poster

POSTER: Data Leakage Detection for Health Information System based on Memory Introspection

Authors:

Sanoop Mallissery,

Guan-Zhang Huang,

Yu-Sung WuAuthors Info & Claims

ASIA CCS '20: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security

Pages 898 - 900

https://doi.org/10.1145/3320269.3405437

Published: 05 October 2020 Publication History

Abstract

The abundance of highly sensitive personal information in the Health Information System (HIS) has made it a prime target of data breach attacks. However, securing the system with existing Data Leakage Prevention (DLP) solutions is difficult due to a lack of security perimeter and diverse composition of software components. We propose the use of hypervisor-based memory introspection for implementing data leakage detection in such an environment. The approach looks for the presence of sensitive raw data in the memory of both the client machines and the server machines, transcending the dependence of pre-existing security perimeters. It is inherently compatible with different types of application software and robust against transport or at-rest data encryption. A prototype has been built on the Bareflank hypervisor and the OpenEMR platform. The evaluation results confirmed the effectiveness of the approach.

References

[1]

2018. The biggest healthcare data breaches of 2018. Retrieved April 2, 2020 from https://www.healthcareitnews.com/projects/biggest-healthcare-databreaches-2018-so-far

[2]

2020. A Billion Medical Images are Exposed Online. https://techcrunch.com/2020/01/10/medical-images-exposed-pacs/

[3]

2020. Bareflank Hypervisor. http://bareflank.github.io/hypervisor/

[4]

2020. Medical Images and Data on Internet. https://www.propublica.org/article/millions-of-americans-medical-images-and-data-are-available-on-theinternet

[5]

2020. OpenEMR. https://github.com/openemr/openemr

[6]

Louis Columbus. 2018. 58% Of All Healthcare Breaches Are Initiated By Insiders. https://www.forbes.com/sites/louiscolumbus/2018/08/31/58-of-allhealthcare-breaches-are-initiated-by-insiders/#6e9e76a4601a

[7]

Abhishek Dutta and Andrew Zisserman. 2019. The VIA Annotation Software for Images, Audio and Video. In Proceedings of the 27th ACM International Conference on Multimedia (MM '19). Association for Computing Machinery, New York, NY, USA, 2276--2279. https://doi.org/10.1145/3343031.3350535

Digital Library

[8]

K. He, G. Gkioxari, P. Dollár, and R. Girshick. 2017. Mask R-CNN. In 2017 IEEE International Conference on Computer Vision (ICCV). 2980--2988. https://doi.org/10.1109/ICCV.2017.322

[9]

K. He, X. Zhang, S. Ren, and J. Sun. 2016. Deep Residual Learning for Image Recognition. In 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). 770--778. https://doi.org/10.1109/CVPR.2016.90

[10]

T. Lin, P. Dollár, R. Girshick, K. He, B. Hariharan, and S. Belongie. 2017. Feature Pyramid Networks for Object Detection. In 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). 936--944. https://doi.org/10.1109/CVPR.2017.106

[11]

Tsung-Yi Lin, Michael Maire, Serge Belongie, James Hays, Pietro Perona, Deva Ramanan, Piotr Dollár, and C. Lawrence Zitnick. 2014. Microsoft COCO: Common Objects in Context. In Computer Vision -- ECCV 2014, David Fleet, Tomas Pajdla, Bernt Schiele, and Tinne Tuytelaars (Eds.). Springer International Publishing, Cham, 740--755.

[12]

Alyssa Newcomb. 2018. 83% of Internet-connected medical imaging machines in the U.S. are ripe for hacking. https://www.theverge.com/2018/7/20/17594578/singapore-health-data-hack-sing-health-prime-minister-lee-targeted

[13]

S. Ren, K. He, R. Girshick, and J. Sun. 2017. Faster R-CNN: Towards Real-Time Object Detection with Region Proposal Networks. IEEE Transactions on Pattern Analysis and Machine Intelligence 39, 6 (June 2017), 1137--1149. https://doi.org/10.1109/TPAMI.2016.2577031

Digital Library

[14]

James Vincent. [n.d.]. 1.5 million affected by hack targeting Singapore's health data. https://www.theverge.com/2018/7/20/17594578/singapore-health-datahack-sing-health-prime-minister-lee-targeted

[15]

Xingguang Zhou, Jianwei Liu, Weiran Liu, and Qianhong Wu. 2016. Anonymous Role-Based Access Control on E-Health Records. In Proceedings of the 11th ACM Asia Conference on Computer and Communications Security (ASIA CCS '16). Association for Computing Machinery, New York, NY, USA, 559--570. https://doi.org/10.1145/2897845.2897871

