securing the e-health cloud
DESCRIPTION
TRANSCRIPT
![Page 1: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/1.jpg)
Securing the E-Health Cloud
Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy
1st ACM International Health Informatics Symposium (IHI 2010)Arlington, Virginia, USA, 11-12 November 2010
Freitag, 12. November 2010
![Page 2: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/2.jpg)
IntroductionBuzzwords of the year:
E-Health
Cloud Computing
Freitag, 12. November 2010
![Page 3: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/3.jpg)
Introduction Put together: E-Health Cloud
Freitag, 12. November 2010
![Page 4: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/4.jpg)
Introduction Put together: E-Health Cloud
First idea: a paper with both buzzwords (cool!)
Freitag, 12. November 2010
![Page 5: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/5.jpg)
Introduction Put together: E-Health Cloud
First idea: a paper with both buzzwords (cool!)
Seriously: What about security & privacy?
Freitag, 12. November 2010
![Page 6: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/6.jpg)
Outline
• E-Health Cloud Models
• Security & Privacy Problem Areas
• Security Architecture for Privacy Domains
Freitag, 12. November 2010
![Page 7: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/7.jpg)
Simple E-Health Cloud
Freitag, 12. November 2010
![Page 8: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/8.jpg)
Simple E-Health Cloud
Examples:
...
Freitag, 12. November 2010
![Page 9: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/9.jpg)
Simple E-Health Cloud
Examples:
...• Patients need to manage complex access rights• Patients don‘t understand security implications• Privacy: server provider can gain access to data in PHRs
Freitag, 12. November 2010
![Page 10: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/10.jpg)
Advanced E-Health Cloud
Freitag, 12. November 2010
![Page 11: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/11.jpg)
Advanced E-Health Cloud
Freitag, 12. November 2010
![Page 12: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/12.jpg)
Advanced E-Health Cloud
Freitag, 12. November 2010
![Page 13: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/13.jpg)
Advanced E-Health Cloud
Freitag, 12. November 2010
![Page 14: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/14.jpg)
Advanced E-Health Cloud
Freitag, 12. November 2010
![Page 15: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/15.jpg)
Advanced E-Health Cloud
Freitag, 12. November 2010
![Page 16: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/16.jpg)
Advanced E-Health Cloud
Freitag, 12. November 2010
![Page 17: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/17.jpg)
Advanced E-Health Cloud
Freitag, 12. November 2010
![Page 18: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/18.jpg)
Advanced E-Health Cloud
HealthcareTelematicsBoundary
Freitag, 12. November 2010
![Page 19: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/19.jpg)
Advanced E-Health Cloud
HealthcareTelematicsBoundary
Freitag, 12. November 2010
![Page 20: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/20.jpg)
Advanced E-Health Cloud
HealthcareTelematicsBoundary
Freitag, 12. November 2010
![Page 21: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/21.jpg)
Advanced E-Health Cloud
HealthcareTelematicsBoundary
Freitag, 12. November 2010
![Page 22: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/22.jpg)
Advanced E-Health Cloud
HealthcareTelematicsBoundary
Freitag, 12. November 2010
![Page 23: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/23.jpg)
Advanced E-Health Cloud
HealthcareTelematicsBoundary
Examples:• Europe
- Germany, Austria, Netherlands, ...
• Asia- Taiwan, ...
Freitag, 12. November 2010
![Page 24: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/24.jpg)
Advanced E-Health Cloud
HealthcareTelematicsBoundary
Examples:• Europe
- Germany, Austria, Netherlands, ...
• Asia- Taiwan, ...
Huh! Pretty complex.Must be secure, right?
Freitag, 12. November 2010
![Page 25: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/25.jpg)
Security Problem Areas
• Data Storage and Processing• Data centers: unauthorized information leakage
• Platform security: vulnerable to malware
• Mobile storage (USB memory sticks)
• Infrastructure Management• Cryptographic keys, certificates
• Hardware / software components
• Usability and User Experience• Smartcard PIN (when unconscious?)
• Time consuming
• Platform security: vulnerable to malware
Freitag, 12. November 2010
![Page 26: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/26.jpg)
Security Problem Areas
• Data Storage and Processing• Data centers: unauthorized information leakage
• Platform security: vulnerable to malware
• Mobile storage (USB memory sticks)
• Infrastructure Management• Cryptographic keys, certificates
• Hardware / software components
• Usability and User Experience• Smartcard PIN (when unconscious?)
