SECURE INFORMATION FLOW AWARENESS for smart wireless ehealth systems

Similar documents
Health Care 2.0: How Technology is Transforming Health Care

Healthcare Delivery. Transforming. through Mobility Solutions. A Solution White Paper - version 1.0

Mobile Health. Architecture, Applications, Security. Capt Farell FOLLY, Ir. June 20th, Lusaka - ZAMBIA. Africa Internet Summit 2013

HIC 2009 Workshop Introduction to Health Informatics

The HYDRA project. Personal health monitoring

A Study of the Design of Wireless Medical Sensor Network based u- Healthcare System

Internet of things (IOT) applications covering industrial domain. Dev Bhattacharya

Internet of Things on HealthCare and Chinese Wearable Medical Devices

Cryptography and Network Security Chapter 1

n n n n Doctor Patient Nurse / Clerk

Healthcare Services - education and research - developed in the INSEED project

A Study on Design of Health Device for U-Health System

Patient Centricity and the Changing Landscape of Healthcare

Spok Template v2 7/8/2015

ehealth, HIS, etc ehealth All information about health HMIS mhealth HIS Statistical IS Credited: Karl Brown, Rockefeller Foundation

The Total Telehealth Solution

Activating Standardization Bodies Around Medical Apps

Cryptography and Network Security

e-health Initiative Lina Abou Mrad MBA, PMP Director, National E-Health Program Health Insight 4 -March 2014

Evolution of Information Society. after the Mobile Information Society. the emergence of Personal Information Services

Cyber Security Management for Utility Operations by Dennis K. Holstein (Opus Publishing) and Jose Diaz (Thales esecurity)

Copyright Soleran, Inc. esalestrack On-Demand CRM. Trademarks and all rights reserved. esalestrack is a Soleran product Privacy Statement

The Internet of Things: Opportunities & Challenges

PCI Requirements Coverage Summary Table

Health Information Technology & Management Chapter 2 HEALTH INFORMATION SYSTEMS

Iknaia Asset and Personnel Tracking Management System for the Healthcare Industry

Overview of ehr Development. Slide - 1

Domonial, le Sucre. Easy to Use Intruder Detection Systems

Wireless and Mobile Technologies for Healthcare: Ensuring Privacy, Security, and Availability

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

Access is power. Access management may be an untapped element in a hospital s cybersecurity plan. January kpmg.com

BI en Salud: Registro de Salud Electrónico, Estado del Arte!

Monitoring solar PV output

Cloud Based Telehealth

The State of Health Data Exchange: The Impact on Healthcare Operations

Charlie Mountain Top Nowak Senior Director Public Sector Healthcare Solutions

Privacy Policy Version 1.0, 1 st of May 2016

INSTRUCTIONS FOR USE: OA-RX

How To Understand The Difference Between Terminology And Ontology

Wireless Infusion Pumps: Securing Hospitals Most Ubiquitous Medical Device

Clinical Workflow Solutions EXTENSION HealthAlert

Healthcare: Network and infrastructure solutions for an evolving industry. Healthcare Solutions

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards

Table of Contents. Introduction. Audience. At Course Completion

ehealth and Health Information Exchange in Minnesota

EHR Software Feature Comparison

Summer projects for Dept. of IT students in the summer 2015

CMS & ehr - An Update

A Review of the Components and Best Practices in Using Electronic Health Records

Aligning Meaningful Use CQM and PQRS Reporting for 2015

In the pursuit of becoming smart

WHITEPAPER MOBILE REMOTE PATIENT MONITORING. Author: Arif Nasim Head of Mobility Practice

Regulation of Mobile Medical Apps

Pharmaceutical Industry

ONTARIO S EHR CONNECTIVITY STRATEGY IMPROVING PRIMARY TO SPECIALIST REFERRAL THROUGH INTEGRATION. Peter Bascom Chief Architect, ehealth Ontario

WHITE PAPER Usher Mobile Identity Platform

A MEDICAL HEALTH CARE SYSTEM WITH HIGH SECURITY USING ANDROID APPLICATION

Emerson s Smart Wireless and WIB Requirements

The U.S. FDA s Regulation and Oversight of Mobile Medical Applications

North Dakota Telepharmacy Project: An Update

ehealth Pod Pilot Program Challenges I. Identifying Challenges for Providers Not Participating in the Pilot

How To Use Zh Openemr

Implementing and Administering Security in a Microsoft Windows Server 2003 Network

Stefan Sjöström, SEABB, PAPI UGM Automation ABB Underground mining Mobile Integration. ABB Group May 18, 2015 Slide 1 3BSE

Securing Unified Communications for Healthcare

Start your adventure with SMART HOME.

Smart Integration of Wireless Temperature Monitoring System with Building Automation System

Data Management and Good Clinical Practice Patrick Murphy, Research Informatics, Family Health International

PCI Requirements Coverage Summary Table

Physician Champions David C. Kibbe, MD, & Daniel Mongiardo, MD FAQ Responses

The Internet of ANYthing

Guide To Meaningful Use

TELE HEALTH CASE STUDY: TELE RADIOLOGY

Web of Things Architecture

MEDIAWEB HEALTHCARE PATIENT MANAGEMENT SYSTEM CLINICAL DATA & PATIENT INFOTAINMENT

The ELGA initiative: A plan for implementing a nationwide electronic health records system in Austria

Technical Article. NFiC: a new, economical way to make a device NFC-compliant. Prashant Dekate

Transcription:

www. sec.org SECURE INFORMATION FLOW AWARENESS for smart wireless ehealth systems SSD 12 - SCI Chemnitz 2012 stefan pfeiffer, andreas lehmann, sebastian unger, dirk timmermann

Lab-on-a-Chip-Implants (Online Bio-Sensing) Remote Diagnosis Online Drugstores and Remote Drug Ordering Wireless Hospital Administration Online Health Monitoring Remote Patient Supervision

nurse nurse Primary Care Physician Primary Care Physician nurse

nurse nurse Primary Care Physician Primary Care Physician nurse

nurse nurse Primary Care Physician Primary Care Physician nurse

nurse nurse Primary Care Physician Primary Care Physician nurse

Reliable Secure?!?

