Model-Based Security Assessment on the Design of a Patient-Centric Data Sharing Platform

Matthew Banton, Thais Webber, Agastya Silvina, Juliana Bowles*

*Corresponding author for this work

Research output: Chapter in Book/Published conference outputConference publication

Abstract

The architectural design of a healthcare data sharing system must cope with security requirements especially when the system integrates different data sources and patient-centric features. The design choices come with different risks, where vulnerabilities and threats highly depend on how the system components interact and depend on each other to operate as well as how it handles the external connections. This paper focuses on security aspects arising early in the design phase of a patient-centric system. The system presents a blend of emergent technologies such as novel authentication methods, blockchain for access control, and a data lake for patient metadata storage and retrieval based on access rules. We exploit a model-based approach to tackle security assessment using attack-defense trees (ADtrees) formalism and other support diagrams altogether as a way to model and analyse potential attack paths to the system and its countermeasures. The modelling approach helps creating a framework to support the attack vectors analysis and the proposal of appropriate defense mechanisms within the system architecture.

Original languageEnglish
Title of host publicationFrom Data to Models and Back - 10th International Symposium, DataMod 2021, Revised Selected Papers
EditorsJuliana Bowles, Giovanna Broccia, Roberto Pellungrini
PublisherSpringer
Pages61-77
Number of pages17
ISBN (Electronic)978-3-031-16011-0
ISBN (Print)9783031160103
DOIs
Publication statusPublished - 15 Oct 2022
Event10th International Symposium on From Data Models and Back, DataMod 2021, held as a satellite event of the 19th International Conference on Software Engineering and Formal Methods, SEFM 2021 - Virtual, Online
Duration: 6 Dec 20217 Dec 2021

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume13268 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference10th International Symposium on From Data Models and Back, DataMod 2021, held as a satellite event of the 19th International Conference on Software Engineering and Formal Methods, SEFM 2021
CityVirtual, Online
Period6/12/217/12/21

Bibliographical note

Funding Information:
The research in this paper was supported by the EU H2020 project SERUMS: Securing Medical Data in Smart Patient-Centric Healthcare Systems (grant code 826278).

Keywords

  • Attack-defense trees
  • Data sharing
  • Healthcare systems
  • Patient-centric system
  • Security assessment

Fingerprint

Dive into the research topics of 'Model-Based Security Assessment on the Design of a Patient-Centric Data Sharing Platform'. Together they form a unique fingerprint.

Cite this