• Time consuming
• Platform security: vulnerable to malware
Freitag, 12. November 2010
![Page 27: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/27.jpg)
Platform Security (Server)
Freitag, 12. November 2010
![Page 28: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/28.jpg)
Platform Security (Server)
Freitag, 12. November 2010
![Page 29: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/29.jpg)
Platform Security (Server)
Freitag, 12. November 2010
![Page 30: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/30.jpg)
Platform Security (Server)
Freitag, 12. November 2010
![Page 31: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/31.jpg)
Platform Security (Server)
Freitag, 12. November 2010
![Page 32: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/32.jpg)
Platform Security (Server)
Freitag, 12. November 2010
![Page 33: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/33.jpg)
Platform Security (Client)
Freitag, 12. November 2010
![Page 34: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/34.jpg)
Platform Security (Client)
Freitag, 12. November 2010
![Page 35: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/35.jpg)
Platform Security (Client)
Freitag, 12. November 2010
![Page 36: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/36.jpg)
Platform Security (Client)
Freitag, 12. November 2010
![Page 37: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/37.jpg)
Platform Security (Client)
Freitag, 12. November 2010
![Page 38: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/38.jpg)
Platform Security (Client)
Freitag, 12. November 2010
![Page 39: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/39.jpg)
Privacy Domains
Freitag, 12. November 2010
![Page 40: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/40.jpg)
Privacy Domains
Freitag, 12. November 2010
![Page 41: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/41.jpg)
Privacy Domains
Security Kernel
Freitag, 12. November 2010
![Page 42: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/42.jpg)
Privacy Domains
Security Kernel
Freitag, 12. November 2010
![Page 43: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/43.jpg)
Privacy Domains
Security Kernel
Freitag, 12. November 2010
![Page 44: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/44.jpg)
Privacy Domains
Security Kernel
Freitag, 12. November 2010
![Page 45: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/45.jpg)
Privacy Domains
Security Kernel
Freitag, 12. November 2010
![Page 46: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/46.jpg)
Privacy Domains
Security Kernel
Trusted Virtual Domain
Freitag, 12. November 2010
![Page 47: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/47.jpg)
Privacy Domains
Security Kernel
Trusted Virtual Domain
Freitag, 12. November 2010
![Page 48: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/48.jpg)
Privacy Domains
Security Kernel
Trusted Virtual Domain
Freitag, 12. November 2010
![Page 49: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/49.jpg)
Privacy Domains
Security Kernel
Trusted Virtual Domain
Freitag, 12. November 2010
![Page 50: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/50.jpg)
Privacy Domains
Security Kernel
Trusted Virtual Domain
Freitag, 12. November 2010
![Page 51: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/51.jpg)
Privacy Domains
Security Kernel
Trusted Virtual Domain
Freitag, 12. November 2010
![Page 52: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/52.jpg)
Technology:Trusted Virtual Domains (TVDs)
TVD = coalition of virtual machines
• Isolated compartments
• Trust relationships
• Transparent policy enforcement
• Secure communication
• Client platform security(based on modern hardware security functionality)
Freitag, 12. November 2010
![Page 53: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/53.jpg)
Software Architecture
!"#$%&'(!"#$
%&'()*+,&-./
!"#$%&'(!"#$!011#23+435&!-./
066*41)+4#3"#$!6$#1(77435%'87
9(::$#;7($<%&=)4*&>*4(3+
011#23+435)3?!!:4**435!7#"+;)$(@(A5A<!B.&C)"(3(+)66*41)+4#3D
)*+,%*-./0
!"#$ !"#12345*%-"#$011#23+435&-./
!"#12345*%-"#$%&'()*+,&-./
617*3859-)*%:*%
;++&,<5=<>)*%:*%
!%,45*?73%?@3%*
6123=8-)*%:*%
A*B4*%:*%
)*+,%=5(-C*%<*8
73%?@3%*
/<%*45%=+5*?0<5*%<*5-;++*44
Freitag, 12. November 2010
![Page 54: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/54.jpg)
User Interface
Freitag, 12. November 2010
![Page 55: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/55.jpg)
Conclusion
• E-Health Clouds: big security & privacy challenges!
• TVDs can solve unaddressed issues:
• Establish privacy domains
• Extend security to end user platforms
• Ongoing projects: study usability & deploy technology
Freitag, 12. November 2010
![Page 56: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/56.jpg)
Conclusion
• E-Health Clouds: big security & privacy challenges!
• TVDs can solve unaddressed issues:
• Establish privacy domains
• Extend security to end user platforms
• Ongoing projects: study usability & deploy technology
MediTrust
(EU FP7 funded)
(National German)
Freitag, 12. November 2010
![Page 57: Securing the E-Health Cloud](https://reader031.vdocuments.us/reader031/viewer/2022013114/547ba4a0b37959492b8b4dfa/html5/thumbnails/57.jpg)
Questions?
Contact:
Marcel Winandy
Ruhr-University [email protected]
http://www.trust.rub.de
Freitag, 12. November 2010