CoreGRID: European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies.

Slides:



Advertisements
Similar presentations
Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Advertisements

© fedict All rights reserved Legal aspects Belgian electronic identity card Samoera Jacobs – November 2008.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
A strategy for a Secure Information Society –
CoreGRID: European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies.
CoreGRID: European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies.
CoreGRID: European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies.
CoreGRID: European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies.
1 FPEG Identity theft & payment fraud point December 2007.
Conclusions from e-Health
CURRENT SITUATION OF E-HEALTH IN MYANMAR Nang Kham Oo Leik Central Womens Hospital
Public B2B Exchanges and Support Services
HIPAA AWARENESS TRAINING
Using Information at the University University Secretarys Office
Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.
The Legal Foundation TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
Red-Flag Identity Theft Requirements February 19th 2009 Cathy Casagrande, Privacy Officer.
Hart District Acceptable Use Policy Acceptable Use Policy.
2 1.Client protection principles 2.Principle #6 in practice 3.The client perspective 4.Participant feedback 5.Tools for improving practice 6.Conclusion.
Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
Primary and secondary use of EHR: Enhancing clinical research Pharmaceutical Industry Perspectives Dr. Karin Heidenreich Senior Public Affairs Manager/Novartis.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 2.
Lesson 30 Computer Safety and Ethics
Registry system data exchange General design requirements Pre-sessional Consultations on Registries 19 October 2002 New Delhi, India UNFCCC secretariat.
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Page 1 Issues in and perspectives on electronic authentication of health professionals Pascal POITEVIN Marketing and Communication manager GIP-CPS e-Health.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.
Dec 13 th CS555 presentation1 Yiwen Wang --“Securing the DB may be the single biggest action an organization can take to protect its assets” David C. Knox.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Web Application Security
OWASP Mobile Top 10 Why They Matter and What We Can Do
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
The Use of Health Information Technology in Physician Practices
CLOUD AND SECURITY: A LEGISLATOR'S PERSPECTIVE 6/7/2013.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
CS CS 5150 Software Engineering Lecture 18 Security.
State Alliance for e-Health Conference Meeting January 26, 2007.
Chapter 6 – Data Handling and EPR. Electronic Health Record Systems: Government Initiatives and Public/Private Partnerships EHR is systematic collection.
From Privacy to Information Governance Dr Petra Wilson Internet Business Solutions Group - Cisco.
Electronic Health Records: Healthcare System’s Common Trends Based on Cloud Computing Group 2: OU Jin FANG Ting
Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.
 The use of telecommunications technology to provide, enhance, or expedite health care services.  Accessing off-site databases, linking clinics or physicians'
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
CIP 2015 Smart Grid Vulnerability Assessment Using National Testbed Networks IHAB DARWISHOBINNA IGBETAREQ SAADAWI.
E-Health concept in Romania Sofia, 7 th of June 2005.
Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
Security Vulnerabilities in A Virtual Environment
Unit 7 Seminar.  According to Sanderson (2009), the problems with the current paper-based health record system have been well documented. The author.
OWASP Building Secure Web Applications And the OWASP top 10 vulnerabilities.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
Web Database Security Session 12 & 13 Matakuliah: Web Database Tahun: 2008.
ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.
EHealth Development Vision. eHealth ojectives Healthcare systems and network focused on the patient: Not patient runs between institutions but the patients’
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill/Irwin Chapter 6 The Privacy and Security of Electronic Health Information.
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 3 This material was developed by Oregon Health & Science University,
Information Security and Privacy in HRIS
Introduction to Health Privacy
Module 4 System and Application Security
Presentation transcript:

CoreGRID: European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies Data Safety in the Grid Environment University of Cyprus and FORTH ICS (Greece) Jesus Luna Feb-2008

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 2 Outline Motivation: eHealth Security risks Why privacy? Legal approach: an overview Technological approach Conclusions

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 3 Motivation: eHealth eHealth describes the application of IT and communications technologies across the whole range of functions that affect the health sector, from the doctor to the hospital manager, via nurses, data processing specialists, social security administrators and - of course - the patients. eHealth (like eGoverment and eBanking) promises substantial productivity gains and restructured, citizen- centered health systems. Examples: –Intensive Care Medicine. –ePharmacies. –Telemedicine.

