Ehip4 caring through sharing privacy and-security-technical-aspects riccardo scandariato
Upcoming SlideShare
Loading in...5

Like this? Share it with your network


Ehip4 caring through sharing privacy and-security-technical-aspects riccardo scandariato






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Ehip4 caring through sharing privacy and-security-technical-aspects riccardo scandariato Document Transcript

  • 1. Caring through Sharing eHIP: Health Information Platform Security & Privacy Riccardo Scandariato IBBT-DistriNet Problem Architectural solution based on XDS reference model No out-of-the-box security&privacy solution Patient data is the asset to protect Sensitivity of information Laws and regulations K.U.Leuven K.U.Leuven 2
  • 2. Security analysis Business level Analyzing the functionality and how it can be misused Search, View, Upload, Notify Abusing the functionality (out-of-the-box thinking) Adding fake data or removing correct data Exploiting unplanned information paths Abusing privileges EXAMPLE: Hiding errors by overwriting documents K.U.Leuven K.U.Leuven 3 Security analysis Technical level Identify assets in E-HIP architecture Data flow diagram (DFD) Determine threats Spoofing identity Tampering with data Repudiation Information disclosure Denial of service Elevation of privilege EXAMPLE: Tampering with communication K.U.Leuven K.U.Leuven 4
  • 3. Security solution In a nutshell Enforce rules to limit who can access what Centralized for ease of management Per-resource rules Establish identities Decentralized due to scale and admin constraints K.U.Leuven K.U.Leuven 5 Security solution What rules? Analyzed the type of rules Identity Roles and affiliation Data sensitivity XACML Location eXtensible Data origin Access Control Patient history Markup Language Treatment or long-lasting relationship Rule Target Condition Effect Subject Resource Action Environment K.U.Leuven K.U.Leuven 6
  • 4. Security solution Establishing identities Federation of ID providers Providers generates a token Proofs identity SAML Attribute Assertion Attributes of subject subject issuer Security service trusts providers signature timestamp SAML version Security Assertions id Markup Language SAML role Attribute ... Statements K.U.Leuven K.U.Leuven 7 Security Implementation view doc usr/pwd Repository permit ID  provider ok? (SAML) Security  service (XACML) K.U.Leuven K.U.Leuven 8
  • 5. Privacy In a nutshell Avoid linkability of data when communicated across contexts Identifiers must be pseudonymized in cross context communication In some applications process must be reversible Ric is working too hard Ric Ric’s is buying blood count vitamins is low K.U.Leuven K.U.Leuven 9 Privacy Reversible IDs Context‐Specific  study_83547 References Prefix Global ID  0100110011 820908 324 56  K.U.Leuven K.U.Leuven Reversible ID !@#$%^@# *&#$!@ 10
  • 6. Privacy Implementation view doc usr/pwd Anonymizer Repository permit ID  provider ok? Security  service K.U.Leuven K.U.Leuven 11 Credits Successful results come from good teamwork IBBT-DistriNet team Kim Wuyts, Eryk Kulikowski, Kris Verlaenen, Ric IBBT-COSIC team Mina Deng, Claudia Diaz, Danny De Cock K.U.Leuven K.U.Leuven 12