Implementing Informed Consent as Information-Flow Policies for Secure Analytics on eHealth Data: Principles and Practices

Wearable and ambient cyber-physical systems coupled with big-data health analytics promise continuous individual health monitoring and customized medical interventions. However, health workers and medical researchers are bound by strict security and privacy conventions that make it difficult to take advantage of emerging data streams. In this paper, we propose a security and privacy architecture for the analytics back-end in medical cyber-physical systems. Our approach is motivated by three principles: users behave mostly rational, informed consent are security policies, and deep revocation of granted rights. We propose implementing these principles using a novel combination of information-flow control with attested programs for data declassification in combination with auditing and credential-based access control. Our implementation relies on fine-grained encapsulation of data sets and processing components inside virtual-machine containers. We therefore evaluate our ability to host concurrent Linux containers, and observe that 70 instances can be easily accommodated on commodity hardware.