Digital Library

Cited By

Nemec Zlatolas LWelzer TLhotska L(2024)Data breaches in healthcare: security mechanisms for attack mitigationCluster Computing10.1007/s10586-024-04507-227:7(8639-8654)Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1007/s10586-024-04507-2
Gunish GMadhusudhanan SJose A(2023)Hybrid image processing model: a base for smart emergency applicationsThe Journal of Supercomputing10.1007/s11227-023-05174-779:12(13119-13141)Online publication date: 22-Mar-2023
https://doi.org/10.1007/s11227-023-05174-7
Aljabri MAlAmir MAlGhamdi MAbdel-Mottaleb MCollado-Mesa F(2022)Towards a better understanding of annotation tools for medical imaging: a surveyMultimedia Tools and Applications10.1007/s11042-022-12100-181:18(25877-25911)Online publication date: 1-Jul-2022
https://dl.acm.org/doi/10.1007/s11042-022-12100-1
Show More Cited By

Index Terms

POSTER: Data Leakage Detection for Health Information System based on Memory Introspection

Recommendations

A Framework for Secure and Privacy Preserving Health Data Exchange across Health Information Systems using a Digital Identity System
ICEGOV '22: Proceedings of the 15th International Conference on Theory and Practice of Electronic Governance

The recent e-Governance initiatives in tandem with the National Health Policy of India, aims to offer patient centric, cost effective, evidence based and quality care to all the individuals. To meet the health policy goal, interconnectivity between the ...
A framework for electronic health record (EHR) implementation impact on system service quality and individual performance among healthcare practitioners
E-ACTIVITIES'11: Proceedings of the 10th WSEAS international conference on E-Activities

Driven by the needs to facilitate the administrative process and reduce medical errors, healthcare institutions in many countries including Malaysia have decided to use the electronic health records (EHR) in managing its various health care services and ...
An efficient privacy mechanism for electronic health records

Electronic health records (EHRs), digitization of patients' health record, offer many advantages over traditional ways of keeping patients' records, such as easing data management and facilitating quick access and real-time treatment. EHRs are a rich ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIA CCS '20: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security

October 2020

957 pages

ISBN:9781450367509

DOI:10.1145/3320269

General Chairs:
Hung-Min Sun
National Tsing Hua University, Taiwan
,
Shiuhpyng Shieh
National Chiao Tung University, Taiwan
,
Program Chairs:
Guofei Gu
Texas A&M University, USA
,
Giuseppe Ateniese
Stevens Institute of Technology, USA

Copyright © 2020 Owner/Author.

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 October 2020

Check for updates

Author Tags

Qualifiers

Poster

Funding Sources

Ministry of Science and Technology of the Republic of China

Conference

ASIA CCS '20

Sponsor:

SIGSAC

ASIA CCS '20: The 15th ACM Asia Conference on Computer and Communications Security

October 5 - 9, 2020

Taipei, Taiwan

Acceptance Rates

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
189
Total Downloads

Downloads (Last 12 months)11
Downloads (Last 6 weeks)1

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Nemec Zlatolas LWelzer TLhotska L(2024)Data breaches in healthcare: security mechanisms for attack mitigationCluster Computing10.1007/s10586-024-04507-227:7(8639-8654)Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1007/s10586-024-04507-2
Gunish GMadhusudhanan SJose A(2023)Hybrid image processing model: a base for smart emergency applicationsThe Journal of Supercomputing10.1007/s11227-023-05174-779:12(13119-13141)Online publication date: 22-Mar-2023
https://doi.org/10.1007/s11227-023-05174-7
Aljabri MAlAmir MAlGhamdi MAbdel-Mottaleb MCollado-Mesa F(2022)Towards a better understanding of annotation tools for medical imaging: a surveyMultimedia Tools and Applications10.1007/s11042-022-12100-181:18(25877-25911)Online publication date: 1-Jul-2022
https://dl.acm.org/doi/10.1007/s11042-022-12100-1
Herrera Montano IGarcía Aranda JRamos Diaz JMolina Cardín Sde la Torre Díez IRodrigues J(2022)Survey of Techniques on Data Leakage Protection and Methods to address the Insider threatCluster Computing10.1007/s10586-022-03668-225:6(4289-4302)Online publication date: 14-Jul-2022
https://doi.org/10.1007/s10586-022-03668-2

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten