Apollon - 22/5/12 - 09:00 - User-driven Open Innovation Ecosystems
Ehip4 caring through sharing privacy and-security-technical-aspects riccardo scandariato
1. Caring through Sharing
eHIP: Health Information Platform
Security & Privacy
Riccardo Scandariato
IBBT-DistriNet
Problem
Architectural solution based on XDS reference model
No out-of-the-box security&privacy solution
Patient data is the asset to protect
Sensitivity of information
Laws and regulations
K.U.Leuven K.U.Leuven
2
2. Security analysis
Business level
Analyzing the functionality and how it can be misused
Search, View, Upload, Notify
Abusing the functionality (out-of-the-box thinking)
Adding fake data or removing correct data
Exploiting unplanned information paths
Abusing privileges
EXAMPLE: Hiding errors by overwriting documents
K.U.Leuven K.U.Leuven
3
Security analysis
Technical level
Identify assets in E-HIP architecture
Data flow diagram (DFD)
Determine threats
Spoofing identity
Tampering with data
Repudiation
Information disclosure
Denial of service
Elevation of privilege
EXAMPLE: Tampering with communication
K.U.Leuven K.U.Leuven
4
3. Security solution
In a nutshell
Enforce rules to limit who can access what
Centralized for ease of management
Per-resource rules
Establish identities
Decentralized due to scale and admin constraints
K.U.Leuven K.U.Leuven
5
Security solution
What rules?
Analyzed the type of rules
Identity
Roles and affiliation
Data sensitivity XACML
Location eXtensible
Data origin Access Control
Patient history Markup Language
Treatment or long-lasting relationship
Rule
Target Condition Effect
Subject Resource Action Environment
K.U.Leuven K.U.Leuven
6
4. Security solution
Establishing identities
Federation of ID providers
Providers generates a token
Proofs identity SAML
Attribute Assertion
Attributes of subject
subject
issuer
Security service trusts providers
signature
timestamp
SAML version
Security Assertions id
Markup Language
SAML role
Attribute ...
Statements
K.U.Leuven K.U.Leuven
7
Security
Implementation
view doc
usr/pwd
Repository
permit
ID
provider
ok?
(SAML)
Security
service
(XACML)
K.U.Leuven K.U.Leuven
8
5. Privacy
In a nutshell
Avoid linkability of data when communicated across
contexts
Identifiers must be pseudonymized in cross context
communication
In some applications process must be reversible
Ric is working
too hard
Ric
Ric’s is buying
blood count vitamins
is low
K.U.Leuven K.U.Leuven
9
Privacy
Reversible IDs
Context‐Specific
study_83547
References
Prefix Global ID 0100110011 820908 324 56
K.U.Leuven K.U.Leuven
Reversible ID !@#$%^@# *&#$!@ 10
6. Privacy
Implementation
view doc
usr/pwd
Anonymizer
Repository
permit
ID
provider
ok?
Security
service
K.U.Leuven K.U.Leuven
11
Credits
Successful results come from good teamwork
IBBT-DistriNet team
Kim Wuyts, Eryk Kulikowski, Kris Verlaenen, Ric
IBBT-COSIC team
Mina Deng, Claudia Diaz, Danny De Cock
K.U.Leuven K.U.Leuven
12