Abstract
The architectural design of a healthcare data sharing system must cope with security requirements especially when the system integrates different data sources and patient-centric features. The design choices come with different risks, where vulnerabilities and threats highly depend on how the system components interact and depend on each other to operate as well as how it handles the external connections. This paper focuses on security aspects arising early in the design phase of a patient-centric system. The system presents a blend of emergent technologies such as novel authentication methods, blockchain for access control, and a data lake for patient metadata storage and retrieval based on access rules. We exploit a model-based approach to tackle security assessment using attack-defense trees (ADtrees) formalism and other support diagrams altogether as a way to model and analyse potential attack paths to the system and its countermeasures. The modelling approach helps creating a framework to support the attack vectors analysis and the proposal of appropriate defense mechanisms within the system architecture.
The research in this paper was supported by the EU H2020 project SERUMS: Securing Medical Data in Smart Patient-Centric Healthcare Systems (grant code 826278).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
For more information on Serums project please refer to https://www.serums-h2020.org.
References
Banton, M., Bowles, J., Silvina, A., Webber, T.: Conflict-free access rules for sharing smart patient health records. In: Proceedings of the 5th International Joint Conference on Rules and Reasoning (RuleML+RR 2021). LNCS, vol. 12851, pp. 1–15. Springer (2021). https://doi.org/10.1007/978-3-030-91167-6
Banton, M., Bowles, J., Silvina, A., Webber, T.: On the benefits and security risks of a user-centric data sharing platform for healthcare provision. In: UMAP 2021 Adjunct: Publication of the 29th ACM Conference on User Modeling, Adaptation and Personalization, pp. 351–356 (2021). https://doi.org/10.1145/3450614.3464473
BBC, O.: Cyber attack ’most significant on Irish state’ (2021). https://www.bbc.co.uk/news/world-europe-57111615. Accessed 16 Feb 2022
Belk, M., Fidas, C., Pitsillides, A.: FlexPass: symbiosis of seamless user authentication schemes in IoT. In: Extended Abstracts of the 2019 CHI Conference on Human Factors in Computing Systems. ACM, New York, NY, USA (2019). http://orcid.org/10.1145/3290607.3312951
Bowles, J., Mendoza-Santana, J., Vermeulen, A.F., Webber, T., Blackledge, E.: Integrating healthcare data for enhanced citizen-centred care and analytics. Stud. Health Technol. Inform. 275, 17–21 (2020). https://doi.org/10.3233/SHTI200686
Bowles, J., Mendoza-Santana, J., Webber, T.: Interacting with next-generation smart patient-centric healthcare systems. In: UMAP 2020 Adjunct: Adjunct Publication of the 28th ACM Conference on User Modeling, Adaptation and Personalization, pp. 192–193, July 2020. https://doi.org/10.1145/3386392.3399561
Bowles, J., Webber, T., Blackledge, E., Vermeulen, A.: A blockchain-based healthcare platform for secure personalised data sharing. Stud. Health Technol. Inform. Public Health Informat. 281, 208–212 (2021). https://doi.org/10.3233/SHTI210150
Constantinides, A., Belk, M., Fidas, C., Pitsillides, A.: Design and development of the Serums patient-centric user authentication system. In: UMAP 2020 Adjunct: Adjunct Publication of the 28th ACM Conference on User Modeling, Adaptation and Personalization, pp. 201–203, July 2020. https://doi.org/10.1145/3386392.3399564
Fraile, M., Ford, M., Gadyatskaya, O., Kumar, R., Stoelinga, M., Trujillo-Rasua, R.: Using attack-defense trees to analyze threats and countermeasures in an ATM: a case study. In: IFIP Working Conference on The Practice of Enterprise Modeling, pp. 326–334. Springer (2016). https://doi.org/10.1007/978-3-319-48393-1
Given-Wilson, T., Legay, A.: Formalising fault injection and countermeasures. In: Proceedings of the 15th International Conference on Availability, Reliability and Security. ARES 2020. ACM, New York, NY, USA (2020). https://doi.org/10.1145/3407023.3407049
Helmer, G., Wong, J., Slagell, M., Honavar, V., Miller, L., Lutz, R.: A software fault tree approach to requirements analysis of an intrusion detection system. Requirements Eng. 7(4), 207–220 (2002). https://doi.org/10.1007/s007660200016
Hermanns, H., Krämer, J., Krčál, J., Stoelinga, M.: The value of attack-defence diagrams. In: International Conference on Principles of Security and Trust, pp. 163–185. Springer (2016). https://doi.org/10.1007/978-3-662-49635-0
Janjic, V., et al.: The serums tool-chain: ensuring security and privacy of medical data in smart patient-centric healthcare systems. In: 2019 IEEE International Conference on Big Data, pp. 2726–2735. IEEE, Los Angeles, CA, USA, December 2019. https://doi.org/10.1109/BigData47090.2019.9005600
Kammüller, F.: Combining secure system design with risk assessment for IoT healthcare systems. In: 2019 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), pp. 961–966. IEEE (2019). https://doi.org/10.1109/PERCOMW.2019.8730776
Kordy, B., Kordy, P., Mauw, S., Schweitzer, P.: ADTool: security analysis with attack-defense trees. In: International Conference on Quantitative Evaluation of Systems (QEST), pp. 173–176. Springer (2013). https://doi.org/10.1007/978-3-642-40196-1
Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Foundations of attack-defense trees. In: Degano, P., Etalle, S., Guttman, J. (eds.) Formal Aspects of Security and Trust. FAST 2010. LNCS, vol. 6561, pp. 80–95. Springer, Berlin, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19751-2
Kordy, B., Mauw, S., Schweitzer, P.: Quantitative questions on attack-defense trees. In: International Conference on Information Security and Cryptology, pp. 49–64. Springer (2012). https://doi.org/10.1007/978-3-642-37682-5
Larrucea, X., Moffie, M., Asaf, S., Santamaria, I.: Towards a GDPR compliant way to secure European cross border healthcare industry 4.0. Comput. Stand. Interf. 69, 103408 (2020). https://doi.org/10.1016/j.csi.2019.103408
Löhner, B.: Attack-defense-trees and other security modeling tools. In: Niedermayer, H. (ed.) Network Architectures and Services, Seminar Future Internet, pp. 97–103 (2018). https://doi.org/10.2313/NET-2018-11-1
Mai, P.X., Goknil, A., Shar, L.K., Pastore, F., Briand, L.C., Shaame, S.: Modeling security and privacy requirements: a use case-driven approach. Inf. Softw. Technol. 100, 165–182 (2018). https://doi.org/10.1016/j.infsof.2018.04.007
McKeon, J.: KY Hospital Systems Still Down 1 Week After Cybersecurity Incident, Health IT Security, xtelligent Healthcare Media (2022). https://www.healthitsecurity.com/news/ky-hospital-systems-still-down-1-week-after-cybersecurity-incident. Accessed 16 Feb 2022
Meingast, M., Roosta, T., Sastry, S.: Security and privacy issues with health care information technology. In: 2006 International Conference of the IEEE Engineering in Medicine and Biology Society, pp. 5453–5458. IEEE (2006). https://doi.org/10.1109/IEMBS.2006.260060
MITRE Corporation: Common vulnerability and exposures, https://cve.mitre.org/. Accessed 16 Feb 2022
MITRE Corporation: MITRE ATT &CK, https://www.attack.mitre.org/. Accessed 16 Feb 2022
Muthuppalaniappan, M., Stevenson, K.: Healthcare cyber-attacks and the COVID-19 pandemic: an urgent threat to global health. Int. J. Qual. Health Care 33(1), mzaa117 (2021). https://doi.org/10.1093/intqhc/mzaa117
