Wiki » History » Revision 18
Revision 17 (Lan Wang, 11/23/2025 11:48 PM) → Revision 18/50 (Lan Wang, 11/23/2025 11:50 PM)
# MGuard: A Secure mHealth Infrastructure for Real-Time Data transfer with Fine-grained Access Control over NDN
**MGuard** is an NDN-based system designed to support high-frequency mHealth data sharing with **fine-grained contextual access control** and **real-time data distribution**. It is built on name-based access control (NAC/NAC-ABE) and PSync to enable timely access to sensitive mobile health data.
---
## Purpose
MGuard addresses two core challenges in mHealth data sharing:
1. **Access to privacy-sensitive data is limited to authorized users based on well defined polcies**
2. **Supporting real-time sharing of high-frequency sensor data**
---
## Core Components
### **Producer**
Receives data from the MD2K ecosystem or directly from device sensors.
The producer:
- converts raw or derived data streams into NDN-named data objects,
- associates each object with appropriate attributes, and
- stores encrypted data into the NDN repository.
It is also responsible for notifying subscribers when new data is available (via published manifest names).
# Based on the “Data Adapter” and “Publisher” modules described in the system design.
### **Controller**
Represents the policy and access management logic.
The controller:
- defines **who** can access **which** data streams,
- parses and manages access control policies, and
- collaborates with the Attribute Authority to issue decryption keys (DKEYs) to validated data requesters.
It enforces the name-based access control structure.
### **Attribute Authority (AA)**
Part of the controller-side security infrastructure.
The AA:
- validates requester identities (using the system’s trust anchor),
- issues policy-compliant decryption keys based on KP-ABE, and
- publishes public parameters required for encryption.
### **Consumer**
Subscribes to mHealth data streams according to the access rights defined for the requester.
The consumer:
- receives notifications for new manifests,
- fetches the corresponding encrypted data objects from the repository, and
- decrypts data based on issued keys and permitted attributes.
### **Repository**
Persistent storage for all published mHealth data objects, content keys, and manifests.
The repository allows consumers to:
- retrieve data independently of the producer,
- fetch CKs needed for decryption, and
- access previously published (historical) data.
---
## Navigation
- **[[Architecture]]**
- **[[Architecture_Details|Architecture Details]]**
- **[[Design_Elements|Design Elements]]**
- **[[Naming_Scheme|Naming Scheme]]**
- **[[Trust_Model|Trust Model]]**
- **[[Access_Control|Access Control]]**
- **[[NAC-ABE_Design|NAC-ABE Design]]**
- **[[Manifest_Design|Manifest Design]]**
- **[[PSync_Design|PSync Design]]**
- **[[Pub-Sub API|Pub-Sub API Design]]**
- **[[Repo|Repo Design]]**
- **[[Developer_Guide|Developer Guide]]**
- [Open editable Figma diagram](https://www.figma.com/design/I2SLqGN17XJHh8KsyAJ88l/Untitled?node-id=0-1&t=xWqhvwrDlUOlkeVU-1)