential information/data.

Uses of brain imaging data: privacy and governance implications Dr. Hester Ward Medical Director, Information Services Division, (ISD) Consultant in Public.

Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.

The Data Protection Act 1998

The Data Protection Act 1998

Making the Connection ISO Master Class An Overview.

CISI – Financial Products, Markets & Services

Trevor Ellis Trainee Programmer (1981 – 28 years ago)

Level 2 Diploma in Customer Service

Privacy Impact Assessments (PIAs)

General Data Protection Regulation

Data Protection Act.

The Data Protection Act 1998

Anonymised information

6 Principles of the GDPR and SQL Provision

Dr. Liang Xiao University of Southampton United Kingdom

Unit 2: Global Information

General Data Protection Regulation

Data Protection principles

Welcome IITA Inbound Insider Webinar: An Introduction to GDPR

Privacy and Cyber Security for Payroll Pros: A Global Perspective

Dr Elizabeth Lomas The General Data Protection Regulation (GDPR): Changing the data protection landscape Dr Elizabeth Lomas

Presentation transcript:

Research Paper Presentation Software Engineering in agent systems

Goal and Motivation Goal Secure communication using PKI, JADE-S Authentication using JAAS Access authorization with policy rules Motivation Providing a DSS that assists physician to classify different cases Providing an approach to security issues arisen from the distributed locations of healthcare facilities Conforming to ethical regulations for handling patients’ health data

UK Data Protection Act 1998 Principles “Personal data shall be processed fairly and lawfully,” …and under listed conditions. Patients’ records are for diagnosis or training classifiers only. “Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.”

UK Data Protection Act 1998 Principles “Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.” Anonymised data with link-id are used for training. “Personal data shall be accurate and, where necessary, kept up to date.”

UK Data Protection Act 1998 Principles “Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.” All training cases will be discarded when the training phase of a classifier is over.

UK Data Protection Act 1998 Principles “Personal data shall be processed in accordance with the rights of data subjects under this Act.” Patients can request to withdraw from providing their case data and the data will be removed from corresponding databases.

UK Data Protection Act 1998 Principles “Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.” Clinical centers enforce their access policy to conform with the above principle.

UK Data Protection Act 1998 Principles “Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.” The network of this project is within the EU boundary, and data provided outside the boundary will be anonymised and protected with an agreement conforming to the principles.

The architecture A distributed network containing 60 different centers Figure 1 from Xiao, L., Lewis, P., Gibb, A.: Developing a Security Protocol for a Distributed Decision Support System in a Healthcare Environment. In: 30th International Conference on Software Engineering, pp. 673–682. ACM, New York (2008) A Yellow Page Agent contains a list of trusted principals, which a principal will be verified by Jade Security Service Agent against their access levels (0-9) if a resource or service is requested by the principal. The functional and security requirements can be maintained separately, and the functionality and security are integrated to perform a particular role.

Access Sensibility Level “0. Update a private patient record: often only available to the patient’s principle physician.” “1. Read a private patient record: also available to the producers of specific classifiers.” “2. Read a public anonymised patient record: available to classifier producers and under agreements to other hospitals in the HealthAgents network.” “3. Create a classifier: available to specific experienced clinicians with sufficient power who may allow the classifier producers to access required anonymised data and later set the publicity of the classifier.” “4. Update a classifier reputation: available to experienced clinicians who have executed that classifier upon a case and the accurate diagnosis result is known to them at that moment.” “5. Execute a local classifier: often available to local hospitals.” “6. Execute a global classifier: available to all hospitals in the HealthAgents network.” “7. Invoke a system service (Yellow Pages, etc.): may open even to hospitals outside of the HealthAgents network, this allows them to gain better knowledge of the available resources inside the network so they may want to join in later.” This list of access sensibility level is cited from Xiao, L., Lewis, P., Gibb, A.: Developing a Security Protocol for a Distributed Decision Support System in a Healthcare Environment. In: 30th International Conference on Software Engineering, pp. 673–682. ACM, New York (2008)

The Secure Messages Figure 6 from Xiao, L., Lewis, P., Gibb, A.: Developing a Security Protocol for a Distributed Decision Support System in a Healthcare Environment. In: 30th International Conference on Software Engineering, pp. 673–682. ACM, New York (2008) The handleMessage() in the HealthAgent sends or recieves message using the methods in JadeMessagingService, and the JadeSecurityService would encrypt or decrypt the message. The protocol compacting the message is Lightweight Coordination Calculus. A message sent has to be signed and encrypted by a sender from the trust list or will be deleted. The Jade Security Service Agent provide services to both Yellow Page Agent and the Jade Security Service class.

Authentication & Authorisation Figure 7 from Xiao, L., Lewis, P., Gibb, A.: Developing a Security Protocol for a Distributed Decision Support System in a Healthcare Environment. In: 30th International Conference on Software Engineering, pp. 673–682. ACM, New York (2008) The secure message passing is meaningless without authenticating the senders and receivers, and a LoginModule prompts for a username and a password to identify the principal. The agent interaction model describes the following scenario: a clinician created a classifier as no existing classifier is available, and the clinician evaluate the result given by the new classifier. After the diagnoisis is confirmed, the clinician then updates the patient record and the rank of the classifier.

Reviews Strengths Conformance to UK Data Protection Act An architecture allowing the addition of new classifiers. Training classifiers with anonymised data Introduction of resource access levels The use of local and global access policy Private records only available for local access

Reviews Shortcomings A patient’s case data used to train a classifier, and that classifier is not updated when that patient requests to remove his or her data. Section 5.5 and Figure 5 are missing.

Reference Xiao, L., Lewis, P., Gibb, A.: Developing a Security Protocol for a Distributed Decision Support System in a Healthcare Environment. In: 30th International Conference on Software Engineering, pp. 673–682. ACM, New York (2008)