Your SlideShare is downloading. ×
Caring through Sharing




      eHIP: Health Information Platform

                      Security & Privacy

            ...
Security analysis
Business level


Analyzing the functionality and how it can be misused
  Search, View, Upload, Notify

A...
Security solution
In a nutshell


Enforce rules to limit who can access what
   Centralized for ease of management
   Per-...
Security solution
Establishing identities


Federation of ID providers

Providers generates a token
   Proofs identity    ...
Privacy
In a nutshell


Avoid linkability of data when communicated across
contexts
Identifiers must be pseudonymized in c...
Privacy
  Implementation


                                 view doc

usr/pwd
                                            ...
Upcoming SlideShare
Loading in...5
×

Ehip4 caring through sharing privacy and-security-technical-aspects riccardo scandariato

256

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
256
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Ehip4 caring through sharing privacy and-security-technical-aspects riccardo scandariato"

  1. 1. Caring through Sharing eHIP: Health Information Platform Security & Privacy Riccardo Scandariato IBBT-DistriNet Problem Architectural solution based on XDS reference model No out-of-the-box security&privacy solution Patient data is the asset to protect Sensitivity of information Laws and regulations K.U.Leuven K.U.Leuven 2
  2. 2. Security analysis Business level Analyzing the functionality and how it can be misused Search, View, Upload, Notify Abusing the functionality (out-of-the-box thinking) Adding fake data or removing correct data Exploiting unplanned information paths Abusing privileges EXAMPLE: Hiding errors by overwriting documents K.U.Leuven K.U.Leuven 3 Security analysis Technical level Identify assets in E-HIP architecture Data flow diagram (DFD) Determine threats Spoofing identity Tampering with data Repudiation Information disclosure Denial of service Elevation of privilege EXAMPLE: Tampering with communication K.U.Leuven K.U.Leuven 4
  3. 3. Security solution In a nutshell Enforce rules to limit who can access what Centralized for ease of management Per-resource rules Establish identities Decentralized due to scale and admin constraints K.U.Leuven K.U.Leuven 5 Security solution What rules? Analyzed the type of rules Identity Roles and affiliation Data sensitivity XACML Location eXtensible Data origin Access Control Patient history Markup Language Treatment or long-lasting relationship Rule Target Condition Effect Subject Resource Action Environment K.U.Leuven K.U.Leuven 6
  4. 4. Security solution Establishing identities Federation of ID providers Providers generates a token Proofs identity SAML Attribute Assertion Attributes of subject subject issuer Security service trusts providers signature timestamp SAML version Security Assertions id Markup Language SAML role Attribute ... Statements K.U.Leuven K.U.Leuven 7 Security Implementation view doc usr/pwd Repository permit ID  provider ok? (SAML) Security  service (XACML) K.U.Leuven K.U.Leuven 8
  5. 5. Privacy In a nutshell Avoid linkability of data when communicated across contexts Identifiers must be pseudonymized in cross context communication In some applications process must be reversible Ric is working too hard Ric Ric’s is buying blood count vitamins is low K.U.Leuven K.U.Leuven 9 Privacy Reversible IDs Context‐Specific  study_83547 References Prefix Global ID  0100110011 820908 324 56  K.U.Leuven K.U.Leuven Reversible ID !@#$%^@# *&#$!@ 10
  6. 6. Privacy Implementation view doc usr/pwd Anonymizer Repository permit ID  provider ok? Security  service K.U.Leuven K.U.Leuven 11 Credits Successful results come from good teamwork IBBT-DistriNet team Kim Wuyts, Eryk Kulikowski, Kris Verlaenen, Ric IBBT-COSIC team Mina Deng, Claudia Diaz, Danny De Cock K.U.Leuven K.U.Leuven 12

×