Secure and Cloud Based Patient
Information Systems
Abstract:
A key problem in the deployment of large-scale, reliable cloud computing concerns the difficulty to certify the compliance of business processes operating in the cloud. Standard audit procedures such as SAS-70 and SAS- 117 are hard to conduct for cloud based processes. The paper proposes a novel approach to certify the compliance of business processes with regulatory requirements. The approach translates process models into their corresponding Petri net representations and checks them against requirements also expressed in this formalism. Being Based on Petri nets, the approach provides well-founded evidence on adherence and, in case of noncompliance, indicates the possible vulnerabilities. Keywords: Business process models, Cloud computing, Compliance certification, Audit, Petri nets.
ARCHITECTURE:
EXISTING SYSTEM:
Certifying the adherence of business processesto compliance requirements is akey issue in the large-scale deployment of reliable Cloud, It mustbe checked that moving (parts of) businessprocesses into the Cloud does not violateexisting rules, and that the processesalso adhere to new rules which the useof Cloud Computing may bring along.Currently, many companies refrain fromCloud Computing because of complianceconsiderations, most of all security andprivacy related ones.Sustainable Cloud Computing includesthe capability of provably keeping controlover processes’ compliance. However,two issues prevail on the way toachieving certification.
Disadvantage:
Automating certification procedures are missing.
In consequence, certification is a long-winded, error-prone procedure.
PROPOSED SYSTEM:
Comcert assesses the compliance of aworkflow by analyzing the five establishedelements required to check for ruleadherence in workflows: activities, data,location, resources, and time limits. A rule describes which activities may,must or must not be performed on whatobjects by which roles. In addition, a rulecan further prescribe the order of activities,i.e. which activities have to happenbefore or after other activities.The formalization of rules as Petri netspatterns has been proposed by Katt et al.
And Huang and Kirchner.In contrast to Katt et al., Huang andKirchner cannot cope with the expressionof usage control policies. Katt et al. employ
Usage Control Colored Petri Nets(UCPN) for the formalization and enforcement of diverse types of obligations,i.e. actions to be performed before, duringand after an activity.
Advantage:
Compliance Regulation Survey.
Compliance Rule Classification.
The Comcert Approach.
MODULES:
1 Compliance Regulation Survey:
OECD Guidelines The “OECD Guidelineson the Protection of Privacy andTransborder Flows of Personal Data”define eight principles: the collectionlimitation, data quality, purposespecification, use limitation, securitysafeguards, openness, individual participationand the accountability principle.Organizational processes are necessaryto, e.g., achieve high data qualitythrough record updates, or to followthe openness principle by informingcustomers about the uses of personaldata. Regarding workflows, the principlesmainly concern the data flow. Datacollection should be limited (“collectionlimitation”) to the amount required fora specific purpose (“data quality”), anddata usage should not exceed that specificpurpose (“use limitation”).European Community Directive ECWithin the European Community, theDirective EC regulates “the protectionof individuals with regard to theprocessing of personal data” and “thefree movement of such data” (EuropeanCommission). Workflows adhereto this directive if they use dataonly for a specific and specified purpose and do not usemore data than necessary for that purpose.
2 Compliance Rule Classifications:
The workflow related sections of theabove compliance regulations can be organizedin a few basic classes of rules, asshown in.The rule categories in the second leftcolumn were obtained by sifting throughthe compliance sources in the top rowand listing all rules that directly pertain toeither the control flow (e.g., some activityhas to happen before another) or the dataflow (e.g., treatment of documents andtheir content) of workflows. After consolidatingthose rules that only used slightlydifferent wording to describe the same requirement,the nine categories remained.Given these nine categories, we transformedthe corresponding rules into aPetri net representation as described inSect. Then, we analyzed therepresentationsfor similarities and differences. It showed that most of the rules referred to the order of activities, and twoeach referred to the workflow’s branchingconditions and the data being processed.The resulting three rule classes are symbolizedby the icons in the very left column.A double headed arrow for categoriesthat require certain activities to(not) be performed before or after otheractivities. A single headed branching arrowfor categories describing the flow ofdata. Finally, a rectangular label standsfor categories directly relating to data elements.
3 The Comcert Approach:
Petri nets are well-suited for reasoningabout workflows asthey provide an adequate formal semanticsfor workflow specifications in BPMN,BPEL and EPC Building upon their standard definition,Comcert uses Petri netsto formalize both workflows and rules.Under the assumption that, with theirgraphical representation, Petri nets aremore intuitive than the complex formulasof, e.g., linear temporal logic, this offersthe advantage of making the compliancecheck comprehensible for a widergroup of users while still delivering soundresults.The main idea behind Comcert’s analysisis to transform a workflow into onePetri net and the rules into additionalones. Rule adherence is determined bytraversing each path of the workflowand triggering the according transitionsin the rule Petri net (RPN) for eachworkflow activity. Similar to security automata, each RPN containsspecial places which, after the workflowhas been traversed completely, eitherindicate rule adherence or a violation.Comcert is suitable for the automateddetection of design vulnerabilities atworkflow level.
4 Workflow Representation and Transformation:
Workflow nets are employed as a targetmeta-model to formalize workflows. A workflow net isa special kind of Petri net with distinctSource and sink places where all the nodeslie on some path between the source andthe sink place. A token in the source placedenotes a new execution, whereas a token in the sink place denotesa complete execution. Thefollowing illustrates the transformationof workflows into workflow nets.BPMN offers three main elementsfor the formalization of a workflow’scontrol flow: activities, events, andgateways.Illustratessome ofthese elements. The boxes stand for activities(or tasks), x-gateways for the exclusivechoice (left-hand side) and simplemerge (right-hand side). The circle in theleft denotes the start event, whereas thebold circle in the right stands for the endevent.
System Requirements:
Hardware Requirements:
System : Pentium IV 2.4 GHz.
Hard Disk : 40 GB.
Floppy Drive: 1.44 Mb.
Monitor: 15 VGA Colour.
Mouse: Logitech.
Ram: 512 Mb.
Software Requirements:
Operating system : Windows XP.
Coding Language: ASP.Net with C#
Data Base : SQL Server 2005
Data Flow Diagram / Use Case Diagram / Flow Diagram
The DFD is also called as bubble chart. It is a simple graphical formalism that can be used to represent a system in terms of the input data to the system, various processing carried out on these data, and the output data is generated by the system.