Abstract
The architectural design of a healthcare data sharing system must cope with security requirements especially when the system integrates different data sources and patient-centric features. The design choices come with different risks, where vulnerabilities and threats highly depend on how the system components interact and depend on each other to operate as well as how it handles the external connections. This paper focuses on security aspects arising early in the design phase of a patient-centric system. The system presents a blend of emergent technologies such as novel authentication methods, blockchain for access control, and a data lake for patient metadata storage and retrieval based on access rules. We exploit a model-based approach to tackle security assessment using attack-defense trees (ADtrees) formalism and other support diagrams altogether as a way to model and analyse potential attack paths to the system and its countermeasures. The modelling approach helps creating a framework to support the attack vectors analysis and the proposal of appropriate defense mechanisms within the system architecture.
Original language | English |
---|---|
Title of host publication | From Data to Models and Back - 10th International Symposium, DataMod 2021, Revised Selected Papers |
Editors | Juliana Bowles, Giovanna Broccia, Roberto Pellungrini |
Publisher | Springer |
Pages | 61-77 |
Number of pages | 17 |
ISBN (Electronic) | 978-3-031-16011-0 |
ISBN (Print) | 9783031160103 |
DOIs | |
Publication status | Published - 15 Oct 2022 |
Event | 10th International Symposium on From Data Models and Back, DataMod 2021, held as a satellite event of the 19th International Conference on Software Engineering and Formal Methods, SEFM 2021 - Virtual, Online Duration: 6 Dec 2021 → 7 Dec 2021 |
Publication series
Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|
Volume | 13268 LNCS |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | 10th International Symposium on From Data Models and Back, DataMod 2021, held as a satellite event of the 19th International Conference on Software Engineering and Formal Methods, SEFM 2021 |
---|---|
City | Virtual, Online |
Period | 6/12/21 → 7/12/21 |
Bibliographical note
Funding Information:The research in this paper was supported by the EU H2020 project SERUMS: Securing Medical Data in Smart Patient-Centric Healthcare Systems (grant code 826278).
Keywords
- Attack-defense trees
- Data sharing
- Healthcare systems
- Patient-centric system
- Security assessment