Information Technology Reference
In-Depth Information
Figure 1. A use-case for medical imaging research showing grid resources in different administrative
domains, with an emphasis on data and job flow
security implications of using Grid middleware,
in particular when using it for applications that
use privacy sensitive information.
Medical applications have very strict require-
ments on data handling and storage due to privacy
concerns and regulations. Therefore, Grid middle-
ware intended for usage in the medical domain
should support policies that define where particular
data may be stored, in what form, and what jobs
from which users may access this data from what
hosts or administrative domains.
This paper presents a new framework for
managing privacy-sensitive data on the Grid, that
allows for explicit data-owner control over data
access and distribution related aspects. It makes a
clear distinction between data storage components,
access control, job authentication aspects, and
auditing mechanisms for data related operations.
This paper is organized as follows: first we
describe a use-case for medical research, based
on our own experience (Olabarriaga, Nederveen,
Snel & Belleman, 2006). Next, we analyze legal
requirements with regard to medical data and
technical aspects that are relevant when using Grid
infrastructure to manage privacy-sensitive data.
Finally, we describe a framework that allows data
owners to express fine-grained data distribution
and access control policies to allow for secure
handling of medical data on the Grid. We conclude
with an overview of some usability aspects.
USAGE SCENARIO
Figure 1 shows a typical Grid infrastructure de-
ployment for medical research. A Grid storage
system in one trusted administrative domain is
used for storing medical research data. Although
data is often replicated across different domains
to enhance availability and reliability, we assume
here that all storage facilities reside in only one
administrative domain trusted by the data owner.
Different incarnations of storage infrastructure ex-
ist, e.g., SDSC SRB and dCache (dCache, n.d.). In
this paper, we refer to the storage infrastructure as
a Storage Resource Broker (SRB) in a general way,
without referring to a particular implementation.
First, Researcher A (data owner) uploads the
data to an SRB he or she trusts, e.g., using gridFTP.
Researcher B can now submit a job on the Grid
through a Compute Resource Broker (CRB) which
can reside in any administrative domain. The CRB
transparently selects a cluster, typically based on
load, where the job is scheduled for execution.
Search WWH ::
Custom Search