Two-Layer-Approach

Two-Layer-Approach Technology Devices Users Network Technology

Two-Layer-Approach Technology Security Mechanisms Devices Cryptography Users Security Protocols Network Technology Security Architectures

Two-Layer-Approach Infrastructure Layer Technology Security Mechanisms Devices Cryptography Users Security Protocols Network Technology Security Architectures

Two-Layer-Approach Process Definition Layer (Workflows / Automation Processes) Infrastructure Layer Technology Security Mechanisms Devices Cryptography Users Security Protocols Network Technology Security Architectures

Process Definition Layer Security Information Flow Control Security Domain: Public (Low) Public Private Security Domain: Private (High)

Process Definition Layer Security Information Flow Control Security Domain: Public (Low) Information Flow: Low High Public Information Flow: High Low Private Security Domain: Private (High)

Example Process

Infrastructure Layer - Users Primary Care Physician Patient Emergency Physician

Infrastructure Layer - Devices Primary Care Physician Body Area Network Bluetooth Compliant 3G Smartphone Patient Sensor EHR Database Medical In-Car- Information-System Emergency Physician

Infrastructure Layer - Networking Primary Care Physician 3G Transmission Tower Body Area Network Internet Carrier Internet Gateway Forwarding Send / Receive Send / Receive Bluetooth Compliant 3G Smartphone Patient Sensor EHR Database Medical In-Car- Information-System Emergency Physician

Infrastructure Layer - Security Primary Care Physician 3G Transmission Tower Body Area Network Internet Carrier Internet Gateway Forwarding Send / Receive Send / Receive Bluetooth Compliant 3G Smartphone Patient Sensor EHR Database Medical In-Car- Information-System Emergency Physician

Process Definition Layer Process Security Policy: Only Primary Care Physician and Patient have access to the patients EHR database.

Process Definition Layer Process Security Policy: Only Primary Care Physician and Patient have access to the patients EHR database. Process Model (informal): FALL DETECTION sensor alarm patient fell to ground BLOOD PRESSURE sensor alarm drop in blood pressure

Process Definition Layer Process Security Policy: Only Primary Care Physician and Patient have access to the patients EHR database. Process Model (informal): FALL DETECTION sensor alarm patient fell to ground BLOOD PRESSURE sensor alarm drop in blood pressure EMERGENCY CALL sent autonomously (location, ID, )

Process Definition Layer Process Security Policy: Only Primary Care Physician and Patient have access to the patients EHR database. Process Model (informal): FALL DETECTION sensor alarm patient fell to ground BLOOD PRESSURE sensor alarm drop in blood pressure EMERGENCY CALL sent autonomously (location, ID, ) Emergency doctor receives call immediately STARTS DRIVING to location MEDICAL IN-CAR-INFORMATION-SYSTEM accesses the central EHR DATABASE requesting for: drug intolerances medicamentous specialities

Process Definition Layer Process Security Policy: Only Primary Care Physician and Patient have access to the patients EHR database. Process Model (informal): FALL DETECTION sensor alarm patient fell to ground BLOOD PRESSURE sensor alarm drop in blood pressure EMERGENCY CALL sent autonomously (location, ID, ) Emergency doctor receives call immediately STARTS DRIVING to location MEDICAL IN-CAR-INFORMATION-SYSTEM accesses the central EHR DATABASE requesting for: drug intolerances medicamentous specialities emergency doctor provides a PERSONALIZED EMERGENCY TREATMENT

Verification Framework

Verification Framework 1. Process Modeling w.r.t. Infrastructure Layer BPMN 2.0 Model: (ID)

Verification Framework 2. Security Annotation in Business Process Model w.r.t. Security Policy Annotated BPMN 2.0 Model: (ID)

Verification Framework 3. Transformation from Business Process Model to Formalism (here: Petri nets) Annotated BPMN 2.0 Model Petri net Model

Verification Framework 4. Fully Automated Verification of Process Definition Layer Security Properties Tool Support (Full Automation) ANICA secure?!? LoLA Information Flow Violations Witness Path

Verification Framework 5. Information Flow Violation BP-Model-Feedback (Witness Path) Petri net Model

Verification Framework 5. Information Flow Violation BP-Model-Feedback (Witness Path) BPMN 2.0 Model Petri net Model

Conclusion 1. Detect ALL Information Leaks in mhealth workflows 2. Reliable Secure Workflows in mhealth Applications

Thank you for your attention! For further information and details, don t hesitate to ask... Stefan Pfeiffer Andreas Lehmann... or visit our websites... www. sec.org

Backup Slides

ehealth Information Flow Violations 1. Emergency Information Flow Violation 2. Untrusted / Not Certified System Components 3. Information Flow Policy Violation by Design

Verification Framework

Security The Ancient Way Security Mechanisms: guarded single entry point guarded walls built upon hills ALARM in-castle information system

Security The Ancient Way

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information