Download pdf - Securing the E-Health Cloud

Securing the E-Health Cloud

Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy

1st ACM International Health Informatics Symposium (IHI 2010)Arlington, Virginia, USA, 11-12 November 2010

Freitag, 12. November 2010

IntroductionBuzzwords of the year:

E-Health

Cloud Computing


Introduction Put together: E-Health Cloud



First idea: a paper with both buzzwords (cool!)



First idea: a paper with both buzzwords (cool!)

Seriously: What about security & privacy?


Outline

• E-Health Cloud Models

• Security & Privacy Problem Areas

• Security Architecture for Privacy Domains


Simple E-Health Cloud



Examples:

...



Examples:

...• Patients need to manage complex access rights• Patients don‘t understand security implications• Privacy: server provider can gain access to data in PHRs


Advanced E-Health Cloud

















HealthcareTelematicsBoundary
















Examples:• Europe

- Germany, Austria, Netherlands, ...

• Asia- Taiwan, ...




Examples:• Europe

- Germany, Austria, Netherlands, ...

• Asia- Taiwan, ...

Huh! Pretty complex.Must be secure, right?


Security Problem Areas

• Data Storage and Processing• Data centers: unauthorized information leakage

• Platform security: vulnerable to malware

• Mobile storage (USB memory sticks)

• Infrastructure Management• Cryptographic keys, certificates

• Hardware / software components

• Usability and User Experience• Smartcard PIN (when unconscious?)

• Time consuming



Security Problem Areas

• Data Storage and Processing• Data centers: unauthorized information leakage


• Mobile storage (USB memory sticks)

• Infrastructure Management• Cryptographic keys, certificates

• Hardware / software components

• Usability and User Experience• Smartcard PIN (when unconscious?)

• Time consuming



Platform Security (Server)












Platform Security (Client)












Privacy Domains


Privacy Domains


Privacy Domains

Security Kernel


Privacy Domains

Security Kernel


Privacy Domains

Security Kernel


Privacy Domains

Security Kernel


Privacy Domains

Security Kernel


Privacy Domains

Security Kernel

Trusted Virtual Domain


Privacy Domains

Security Kernel



Privacy Domains

Security Kernel



Privacy Domains

Security Kernel



Privacy Domains

Security Kernel



Privacy Domains

Security Kernel



Technology:Trusted Virtual Domains (TVDs)

TVD = coalition of virtual machines

• Isolated compartments

• Trust relationships

• Transparent policy enforcement

• Secure communication

• Client platform security(based on modern hardware security functionality)


Software Architecture

!"#$%&'(!"#$

%&'()*+,&-./

!"#$%&'(!"#$!011#23+435&!-./

066*41)+4#3"#$!6$#1(77435%'87

9(::$#;7($<%&=)4*&>*4(3+

011#23+435)3?!!:4**435!7#"+;)$(@(A5A<!B.&C)"(3(+)66*41)+4#3D

)*+,%*-./0

!"#$ !"#12345*%-"#$011#23+435&-./

!"#12345*%-"#$%&'()*+,&-./

617*3859-)*%:*%

;++&,<5=<>)*%:*%

!%,45*?73%?@3%*

6123=8-)*%:*%

A*B4*%:*%

)*+,%=5(-C*%<*8

73%?@3%*

/<%*45%=+5*?0<5*%<*5-;++*44


User Interface


Conclusion

• E-Health Clouds: big security & privacy challenges!

• TVDs can solve unaddressed issues:

• Establish privacy domains

• Extend security to end user platforms

• Ongoing projects: study usability & deploy technology


Conclusion

• E-Health Clouds: big security & privacy challenges!

• TVDs can solve unaddressed issues:

• Establish privacy domains

• Extend security to end user platforms

• Ongoing projects: study usability & deploy technology

MediTrust

(EU FP7 funded)

(National German)


Questions?

Contact:

Marcel Winandy

Ruhr-University [email protected]

http://www.trust.rub.de


mailto:[email protected]

mailto:[email protected]

