Role-Based And Time-Bound Access And Management Of EHR
SECURITY AND COMMUNICATION NETWORKSSecurity Comm. Networks 0000; 00:1–21DOI: 10.1002/secRESEARCH ARTICLERole-Based and Time-Bound Access and Management ofEHR DataRui Zhang1 , Ling Liu2 and Rui Xue112State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, ChinaCollege of Computing, Georgia Institute of Technology, Atlanta, GA, USABSTRACTSecurity and privacy are widely recognized as important requirements for access and management of Electronic HealthRecord (EHR) data. In this paper we argue that EHR data needs to be managed with customizable access control inboth spatial and temporal dimensions. We present a role-based and time-bound access control model (RBTBAC) thatprovides more flexibility in both roles (spatial capability) and time (temporal capability) dimensions to control the accessof sensitive data. Through algorithmic combination of role-based access control and time-bound key management, ourRBTBAC model has two salient features. First, we have developed a privacy-aware and dynamic key structure for rolebased privacy aware access and management of EHR data, focusing on the consistency of access authorization (includingdata and time interval) with the activated role of user. In addition to role-based access, a path-invisible EHR structure isbuilt for preserving privacy of patients. Second, we have employed a time tree method for generating time granule values,offering fine granularity of time-bound access authorization and control. Our initial experimental results show that treelike time structure can improve the performance of the key management scheme significantly and RBTBAC model is moresuitable than existing solutions for EHR data management since it offers high-efficiency and better security and privacy.Copyright c 0000 John Wiley & Sons, Ltd.KEYWORDSEHR system; privacy preserving; role-based access control; time-bound key management; time tree CorrespondenceState Key Laboratory of Information Security, Institute of Information Engineering Chinese Academy of Sciences, Beijing, China.E-mail: zhangrui@iie.ac.cnReceived . . .1. INTRODUCTIONElectronic Health Record (EHR) is a digital record sharedacross different healthcare settings, by network-connectedenterprise-wide information systems called EHR systems[1]. On one hand, EHR systems hold the promise toprovide fast and on-demand access to medical documentsand help reduce medical errors and enhance healthcarequality by providing healthcare workers with decisionsupport. On the other hand, this openness, while being anessential feature of EHR, exposes patients to the risks ofprivacy disclosure by improper authorization, misuse andabuse of EHR data. Therefore, security and privacy arewidely recognized as important requirements for accessand management of EHR data. Although regulations suchas HIPAA [2] and the HITECH Act [3] have beenput forward to rule the useage of EHR, but specificmechanisms are not described.Copyright c 0000 John Wiley & Sons, Ltd.Prepared using secauth.cls [Version: 2010/06/28 v2.00]1.1. Security and Privacy Requirements for EHRAccessWe identify three main requirements for making accessEHR data secure and privacy preserving.First, when a patient is offered medical treatment, heexpects that his medical records can only be accessed byauthorized doctors, and other unauthorized doctors shouldnot be able to read any part of his medical records. Forexample, the EHR data of a patient must be accessedby authorized physicians or healthcare professionals whenthey have the matching roles or higher levels of rolesin a role hierarchy as shown in Fig.1b. Furthermore, inrole-based EHR data structure as shown in Fig.1a, thenode authorized to physicians should be accessible byP hysician or nodes in lower levels of P hysician. Fig.1agives an example of role-based hierarchical data structurefor EHR data and Fig.1b shows an example of role1
hierarchy (the detailed explanation of Fig.1 will be givenin Section 3.2). However, some special circumstances mayneed more fine-grained access control. For instance, ahematologist may need to access all blood test resultsof a patient, which are nested under different role nodes(see Fig.1a). Therefore, in an EHR system, we alsoneed customizability to effectively achieve flexible, finegrained, role-based access control over large number ofEHR data.Second, in the healthcare setting, a physician is allowedto access the medical data of a specific patient onlyduring the time period of offering healthcare treatment.For example, emergency room doctor should not be able toaccess any medical document of a patient, once he or shehas completed the emergency treatment of the patient andthe patient has left the emergency room. In addition, givena patient, different doctors involved should have differenttime intervals in terms of accessibility to this patient’smedical data. Furthermore, a doctor may need to accessthe medical data of different patients at the same timeperiod. Thus, we need to support time-bound access and tomanage the accessibility of EHR data from time dimensionin healthcare domain.Finally, it is to the best interest of some patients thattheir doctor only know the medical data that are relevant tothe diseases currently under treatment by the doctor (suchas dental disease) but should not be able to access othermedical data (such as psychotherapy data). Therefore,in addition to EHR data, the role-based structure andindices of EHR data should not be released to users,since the contents of internal nodes in such structuremay contain sensitive information that can be used byhealthcare professionals to infer other diseases of thepatient. Moreover, the structure of EHR data may changefrequently due to the involvement of different sets ofhealthcare providers for different medical conditions andtreatments. Thus, the third challenge in securing EHRaccess is to make the structure of EHR data and accesspath invisible to users who are unauthorized or onlyauthorized to access a partial component of the EHR data.Furthermore, for healthcare settings with untrusted DB,the indices of EHR data should be invisible too.In the common setting of access control model,encryptor decrypts the data retrieved from database beforethey are sent to the requester. The secrecy of thetransmitted data is guaranteed by secure transport-levelprotocols (such as SSL/TLS) over network. This approachrequires the data need to be decrypted then re-encryptedbefore it is transported in the public network. Moreover,recipients of EHRs obtain the cleartext records and usuallycache them unprotected on the end device, leading toleakage and insecurity of the data. Thus we consider amore secure way that encryptor sends the encrypted datadirectly. Then data can be decrypted through a clientinstalled software if the user is legally authorized.2A basic and straightforward approach to deal with aboveproblems is to encrypt the medical records and updateencryption and decryption keys periodically. Obviously,this approach is known to increase the cost of the EHRsystem, and cannot achieve fine-grained access control.Furthermore, periodic distribution of decryption keys toevery user of EHR system is unpractical and insecure.1.2. Our ContributionsIn this paper, we propose a general purpose role-basedand time-bound access control (RBTBAC) model for EHRsystems. The development of RBTBAC model is basedon algorithmic combination of role-based access controland time-bound hierarchical key management such thata legitimate user of EHR system is authorized a timeinterval to access EHR data based on his/her role. TheRBTBAC model offers more flexibility of both roles(spatial capability) and temporal capability to control theaccess of sensitive data. Concretely, we have developeda privacy-aware and dynamic key structure for rolebased privacy aware access and management of EHRdata, focusing on the consistency of access authorization(including data and time interval) with the activatedrole of user. In addition we have employed a time treemethod for generating time granule values, offering finegranularity of time-bound access authorization and control.Through extensive experimentation, we demonstrate thatour RBTBAC model not only offers better security andprivacy for access EHR data, but also provides highefficiency and customizability.RBTBAC model is capable of accessing and managingEHR data, because it provides both structure and timeconstraint when a user accesses EHR data with anactivated role. Compared with most existing access controlmodels, RBTBAC model has three characteristics: rolebased, time-bound and structure-invisible access controlhierarchy.Roles and role based access are the first characteristicsof the RBTBAC model. Given a care delivery organization,roles are created for various healthcare functions. Thepermission to perform certain healthcare operations isassigned to specific roles. Similarly, users of EHR systemare assigned permissions through their particular roles.However, a user can have multiple roles at the same time.For instance, a doctor is a physician-in-charge for onepatient, and in the mean time he is also a temporaryphysician for another patient. In this paper, the concept ofrole-based EHR management is composed of role-basedhierarchical data structure, role hierarchy and role-basedaccess control. These three role-based concepts make up arole-based access control hierarchy. Specifically, if a useris granted the access to a node in higher level of a rolebased hierarchical data structure, then he can access allleaf nodes of the authorized node. For example, if a userhas a role as P hysicianh1 1 in Fig.1b, then he is authorizedto access data under the role P hysicianh1 1 and the firsttwo leaf nodes P res (here pres is the abbreviation forSecurity Comm. Networks 0000; 00:1–21 c 0000 John Wiley & Sons, Ltd.DOI: 10.1002/secPrepared using secauth.cls