Security Risks

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 5 With reward comes risk The Reward –Quality of care –Fewer errors –Communication –Operational efficiency –Savings The Risk –More vulnerable to an attack Network-connected devices, systems & applications

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 6 eHealth is a delicious target for hackers Health industry payers and providers make attractive targets for identity theft and certain other cybercriminals because they collect and maintain large volumes of protected health information as well as other sensitive personal and financial data and conduct many transactions electronically... (May-05) (American Bar Association)

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 7 A few examples… A computer intruder broke into a Seattle area hospital and downloaded thousands of private medical records earlier this year. (Dec-2000) A former branch manager with the San Jose Medical Group (California) has been accused of stealing computers and the disk that contained 185,000 patients records. (May-2005) Duke University Health System instructed 14,500 users of its Web sites to create new passwords after the system's operators discovered a security breach. (June-2005)

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 8 eHealth Vulnerability Reporting Program (EHVRP/May 2006) According to the Open Web Application Security Project (OWASP): OWASP Top 10 VulnerabilitiesProblems Found 1. Unvalidated input 2. Broken access control 3. Broken authentication and session mgt. 4. Cross site scripting (XSS) flaws 5. Buffer overflows 6. Injection flaws 7. Improper error handling 8. Insecure storage 9. Denial of service 10. Insecure configuration management

Why Privacy?

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 10 Privacy is the name of the –eHealth- game Privacy is the right of an individual or group to hide information about themselves, disclosing it to Authorized entities. It is central to the doctor-patient relationship (even since the ancient Hippocratic Oath!). But there are issues that may arise: –Security trade-offs (i.e. User authentication). –Legal issues, because eHealth privacy laws are quite new (i.e. EU) or provide only partial solutions (i.e. US).

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 11 Privacy means Trust! If Patients do not trust eHealth systems: –Give inaccurate or incomplete information. –Ask the doctor not to write down certain health information or to record a less serious or embarrassing conditions. –Avoid care altogether. Therefore: –Patient with undetected and untreated conditions. –Future treatment may be compromised if the doctor misrepresents patient information. –Life-threatening situations! Comprehensive solution: eHealth Privacy = Legal + Technological

Legal approach: an overview

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 13 Legally eHealth The heart of the European eHealth world is the Electronic Health Record (EHR). Based on current Data Protection legislations, patients consent legitimates the EHR processing. But, what if the patient is unable to give his consent due to a critical situation? The European Health Management Association (EHMA) along with the Commission called for the Legally eHealth project to study these kind of issues.

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 14 Example: EHMAs legal recommendations on eHealth Data Protection IssuesRecommendation Patients consent must be explicit. Medical data may be processed without consent if vital interest for the user or subject incapable (physically or legally) of giving it. EC to co-ordinate adoption of specific rules for the processing of health information to balance patients and public health interests, without recourse to the concept of consent.

Technological approach

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 16 Use Case 1:Electronic Health Card (Germany) To replace European Health Insurance Card. Patient decides IF and WHICH information can be recorded or deleted and WHO has access to it. Two-keys principle: –The card itself. –PIN as sign of consent. In emergencies, data can be accessed with a Health Professional Card (i.e. ICU, paramedics). 50 most recent accesses are logged. Administrative Data Cryptoprocessor

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 17 Use Case 2: Protecting ICGrid From sensors Patients personal data

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 18 Step 1.- security analysis Inter-site comm. encrypted Attacker may Damage link Compromise not feasible Internal attacks (revoked users) are feasible Ultimate compromise of storage devices AuthN&AuthZ enforcement

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 19 Step 2.- proposed mechanisms Integrity mechanisms Real-time User validation Store per-file Crypto-key Fragment at Storage Elements Fragment at Storage Elements Encrypt at Disk-Level Encrypt at Disk-Level

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 20 Conclusions (1) eHealth systems are bringing a citizen-centered Health System. Using public networks for eHealth introduces new vulnerabilities and attackers are resourceful. Keeping patients privacy and overall security is a must. