Securing the E-Health Cloud
|
|
|
- Arabella Greene
- 10 years ago
- Views:
Transcription
1 Securing the E-Health Cloud Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy 1st ACM International Health Informatics Symposium (IHI 2010) Arlington, Virginia, USA, November 2010
2 Introduction Buzzwords of the year: E-Health Cloud Computing
3 Introduction Put together: E-Health Cloud
4 Introduction Put together: E-Health Cloud First idea: a paper with both buzzwords (cool!)
5 Introduction Put together: E-Health Cloud First idea: a paper with both buzzwords (cool!) Seriously: What about security & privacy?
6 Outline E-Health Cloud Models Security & Privacy Problem Areas Security Architecture for Privacy Domains
7 Simple E-Health Cloud
8 Simple E-Health Cloud Examples:...
9 Simple E-Health Cloud Examples: Patients need to manage complex access rights Patients don t understand security implications... Privacy: server provider can gain access to data in PHRs
10 Advanced E-Health Cloud
11 Advanced E-Health Cloud
12 Advanced E-Health Cloud
13 Advanced E-Health Cloud
14 Advanced E-Health Cloud
15 Advanced E-Health Cloud
16 Advanced E-Health Cloud
17 Advanced E-Health Cloud
18 Advanced E-Health Cloud Healthcare Telematics Boundary
19 Advanced E-Health Cloud Healthcare Telematics Boundary
20 Advanced E-Health Cloud Healthcare Telematics Boundary
21 Advanced E-Health Cloud Healthcare Telematics Boundary
22 Advanced E-Health Cloud Healthcare Telematics Boundary
23 Advanced E-Health Cloud Healthcare Telematics Boundary Examples: Europe - Germany, Austria, Netherlands,... Asia - Taiwan,...
24 Advanced E-Health Cloud Healthcare Telematics Boundary Examples: Europe - Germany, Austria, Netherlands,... Asia - Taiwan,... Huh! Pretty complex. Must be secure, right?
25 Security Problem Areas Data Storage and Processing Data centers: unauthorized information leakage Platform security: vulnerable to malware Mobile storage (USB memory sticks) Infrastructure Management Cryptographic keys, certificates Hardware / software components Usability and User Experience Smartcard PIN (when unconscious?) Time consuming
26 Security Problem Areas Data Storage and Processing Data centers: unauthorized information leakage Platform security: vulnerable to malware Mobile storage (USB memory sticks) Infrastructure Management Cryptographic keys, certificates Hardware / software components Usability and User Experience Smartcard PIN (when unconscious?) Time consuming
27 Platform Security (Server)
28 Platform Security (Server)
29 Platform Security (Server)
30 Platform Security (Server)
31 Platform Security (Server)
32 Platform Security (Server)
33 Platform Security (Client)
34 Platform Security (Client)
35 Platform Security (Client)
36 Platform Security (Client)
37 Platform Security (Client)
38 Platform Security (Client)
39 Privacy Domains
40 Privacy Domains
41 Privacy Domains Security Kernel
42 Privacy Domains Security Kernel
43 Privacy Domains Security Kernel
44 Privacy Domains Security Kernel
45 Privacy Domains Security Kernel
46 Privacy Domains Trusted Virtual Domain Security Kernel
47 Privacy Domains Trusted Virtual Domain Security Kernel
48 Privacy Domains Trusted Virtual Domain Security Kernel
49 Privacy Domains Trusted Virtual Domain Security Kernel
50 Privacy Domains Trusted Virtual Domain Security Kernel
51 Privacy Domains Trusted Virtual Domain Security Kernel
52 Technology: Trusted Virtual Domains (TVDs) TVD = coalition of virtual machines Isolated compartments Trust relationships Transparent policy enforcement Secure communication Client platform security (based on modern hardware security functionality)
53 Software Architecture /<%*45%=+5*? 0<5*%<*5-;++*44!"#$!"#12345*%-"#$ 011#23+435&-./ )*+,%*-./0 617*3859- )*%:*% 6123=8-)*%:*%!"#$%&'(!"#$ %&'()*+,&-./ 066*41)+4#3 "#$!6$#1(77435 %'87 9(::$#;7($< %&=)4*&>*4(3+ 011# )3?!!:4**435! C)"(3(+ )66*41)+4#3D!"#$%&'(!"#$! 011#23+435&! -./ ;++&,<5=<> )*%:*% A*B4*%:*% )*+,%=5(-C*%<*8!"#12345*%-"#$ %&'()*+,&-./
54 User Interface
55 Conclusion E-Health Clouds: big security & privacy challenges! TVDs can solve unaddressed issues: Establish privacy domains Extend security to end user platforms Ongoing projects: study usability & deploy technology
56 Conclusion E-Health Clouds: big security & privacy challenges! TVDs can solve unaddressed issues: Establish privacy domains Extend security to end user platforms Ongoing projects: study usability & deploy technology (EU FP7 funded) MediTrust (National German)
57 Questions? Contact: Marcel Winandy Ruhr-University Bochum
A Note on the Security in the Card Management System of the German E-Health Card
A Note on the Security in the Card Management System of the German E-Health Card Marcel Winandy (Ruhr-University Bochum) 3rd International ICST Conference on Electronic Healthcare for the 21st Century
Uni-directional Trusted Path: Transaction Confirmation on Just One Device
Uni-directional Trusted Path: Transaction Confirmation on Just One Device Atanas Filyanov 1, Jonathan M. McCune 2, Ahmad-Reza Sadeghi 3, Marcel Winandy 1 1 Ruhr-University Bochum, Germany 2 Carnegie Mellon
Patterns for Secure Boot and Secure Storage in Computer Systems
Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de
AN ENHANCED ATTRIBUTE BASED ENCRYPTION WITH MULTI PARTIES ACCESS IN CLOUD AREA
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 1, January 2014,
Security Requirements of a Trusted Virtual Domain (TVD)
Trusted Virtual Domains Design, Implementation and Lessons Learned Luigi Catuogno 1, Alexandra Dmitrienko 1, Konrad Eriksson 2, Dirk Kuhlmann 3, Gianluca Ramunno 4, Ahmad-Reza Sadeghi 1, Steffen Schulz
Global eid Developments. Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, and Africa
Global eid Developments Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, and Africa Agenda Country View on eid initiatives Trustworthy Identity Scenarios Microsoft eid update Summary
A SECURITY ARCHITECTURE FOR ACCESSING HEALTH RECORDS ON MOBILE PHONES
A SECURITY ARCHITECTURE FOR ACCESSING HEALTH RECORDS ON MOBILE PHONES Alexandra Dmitrienko, Zecir Hadzic, Hans Löhr and Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany
Property Based TPM Virtualization
Property Based Virtualization Marcel Winandy Joint work with: Ahmad Reza Sadeghi, Christian Stüble Horst Görtz Institute for IT Security Chair for System Security Ruhr University Bochum, Germany Sirrix
PRISMACLOUD. Privacy and Security Maintaining Services in the Cloud Thomas Loruenser AIT Austrian Institute of Technology GmbH
PRISMACLOUD Privacy and Security Maintaining Services in the Cloud Thomas Loruenser AIT Austrian Institute of Technology GmbH FOC2015 Vienna / 17.06.2015 Challenges for Future ICT Systems Cloud computing
Security Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
Security and Privacy Issues and Requirements for Healthcare Cloud Computing
ICT Innovations 2012 Web Proceedings ISSN 1857-7288 143 Security and Privacy Issues and Requirements for Healthcare Cloud Computing Goce Gavrilov 1, Vladimir Trajkovik 2 1 Health Insurance Fund of Macedonia,
Hardware Security Modules for Protecting Embedded Systems
Hardware Security Modules for Protecting Embedded Systems Marko Wolf, ESCRYPT GmbH Embedded Security, Munich, Germany André Weimerskirch, ESCRYPT Inc. Embedded Security, Ann Arbor, USA 1 Introduction &
An Overview of Information Security Frameworks. Presented to TIF September 25, 2013
An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information
The Porticor Virtual Private Data solution includes two or three major components:
Architecture The Porticor solution offers a rich variety of cloud encryption capabilities. Your project s needs and characteristics will determine the right choices for your application. The Porticor Virtual
Start building a trusted environment now... (before it s too late) IT Decision Makers
YOU CAN T got HAP Start building a trusted environment now... IT Decision Makers (before it s too late) HAP reference implementations and commercial solutions are available now in the HAP Developer Kit.
Managing Enterprise Devices and Apps using System Center Configuration Manager
Course 20696B: Managing Enterprise Devices and Apps using System Center Configuration Manager Course Details Course Outline Module 1: Managing Desktops and Devices in the Enterprise This module explains
Perspectives on Cloud Computing and Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory
Perspectives on Cloud Computing and Standards Peter Mell, Tim Grance NIST, Information Technology Laboratory Standardization and Cloud Computing Cloud computing is a convergence of many technologies Some
Taking a Data-Centric Approach to Security in the Cloud
Taking a Data-Centric Approach to Security in the Cloud Bob West Chief Trust Officer CipherCloud 2014 CipherCloud All rights reserved 1 Taking a Data-Centric Approach to Cloud Data Protection Bob West
EESTEL. Association of European Experts in E-Transactions Systems. Apple iphone 6, Apple Pay, What else? EESTEL White Paper.
EESTEL White Paper October 29, 2014 Apple iphone 6, Apple Pay, What else? On 2014, September 9 th, Apple has launched three major products: iphone 6, Apple Watch and Apple Pay. On October 17 th, Apple
Overview. The world's first Telekom enterprise PUblic CLOUD with data security and privacy under German law
OPEN TELEKOM CLOUD Open TELEKOM CLOUD Overview Open Telekom Cloud is an OpenStack-based Infrastructure as a s (IaaS) designed for web- and application-services New public cloud services, perfect for all
Digital Rights Management Demonstrator
Digital Rights Management Demonstrator Requirements, Analysis, and Design Authors: Andre Osterhues, Marko Wolf Institute: Ruhr-University Bochum Date: March 2, 2007 Abstract: This document describes a
Cloud Security Introduction and Overview
Introduction and Overview Klaus Gribi Senior Security Consultant [email protected] May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious
John Essner, CISO Office of Information Technology State of New Jersey
John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management
Windows Phone 8 Security Overview
Windows Phone 8 Security Overview This white paper is part of a series of technical papers designed to help IT professionals evaluate Windows Phone 8 and understand how it can play a role in their organizations.
BYOzzzz: Focusing on the Unsolved Challenges of Mobility, An Industry Perspective
BYOzzzz: Focusing on the Unsolved Challenges of Mobility, An Industry Perspective Kit Colbert CTO, End-User Computing 2014 VMware Inc. All rights reserved. VMware: Addressing the Market From Data Center
Using BitLocker As Part Of A Customer Data Protection Program: Part 1
Using BitLocker As Part Of A Customer Data Protection Program: Part 1 Tech Tip by Philip Cox Source: searchsecuritychannel.com As an information security consultant, one of my jobs is to help my clients
Brainloop Cloud Security
Whitepaper Brainloop Cloud Security Guide to secure collaboration in the cloud www.brainloop.com Sharing information over the internet The internet is the ideal platform for sharing data globally and communicating
University of Central Florida Class Specification Administrative and Professional. Information Security Officer
Information Security Officer Job Code: 2534 Serve as the information security officer for the University. Develop and computer security system standards, policies, and procedures. Serve as technical team
Malicious Websites uncover vulnerabilities (browser, plugins, webapp, server), initiate attack steal sensitive information, install malware, compromise victim s machine Malicious Websites uncover vulnerabilities
Chapter 6: Fundamental Cloud Security
Chapter 6: Fundamental Cloud Security Nora Almezeini MIS Department, CBA, KSU From Cloud Computing by Thomas Erl, Zaigham Mahmood, and Ricardo Puttini(ISBN: 0133387526) Copyright 2013 Arcitura Education,
HEC Security & Compliance
HEC Security & Compliance SAP Security, Risk & Compliance Office November, 2014 Public Version 2.0 Details Introduction Overview Security Offering Approach Certifications Introduction Dear Customer, Information
涉 密 网 络 中 的 数 据 保 护 技 术
第 42 卷 第 1 期 电 子 科 技 大 学 学 报 Vol.42 No.1 2013 年 1 月 Journal of University of Electronic Science and Technology of China Jan. 2013 Data Protection Technology in Classified Networks CHEN Xun, HAN Zhen, and
How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1
How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1 2 How does IBM deliver cloud security? Contents 2 Introduction 3 Cloud governance 3 Security governance, risk management
How To Secure Cloud Computing
A hole in the cloud: Is cloud secure? N. Vijaykumar Infosys Technologies Limited, Bangalore presented at Security in cloud is a key challenge! 70% 60% 50% 40% 30% 20% 10% 0% Data integrity tampering Hacker
The True Story of Data-At-Rest Encryption & the Cloud
The True Story of Data-At-Rest Encryption & the Cloud by Karen Scarfone Principal Consultant Scarfone Cybersecurity Sponsored by www.firehost.com (US) +1 844 682 2859 (UK) +44 800 500 3167 twitter.com/firehost
Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101
Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro
Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao Guocui.gao@tufts.
