Real Sure (Call Girl) in I.G.I. Airport 8377087607 Hot Call Girls In Delhi NCR
Securing Mobile e-Health Environments by Design: A Holistic Architectural Approach
1. Securing Mobile e-Health Environments by
Design: A Holistic Architectural Approach
Massimiliano Masi
Joint work with Helder Aranha, Tanja Pavleska, and Giovanni
Paolo Sellitto
massimiliano.masi@tiani-spirit.com
eHPWAS, Barcelona, October 21, 2019
2. Introduction
Employing wireless devices (e.g., sensors, remote controllers) is the
norm in medical workflows.
Their data traverses existing IT infrastructure (from the
hospital datacenter to regional healthcare information
exchanges) usually through public internet
A vulnerability could endanger the patients’ privacy and even
their lives
Interoperability is crucial: devices are procured from different
vendors and they are long-term investments.
Masi et al.: MOSAA CC Massimiliano Masi eHPWAS, Barcelona, October 21, 2019 2/13
3. Using standards
Using standards is not enough
“Standards alone are not enough to guarantee
interoperability” (G. Lewis)
“The nice thing about standards is that you have so many to
choose from” (A. Tanenbaum)
Masi et al.: MOSAA CC Massimiliano Masi eHPWAS, Barcelona, October 21, 2019 3/13
4. The NIS directive
Article 4 and Annex II of the NIS directive (EU 2016/1148) defines
Healthcare as a critical sector
Security is not only a technical, but also a legal requirement
The regulatory prescriptions in terms of security requirements
span all of the levels of the healthcare environment
But security expertise is a scarce resource! According to
European Commission estimates, the cybersecurity workforce
gap in Europe will reach 350.000 by 2022
Masi et al.: MOSAA CC Massimiliano Masi eHPWAS, Barcelona, October 21, 2019 4/13
5. Our contribution
We propose a novel approach based on the combination of
RMIAS to cope with the scarcity of cybersecurity expertise
throughout the lifecycle of medical devices
RAMI 4.0 to tackle interoperability and sustainability aspects
of Internet of Medical Things
IHE and FHIR standards, as selected by international
healthcare bodies (USA, and Europe)
Masi et al.: MOSAA CC Massimiliano Masi eHPWAS, Barcelona, October 21, 2019 5/13
6. RMIAS
Masi et al.: MOSAA CC Massimiliano Masi eHPWAS, Barcelona, October 21, 2019 6/13
7. RMIAS / 2
Business analysts and IT Security Architects use the Security
Goals as helper to find countermeasures
RMIAS cycles depends on a specific Security Development
Life Cycle (SDLC)
SDLC is not prescribed ⇒ RMIAS specifications allow
flexibility
We introduce RAMI 4.0 as SDLC
Masi et al.: MOSAA CC Massimiliano Masi eHPWAS, Barcelona, October 21, 2019 7/13
8. RAMI 4.0
The Reference Architectural
Model for Industry 4.0 aims
at uniforming sector-neutral
standards for services and
their semantics, creating
value chains spanning
different sectors.
Used in I-IoT, in Smart
Grids, self-driving cars,
Smart Cities
Masi et al.: MOSAA CC Massimiliano Masi eHPWAS, Barcelona, October 21, 2019 8/13
9. IHE and FHIR
IHE and FHIR are standards recognized by the WHO, EU
commission, and the USA Health IT dept to establish IT
Healthcare infrastructures
FHIR provides standards to connect medical devices to IT
infrastructures
IHE governs FHIR (and Continua) standards to provide
sustainability
Our approach
We dissect the requirements of an IHE-based infrastructure
integrating ubiquitous medical devices into corresponding RAMI
layers, and for each layer, we apply a RMIAS cycle
Masi et al.: MOSAA CC Massimiliano Masi eHPWAS, Barcelona, October 21, 2019 9/13
10. MOSAA
We are developing MOdular Security Aware Architecture
Description Language, MOSAA, with the aim to enable the IT
Security Architect with a toolchain to build solution
architectures using the RMIAS and IHE models
It is based on formal methods: MOSAA has a simple syntax
(inspired by JSON) and a formal semantics
The execution of MOSAA results in a set of SMT-LIBv2 files
to be evaluated by a SMT solver (we use Microsoft Z3)
If the SMT solver returns sat, then the architecture is secure
by design (i.e., fulfills the security policy expressed using
goals and countermeasures)
It is under development using xText and Xtend, to allow the
building of Web-Based and Standalone user interfaces
Masi et al.: MOSAA CC Massimiliano Masi eHPWAS, Barcelona, October 21, 2019 10/13
11. Conclusions
Healthcare is a critical sector, and investments on IT
infrastructures and medical devices have to be sustained over
years
To support this investment, we introduced the use of RAMI
4.0, the architectural model of I-IoT, that, combined with
RMIAS and IHE/FHIR, enables the creation of architecture
which are secure-by-design
We are developing a toolchain, MOSAA, which uses formal
methods to create SDLC-agnostic architectures
Masi et al.: MOSAA CC Massimiliano Masi eHPWAS, Barcelona, October 21, 2019 11/13
12. Input from Attendees / Discussion
Masi et al.: MOSAA CC Massimiliano Masi eHPWAS, Barcelona, October 21, 2019 12/13
13. Thank You
Masi et al.: MOSAA CC Massimiliano Masi eHPWAS, Barcelona, October 21, 2019 13/13