n2h2Surgeonh1Physician Blood lab Physician Blood lab Physician Blood lab Surgeon X-ray labnurse practitioner nursepractitioner nursepractitioner nurse practitioner(a) Role-based hierarchical structure of medical data(b) Role hierarchyFigure 1. EHR data hierarchy and role hierarchyprescription) and Results in Fig.1a, where P hysicianh1 1refers to the physician1 from hospital h1 . If a user hasa role as Physician-in-charge as shown in Fig.1b, thenhe can be authorized to access data in node Physicianin the second level in Fig.1a, which means that he canaccess all EMR (Electronic Medical Record) data fromall three physicians of P atient1 . Note EMR is usually acomponent of EHR [4].The second characteristic of RBTBAC is time-boundaccess. The roles in healthcare system have temporalconstraint by time bound such that each healthcare deliveryis only valid for a period of time. Therefore, in EHRsystems, time-bound access means that each user will begranted a valid time period based on his/her role, and theuser is only allowed to read EHR data of authorized nodesduring the given time period. Once the valid time periodhas expired, the user should no longer be able to access thedata.The third characteristic of RBTBAC is to support astructure-invisible access hierarchy in the RBTBAC modelfor EHR data. The basic idea of structure-invisibility isthat the structure and indices of EHR data should not beknown to the users and the untrusted DB. In addition, thepaths from the granted node to all the leaf nodes shouldalso be invisible to the user if this user is only authorizedthe access right to read the data of leaf nodes. We willhave separate subsections to discuss this issue (see Section4.1.3 and Section 6.1.5).Technically, we achieve RBTBAC from following threedimensions respectively: role-based, time-bound and pathinvisible access structure.In role-based dimension, we adopt a role-based accesscontrol hierarchy to assign access nodes for users(doctors). Typically, we use an access credential to bindone healthcare treatment. That is, for a doctor, one accesscredential binds one specific role and a set of EHR dataof a patient. Doctors can access the set of EHR databy providing an access credential with a specific role.Furthermore, the process of authorization is under thecontrol of predetermined access control policy.In time-bound dimension, we make use of hierarchicaltime-bound key management scheme as basic keygeneration and distribution scheme. With this approach,each user is granted a consecutive time interval based onhis role, in which he can generate decryption keys bySecurity Comm. Networks 0000; 00:1–21 c 0000 John Wiley & Sons, Ltd.DOI: 10.1002/secPrepared using secauth.clshimself. On the contrary, user cannot create any decryptionkey beyond the granted time interval even he is authorizedto access the data before. Then, we use hierarchicalkey structure to manage large number of keys, so thatusers can produce multiple temporary decryption keys toaccess different parts of EHR data with only one longterm key. Furthermore, we develop a practical time-bondkey management scheme that maps time granules into atime tree to provide more efficient computation on timeparameters than most existing key management schemes.In path-invisible access structure dimension, we encodeall index nodes of EHR data and build an invisible pathfor users to access authorized data, so that all users ofEHR system even DB are unaware of EHR data structure.Therefore, it provides higher level of privacy protectionfor patient, and supports various EHR structures anddynamical updates of EHR data structure.The rest of this article is organized as follows. In Section2, we describe current access control models and timebound key management approaches, and their limitations.In Section 3, we give an overview of the RBTBAC model.In Section 4, we present the enforcement of RBTBACmodel including a role-based key structure and an efficienttree-like time structure. We present the detailed RBTBACprotocol in Section 5. Then we discuss security and privacyof our RBTBAC model in Section 6. In Section 7, weanalyze and compare time and space complexity of ourRBTBAC scheme with existing schemes. Next, we discussthe related works in Section 8. Finally, we concludewith notes on future work and other applications of ourproposed technique in Section 9.2. BACKGROUND AND LIMITATIONS OFEXISTING APPROACHESPresident Barack Obama gave a speech at annualconference of the American Medical Association in 2009.The key words are: All that (medical) information shouldbe stored securely in a private medical record so that yourinformation can be tracked from one doctor to anothereven if you change jobs, even if you move, even if youhave to see a number of different specialists. Although thewords seem so simple, the ability for clinical institutionsto actually accomplish this is incredibly difficult. The term3
stored securely involves several secure issues to be solved:data encryption, secure storage, strong authentication,access control and key management. Also, it containsissues of actual implementation-searchability, feasibilityand efficiency.In the healthcare scenario, when multiple users sign inan EHR system to query records for a specific patient,the access control component verifies the authorizationof each user first. Then the records are retrieved throughcorresponding index information and sent to the user basedon different privilege.In this section, we provide a brief overview of accesscontrol and time-bound key management and discuss thelimitations of existing works.2.1. Access ControlIn the EHR system, the database storing the compositeEHR is a new paradigm of database outsourcing, calleddatabase-as-a-service (DAS) [5], where an organization’sdatabase is stored at an external service provider. Insuch systems, access control is a very important issue,especially if the data owner wishes to publish herdata for external use, e.g. patient’s EHR data are usedfor group consultation. Access control is in charge ofguaranteeing that each user obtains the correct informationand protecting the sensitive data from revealing tounauthorized users by identification and authentication. Inthe healthcare scenario, it requires more stringent securityand privacy, that is, enforcing rigid mandatory accesscontrol on encrypted EHR data.Though much work on access control (see 8.1) hasachieved some aims, we find the work on access ofencrypted EHR data is very little. There are severalreasons for this situation. First, the types of medicalrecords are more than file system (such as X-ray image,pharmacy, prescription, etc.), and the properties of medicalrecords are more complex than file system (such assensitivity), so that it needs more fine-grained accesscontrol policy. Second, since different patient’s EHR dataare collected from different EHR providers and accessedby any authorized user (under normal circumstances, theaccessor is not the creator), the selection of encryptionscheme and key generation algorithm are thorny problems.Third, key management and distribution for different usersis also a hot potato. For instance, how to distribute keysto every user so that each of them can decrypt the dataauthorized by patient, while cannot decrypt any other datacontaining sensitive information or not allowed by patientis very hard.In our scheme, based on the role of users, each ofthem is granted different permission to access encryptedEHR data within a specific time interval. The user cannotaccess those data that the patient does not allow to revealto him in the inconvenient time. Compared with existingdiverse access control schemes, our scheme combines rolebased access control with time-bound key management4technique, so that it is capable to enhance the privacy forpatients.2.2. Time-Bound Key ManagementKey management is another important issue which isclosely related to encryption and access control. Keymanagement schemes are used to provide access controlto data streams for legitimate users. Recall that, in anEHR system, each piece of record should be encryptedstored in database and accessed by access control policies.Every time the use of encryption algorithm, there willbe a corresponding encryption and decryption key pair.Therefore, how to manage these multiple keys is a big issuein EHR systems.For our motivated scenario, we employ time-boundhierarchical key management scheme to restrict user’saccess on EHR data. Literally, this scheme has twoproperties: hierarchy and time-bound. The hierarchy is awidely used structure for key management [6, 7, 8, 9, 10,11, 12], which is used to assign cryptographic keys to aset of partially ordered classes so that the user in a higherclass can derive the cryptographic key for users in a lowerclass. Time-bound means each cryptographic key is boundto current time period by adding time parameters in theprocess of key generation. In the healthcare scenario, usersare assigned to access EHR data for only a certain periodof time. Once the time period has expired, user should notbe able to access any record with key if he is not authorizedto do so. Thus, encrypting EHR data when send it to eachuser with time-bound key is a good way to tackle aboveproblems.In the recent decade for development of time-bound keymanagement technique, a typical work is proposed by ElisaBertino et al. [11]. Their scheme is based on elliptic curvecryptography and claimed secure against X. Yi’s attack[13]. In Bertino’scheme, the encryption key Ki,t for classof node Ci at time granule t [0, z] is computed by theformula below:Ki,t HK (Ki )Y H t (a) H z t (b) CIDi (1)Where Ki is the class key of class of node Ci , (Ki )Yis the Y-coordinate of Ki , H t (c) is the t-fold iteration ofhash function H(·) applied to c, CIDi is the identity ofCi and is the bitwise XOR.When a user is given a tamper-resistant devicestoring HK , H tb (a), H z te (b), CIDi and otherparameters, he can derive decryption key Ki,t in timegranule t [tb , te ] with Equation (1) in tamper-resistantdevice, where H t (a) H t tb (H tb (a)), H z t (b) H te t (H z te (b)).However, the security of their scheme is questioned bySui [14]. Moreover, the use of tamper-resistant device isinfeasible in EHR system.In summary, as applied to the EHR system, time-boundhierarchical key management scheme should be rebuilt toSecurity Comm. Networks 0000; 00:1–21 c 0000 John Wiley & Sons, Ltd.DOI: 10.1002/secPrepared using secauth.cls
ERMISSIONASSIGNMENTPPERMISSIONSFigure 2. RBTBAC modelprovide better security, privacy and practicality, so thatit has capability of satisfying the special requirements ofEHR systems.3. THE RBTBAC MODEL FOR EHRSYSTEMSThis section discusses related access control modelfor EHR infrastructures. We begin with presenting anRBTBAC model used in role and data hierarchy systems.Then we give the reference security model for an EHRsystem.3.1. RBTBAC ModelRole-based access control (RBAC) [15] [16] is designed tosimplify security administration by introducing the ’role’abstraction between principles (subjects) and privileges(objects). This splits management of the principal toprivilege mapping by splitting it into two parts: a mappingfrom user to roles, and a mapping from roles to privileges.In [17], four RBAC schemes are described. Among them,flat RBAC is the basic model which simply dictates tworelationships: user-role and role-privilege. HierarchicalRBAC extends the basic flat RBAC model by adding rolehierarchy. Role hierarchy has an associated constraint thatmust be satisfied if a user is to activate the target role basedon their already being active in the source role (the originalrole used for creating medical data hierarchy).Hierarchical RBAC can be used to build our RBTBACmodel since it facilitates the development of powerfulpolicy schemes in EHR system. We extend the basichierarchical RBAC model to RBTBAC model as shownin Fig.2. An additional mapping from privilege to accesscontrol policy (ACP) with time constraint is added betweenroles and permissions, that is, each access permit for a setof data is bounded by a time interval. The double-headedarrow in Fig.2 indicates the many-to-many relationshipbetween the two objects. One user can activate severaldifferent roles, where each role is corresponding to a validaccess time interval of specific data sets. Similarly, onepermit is bounded by number of rules, and one rule canaffect more than one permit.Compared with hierarchical RBAC, RBTBAC has timeparameters in each access control policy. When TA (trustedauthority) concludes a result by searching access controlpolicies, it actually not only gives the access permissionSecurity Comm. Networks 0000; 00:1–21 c 0000 John Wiley & Sons, Ltd.DOI: 10.1002/secPrepared using secauth.clsto a specific role but also grants a time period for theauthorized access.3.2. EHR Data Structure and Role HierarchyUsually, EHR data are hierarchically clustered. In theEHR environment, hierarchical structure of EHR data isrequired to be flexible and dynamic. Theoretically, thereare two types of hierarchical structure of medical records:attribute-based structure and role-based structure. Fig.1a isan example of role-based hierarchical structure of medicalrecords [4].As a general rule, patient visits a special doctor fora specific illness. Therefore, multiple records can beclustered by the different roles of doctors. We constructan EHR tree for each patient using P atienti as the root ofEHR tree. For the same patient, say Alice, the same tokenis assumed. We can set the initial role based hierarchicalstructure of an EHR in terms of hierarchical template asshown in Fig.1a. The root of the tree is at the top level,say Level 0. Level 1 is the role nodes of doctors, andtheir children nodes are labeled with unique identity ofdoctors within each corresponding CDO (Care DeliveryOrganization), such as hospital1 and hospital2 in Fig.1a(Level 2). The nodes in and below Level 3 are medicaldiagnosis nodes and other correlative inspection nodes.Finally, only the leaf nodes contain EHR records, such asprescriptions and diagnosis and so on. Thus the tree hastwo types of nodes: leaf nodes that contain real EHR dataand other nodes of upper levels that are actually indicesfor EHR data. Thereby the former are called data nodesand the latter are called index nodes. For easy retrieval, wewant to sort all child nodes by alphabetical ordering of theirtokens or node IDs from left to right except the diagnosisnodes in Level 3, where we place diagnosis nodes as theleftmost child node of their parent node, since they aremore important than other sibling nodes. Obviously in thisstructure, all data nodes are nested according to a rolenode, so that they can be expediently retrieved by differentroles of doctors.Role hierarchy is a natural mean for structuringroles to reflect an organization’s lines of authorityand responsibility, as well as in medical organizations.An example of role hierarchy corresponding to rolebased hierarchical EHR data is illustrated in Fig.1b.Mathematically, the role hierarchy is partial order, whichis reflexive, transitive and anti-symmetric relation. Byconvention more powerful (or senior) roles are showntoward the top of role-hierarchy diagram, and less powerful(or junior) roles toward the bottom. Fig.1b shows thatsenior roles aggregate the access permission of juniorroles. Thus P atient1 can get access permission of his/herown medical records in Fig.1a. Similarly, role Physicianin-charge acquires the permissions of P hysicianh1 1 ,P hysicianh1 2 and P hysicianh2 2 , and may have additionalpermission of its own to access physician records ofP atient1 . This tree-structure hierarchy is good foraggregation but does not support sharing. In Fig.1b, there5
AccesscontrolpolicycontrolPatientEHR SystemEHRProviderEHRProviderTrusted EHR DatabaseDoctorUnencrypted medical dataAccess CredentialEncrypted medical dataControlled by access control policyFigure 3. The reference security model for EHR systemcan be no sharing of medical data between the Physicianin-charge roles on the left and Surgeon-in-charge roles onthe right.3.3. Reference Security Model for EHR SystemThe reference security model mainly has three entitiescooperatively to manage and control the usage of EHRdata in security as shown in Fig.3. The most importantone is the TA (trusted authority) who retains two roles:encryptor, who is responsible for encrypting various EHRdata from different healthcare providers into ciphertextsand access control enforcer, who enforces predefinedaccess control policies. The remote EHR database is anecessary component to store the encoded composite EHRdata. Additionally, an access control policy engine is thecollector and developer for access control policies underpatient’s control.The original EHR data of a patient are collectedperiodically from repositories of different healthcareproviders. Then encryptor encrypts the various medicaldata and uploads the encrypted data to the remote EHRdatabase. To request access to EHR data of a patient,user is required two types of credentials: system identitycredential and access credential. When a new user signsup for EHR system, TA returns a system identity credentialto the user. The system identity credential includes aunique identity, the original role of the user (which isused to sign into the EHR system), a user’s master key(which is used to generate short-term access keys forsubsequent accesses) and some system parameters. Withsystem identity credential, user can only log into the EHRsystem, but cannot access any EHR data even his ownEHR data. To access EHR data of a specific patient,user sends an access request to TA with his systemidentity credential. The request should mainly containthe patient’s ID, a target role for accessing the requesteddata (which is lower or equal to his/her original role inrole hierarchy), the keywords for requested data and anexpected access time period. TA replies permission resultbased on the predefined access control policies. Oncethe request is consistent to access control policies, TAauthorizes an access credential to the user. An access6credential should include access time period, parametersused to compute decryption keys of authorized data andverification information. User can legally query EHR datafrom remote database with corresponding access credentialand decrypt the encrypted data in the granted time period.Here the user is granted access privilege for a set of datain a specific time period by an access credential. Whenthere is an access request, database only needs to verify thesystem identity credential and access credential rather thaninteracting with TA and access control policy repository toverify the authorization.3.4. Patient-Controlled RBTBAC PolicyFor protecting patient’s privacy, patient should be involvedin the development process of access control policy todecide which parts of his/her EHR data can be shared withwhom. Here we first give a formal definition of RBTBACpolicy, and then illustrate how the policy works underpatient’s control through some examples.Definition 3.1 (RBTBAC Policy)AnRBTBACpolicyisatupleacp (ro, hP atientj , {C}i , htb , te , tii , pu, re),wherero Ro is the target role of the access requester andRo is the set of roles in role hierarchy; hP atientj , {C}iis a set of EHR data nodes of patient j, which can beselected as target objects; htb , te , tii is a set of timeparameters for the user accessing requested data: tb is thestart time of the requested time interval, te is the end timeof the reques
access is to make the structure of EHR data and access path invisible to users who are unauthorized or only authorized to access a partial component of the EHR data. Furthermore, for healthcare settings with untrusted DB, the indices of EHR data should be invisible too. In the common setting o
graduate from college. We therefore expect students to be fully active and participate in UCSD Upward Bound/Upward Bound Math Science each year of high school. Keep in mind this means the student is agreeing to commit and participate in UCSD Up-ward Bound/Upward Bound
2 The Cardinality Bound 2.1 The maximum bound To ease our derivation, we begin with a simple bound based on replacing each term in the log-partition function by its maximum over {0,1}n. This leads to an upper bound on the log-partition function: Z(
Complexity Big-O – upper bound, Big-Omega – lower bound, Big-Theta – exact bound Sum [0,n] Resu
Homeward Bound has broad, aspirational goals about systemic change. However, the main sphere of influence of Homeward Bound is the work it does building the capability of participants. There is the potential for confusion - and tension - in what Homeward Bound's role is in achieving those broader impacts. Greater clarity and
Homeward Bound Animal Placement Policy Amended January 2018 3 CACC maintains the right to deny an application based on findings and/or limit the number of Homeward Bound partners at any time. Being an Active Homeward Bound Partner To be considered 'Active,' partners must transfer animals from CACC yearly. The application shall list
the lower bound states that the space requirement per element is ›(logm) bits, whereas the upper bound requires O(minfm;logng) bits per element. 2 Indexing Model 2.1 Lower Bound In the indexing model, we prove a lower bound for the query time of the 1D-RMQ problem where the in
Branch-and-Bound Algorithm Complete Enumeration Branch-and-Bound Algorithm 3.27 More on the incumbent The incumbent is the feasible solution for the IP. It is the best solution so far in the B&B search. As Branch-and-bound proceeds, new solutions will be evaluated. If a new solution is better than the current incumbent, it replaces the current .
numbers of the bound state are invariable in the value . (20) There are intersections that can define the bound state, and we find the bound states in accordance. As the value increases and deeper the potentials, the energy for the bound state decreases. When th