Nagaraju, V., Fiondella, L., Wandji, T.: A survey of fault and attack tree modeling and analysis for cyber risk management. In: 2017 IEEE International Symposium on Technologies for Homeland Security (HST), pp. 1–6. IEEE (2017). https://doi.org/10.1109/THS.2017.7943455
Nicol, D., Sanders, W., Trivedi, K.: Model-based evaluation: from dependability to security. IEEE Trans. Depend. Secure Comput. 1(1), 48–65 (2004). https://doi.org/10.1109/TDSC.2004.11
NIST Information Technology Laboratory: National vulnerability database (nvd), https://www.nvd.nist.gov/vuln. Accessed 16 Feb 2022
Opdahl, A.L., Sindre, G.: Experimental comparison of attack trees and misuse cases for security threat identification. Inf. Softw. Technol. 51(5), 916–932 (2009). https://doi.org/10.1016/j.infsof.2008.05.013
Piètre-Cambacédès, L., Bouissou, M.: Beyond attack trees: dynamic security modeling with Boolean logic driven Markov processes (BDMP). In: 2010 European Dependable Computing Conference, pp. 199–208. IEEE (2010). https://doi.org/10.1109/EDCC.2010.32
Priya, R., Sivasankaran, S., Ravisasthiri, P., Sivachandiran, S.: A survey on security attacks in electronic healthcare systems. In: 2017 International Conference on Communication and Signal Processing (ICCSP), pp. 691–694. IEEE (2017). https://doi.org/10.1109/ICCSP.2017.8286448
Rumbaugh, J., Jacobson, I., Booch, G.: Unified Modeling Language Reference Manual, The (2nd Edition). Pearson Higher Education (2004)
Schneier, B.: Attack trees. Dr Dobb’s J.-Softw. Tools. Profess. Programm. 24(12), 21–31 (1999). https://www.cse.sc.edu/ zeng1/csce790-f21/papers/attacktrees.pdf
Sindre, G.: Mal-activity diagrams for capturing attacks on business processes. In: Sawyer, P., Paech, B., Heymans, P. (eds.) Requirements Engineering: Foundation for Software Quality, pp. 355–366. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73031-6
Souppaya, M., Scarfone, K.: Guide to data-centric system threat modeling. Technical report. Draft NIST Special Publication 800–154, National Institute of Standards and Technology (2016). https://www.csrc.nist.gov/publications/detail/sp/800-154/draft
Ullah, F., Edwards, M., Ramdhany, R., Chitchyan, R., Babar, M.A., Rashid, A.: Data exfiltration: a review of external attack vectors and countermeasures. J. Netw. Comput. Appl. 101, 18–54 (2018). https://doi.org/10.1016/j.jnca.2017.10.016
Webber, T., Santana, J.M., Vermeulen, A.F., Bowles, J.K.F.: Designing a patient-centric system for secure exchanges of medical data. In: Gervasi, O., et al. (eds.) ICCSA 2020. LNCS, vol. 12254, pp. 598–614. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-58817-5_44
Wideł, W., Audinot, M., Fila, B., Pinchinat, S.: Beyond 2014: formal methods for attack tree-based security modeling. ACM Comput. Surv. 52(4), 1–36 (2019). https://doi.org/10.1145/3331524
Wongvises, C., Khurat, A., Fall, D., Kashihara, S.: Fault tree analysis-based risk quantification of smart homes. In: 2017 2nd International Conference on Information Technology (INCIT), pp. 1–6 (2017). https://doi.org/10.1109/INCIT.2017.8257865
Xu, J., Venkatasubramanian, K.K., Sfyrla, V.: A methodology for systematic attack trees generation for interoperable medical devices. In: 2016 Annual IEEE Systems Conference (SysCon), pp. 1–7. IEEE (2016). https://doi.org/10.1109/SYSCON.2016.7490632
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Banton, M., Webber, T., Silvina, A., Bowles, J. (2022). Model-Based Security Assessment on the Design of a Patient-Centric Data Sharing Platform. In: Bowles, J., Broccia, G., Pellungrini, R. (eds) From Data to Models and Back. DataMod 2021. Lecture Notes in Computer Science, vol 13268. Springer, Cham. https://doi.org/10.1007/978-3-031-16011-0_5
Download citation
DOI: https://doi.org/10.1007/978-3-031-16011-0_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-16010-3
Online ISBN: 978-3-031-16011-0
eBook Packages: Computer ScienceComputer Science (R0)