Dependable and secure computing in medical information systems

Medical information systems facilitate ambulatory patient care, and increase safer and more intelligent diagnostic and therapeutic capabilities through automated interoperability among distributed medical devices. In modern medical information systems, dependability is one of the most important factors for patient safety in the presence of delayed or lost system alarm and data streams due to the intermittent medical device network connection or failure. In addition, since the medical information need to be frequently audited by many human operators as well as the automated medical devices, secure access control is another pivotal factor for patient privacy and data confidentiality against inside or outside adversaries. In this study, we propose a dependable and secure access policy enforcement scheme for disruption-tolerant medical information systems. The proposed scheme exploits the external storage node operated by the device controller, which enables reliable communications between medical devices. Fine-grained data access control is also achieved, while the key escrow problem is resolved such that any curious device controller or key generation center cannot decrypt the private medical data of patients. The proposed scheme allows the device controller to partially decrypt the encrypted medical information for the authorized receivers with their corresponding attributes without leaking any confidential information to it. Thus, computational efficiency at the medical devices is also enhanced by enabling the medical devices to delegate most laborious tasks of decryption to the device controller.