Tufts University Department of Computer Science COMP 116 Introduction to Computer Security Fall 2014 Final Project Investigating Security Issues in Cloud Computing Guocui Gao [email protected] Mentor:
Cloud Computing Security Considerations
Cloud Computing Security Considerations Roger Halbheer, Chief Security Advisor, Public Sector, EMEA Doug Cavit, Principal Security Strategist Lead, Trustworthy Computing, USA January 2010 1 Introduction
Security Issues On Cloud Computing
Security Issues On Cloud Computing Pratibha Tripathi #1, Mohammad Suaib #2 1 M.Tech(CSE), Second year 2 Research Guide # Department of Computer Science and Engineering Abstract Integral University, Lucknow
Enterprise Data Protection
PGP White Paper June 2007 Enterprise Data Protection Version 1.0 PGP White Paper Enterprise Data Protection 2 Table of Contents EXECUTIVE SUMMARY...3 PROTECTING DATA EVERYWHERE IT GOES...4 THE EVOLUTION
REMOTE ASSISTANCE SOLUTIONS Private Server
REMOTE ASSISTANCE SOLUTIONS Private Server UBIQUITY components Control Center: client on the remote assistance PC Ubiquity Runtime: software installed on the remote device Ubiquity Server Infrastructure:
managing the risks of virtualization
managing the risks of virtualization Chris Wraight CA Technologies 28 February 2011 Session Number 8951 abstract Virtualization opens the door to a world of opportunities and well managed virtualization
What is the Right Security Solution for Mobile Computing? #RSAC
SESSION ID: SPO1-T09 Trust in Mobile Enterprise Have We Lost the Game? MODERATOR: Prof. Dr. Norbert Pohlmann Professor Computer Science Department for Information Security, Director of the Institute for
Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.
Federal CIO Council Information Security and Identity Management Committee (ISIMC) Guidelines for the Secure Use of Cloud Computing by Federal Departments and Agencies DRAFT V0.41 Earl Crane, CISSP, CISM
Thales e-security Key Isolation for Enterprises and Managed Service Providers
Thales e-security Key Isolation for Enterprises and Managed Service Providers Technical White Paper May 2015 Contents 1. Introduction 1. Introduction... 2 2. Business Models.... 3 3. Security World...
Secure Multi Tenancy In the Cloud. Boris Strongin VP Engineering and Co-founder, Hytrust Inc. [email protected]
Secure Multi Tenancy In the Cloud Boris Strongin VP Engineering and Co-founder, Hytrust Inc. [email protected] At-a-Glance Trends Do MORE with LESS Increased Insider Threat Increasing IT spend on cloud
Securing the Access to Electronic Health Records on Mobile Phones
Securing the Access to Electronic Health Records on Mobile Phones Alexandra Dmitrienko 1, Zecir Hadzic 1, Hans Löhr 1, Ahmad-Reza Sadeghi 2, and Marcel Winandy 1 1 Horst Görtz Institute for IT-Security
Patient Records: Challenges for and Approaches to Safety and Security
Patient Records: Challenges for and Approaches to Safety and Security Klaus Pommerening IMBEI, Universitätsmedizin Mainz ehealth Workshop, London, 16 June 2011 5 Challenges of ehealth for the Next Years
Longmai Mobile PKI Solution
Longmai Mobile PKI Solution A quick Solution to External and Internal fraud in Insurance Industry Putting the client at the center of modernization Contents 1. INTRODUCTION... 3 1.1 Challenges... 3 1.2
Security Model for VM in Cloud
Security Model for VM in Cloud 1 Venkataramana.Kanaparti, 2 Naveen Kumar R, 3 Rajani.S, 4 Padmavathamma M, 5 Anitha.C 1,2,3,5 Research Scholars, 4Research Supervisor 1,2,3,4,5 Dept. of Computer Science,
A Secure Autonomous Document Architecture for Enterprise Digital Right Management
A Secure Autonomous Document Architecture for Enterprise Digital Right Management Manuel Munier LIUPPA Université de Pau et des Pays de l Adour Mont de Marsan, France [email protected] SITIS 2011
UNCLASSIFIED Version 1.0 May 2012
Secure By Default: Platforms Computing platforms contain vulnerabilities that can be exploited for malicious purposes. Often exploitation does not require a high degree of expertise, as tools and advice
Solutions as a Service N.Konstantinidis Technical Director - MNG
Med Nautilus Greece Connected World April 10, 2014 Solutions as a Service N.Konstantinidis Technical Director - MNG MedNautilus Greece Solutions as a Service 2014 SINCE 2002 Data Center Physical Colocation
Cloud Computing Security Audit
Cloud Computing Security Audit Teddy Sukardi [email protected] Indonesia IT Consultant Association IKTII Chairman Agenda The data center and the cloud Concerns with cloud implementation The role of cloud
Securing Cloud Computing by GED-i
Securing Cloud Computing by GED-i General Most IT professionals estimate that the cloud computing environment will dominate the deployment and usage of the IT and storage environment in the near future.
Configuring your deployment with
An Abbott Company Relying on IT to handle upgrades and resolve issues is smart. Configuring your deployment with STARLIMS secure, cost-effective cloud technology IS SMARTER. STARLIMS.COM CREATING SMARTER
Integrating the Healthcare Enterprise (IHE): Enable Seamless and Secure Access to Health Information. IHE Europe Peter Mildenberger (User Co Chair)
Integrating the Healthcare Enterprise (IHE): Enable Seamless and Secure Access to Health Information IHE Europe Peter Mildenberger (User Co Chair) Real World (outside Healthcare) Use Cases in Healthcare
Check Point and Security Best Practices. December 2013 Presented by David Rawle
Check Point and Security Best Practices December 2013 Presented by David Rawle Housekeeping o Mobiles on Silent o No File Alarms planned o Fire exits are in front and behind and down the stairs o Downstairs
Course Outline. Managing Enterprise Devices and Apps using System Center Configuration ManagerCourse 20696B: 5 days Instructor Led
Managing Enterprise Devices and Apps using System Center Configuration ManagerCourse 20696B: 5 days Instructor Led About this Course Get expert instruction and hands-on practice configuring and managing
Entrust IdentityGuard
+1-888-437-9783 [email protected] IdentiSys.com Distributed by: Entrust IdentityGuard is an award-winning software-based authentication enterprises and governments. The solution serves as an organization's
Cloud security architecture
ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide
Securing Data on Portable Media. www.roxio.com
Securing Data on Portable Media www.roxio.com Contents 2 Contents 3 Introduction 4 1 The Importance of Data Security 5 2 Roxio Secure 5 Security Means Strong Encryption 6 Policy Control of Encryption 7
Securing Virtual Applications and Servers
White Paper Securing Virtual Applications and Servers Overview Security concerns are the most often cited obstacle to application virtualization and adoption of cloud-computing models. Merely replicating
EXIN Cloud Computing Foundation
Sample Questions EXIN Cloud Computing Foundation Edition April 2013 Copyright 2013 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored in a data processing
Cloud Security Fails & How the SDLC could (not?) have prevented them
Cloud Security Fails & How the SDLC could (not?) have prevented them CSA CEE Summit 2015, Ljubjana By Christopher Scheuring, ERNW Germany #2 /whoami Christopher Scheuring Security Analyst @ ERNW Since
That Point of Sale is a PoS
SESSION ID: HTA-W02 That Point of Sale is a PoS Charles Henderson Vice President Managed Security Testing Trustwave @angus_tx David Byrne Senior Security Associate Bishop Fox Agenda POS Architecture Breach
Advanced Authentication
Architecture Overview Authasas Advanced Authentication Strong Authenticating to Novell edirectory using Domain Services for Windows November, 2011 Authasas Advanced Authentication Asterweg 19D12 1031 HL
Securing the Cloud Infrastructure
EXECUTIVE STRATEGY BRIEF Microsoft recognizes that security and privacy protections are essential to building the necessary customer trust for cloud computing to reach its full potential. This strategy
Course MS20696A Managing Enterprise Devices and Apps using System Center Configuration Manager
3 Riverchase Office Plaza Hoover, Alabama 35244 Phone: 205.989.4944 Fax: 855.317.2187 E-Mail: [email protected] Web: www.discoveritt.com Course MS20696A Managing Enterprise Devices and Apps using
Private Cloud for Every Organization
white paper Private Cloud for Every Organization Leveraging the community cloud As more organizations today seek to gain benefit from the flexibility and scalability of cloud environments, many struggle
