1. UConnBI-BC-1 Security Issues for Bioinformatics Prof. Steven A. Demurjian, Sr. Director, CSE Graduate Program Computer Science & Engineering Department The University of Connecticut 191 Auditorium Road, Box U-155 Storrs, CT 06269-3155 steve@engr.uconn.edu http://www.engr.uconn.edu/~steve http://www.engr.uconn.edu/~steve/DSEC/dsec.html (860) 486 - 4818

2. UConnBI-BC-2 Medical Informatics  Security Requirements for Medical Records  Privacy vs. Availability  All Aspects of Security for Medical Information  Treatment and Long-Term Care  Insurance Claims and Future Insurability  Nationalization of Medical Information  Critical Aspect of Dynamic Coalition Problem (DCP)  DCP - Security, Resource, and Information Sharing Risks for Alliance of Governmental, Military, Civilian, and International Organizations  Bring Together Divergent Requirements to Support Life-Threatening Situation  Rapid Availability of Patient Data in Emergency Situations

3. UConnBI-BC-3 Dynamic Coalitions for Medical Informatics Govt. RNs EMTs MDs Transportation Military Medics Local Health Care Pharma. Companies Govt. CDC MDs w/o Borders GOALS: Securely Leverage Information in a Fluid Environment Protect Information While Simultaneously Promoting the Coalition Red Cross Smallpox Outbreak in U.S. State Health Other

4. UConnBI-BC-4 Public Policy on Security  How do we Protect a Person’s DNA?  Who Owns a Person’s DNA?  Who Can Profit from Person’s DNA?  Can Person’s DNA be Used to Deny Insurance? Employment? Etc.  How do you Define Security Limitations/Access?  Can DNA Repositories be Anonymously Available for Medical Research?  Do Societal Needs Trump Individual Rights?  Can DNA be Made Available Anonymously for Medical Research?  International Repository Might Allow Medical Researchers Access to Large Enough Data Set for Rare Conditions (e.g., Orphan Drug Act)  Individual Rights vs. Medical Advances

5. UConnBI-BC-5 Security Solutions for Systems/Databases UConn Storrs UConn Health Center Yale Johns Hopkins Pfizer Bayer NIHFDA NSF Info. Sharing - Joint R&D Company and University Partnerships Collaborative Funding Opportunities Retrofit Security Infrastructure Cohesive and Trusted Environment Existing Systems/Databases and New Applications How do you Protect Commercial Interests? Promote Research Advancement? Free Read for Some Data/Limited for Other? Commercialization vs. Intellectual Property? Balancing Cooperation with Propriety

6. UConnBI-BC-6 What are Key Security Concepts? What are Key Security Concepts?  Assurance  Are the Security Privileges for Each User Adequate (and Limited) to Support their Needs?  What Guarantees are Given by the Security Infra- structure regarding Privileges vs. Information?  Consistency  Are the Defined Security Privileges for Each User Internally Consistent?  Least-Privilege Principle: Just Enough Access  Are the Defined Security Privileges for Related Users Globally Consistent?  Mutual-Exclusion: Read for Some-Write for Others  Role-Based Access Control - User Focused  Mandatory Access Control - Data Focused

7. UConnBI-BC-7 What are Key Security Concepts?  Authentication  Is the User who S/he Says they are?  Authorization  Does the User have Permission to do what S/he Wants?  Privacy  Is Anyone Intercepting User/Server or User/User Communications?  Enforcement Mechanism  Centralized and Distributed “Code”  Enforces Security Policy at Runtime  For Existing (Retrofit) and New Systems/Clients  Ongoing Research Project in Security  Ongoing Research Project in Security http://www.engr.uconn.edu/~steve/DSEC/dsec.html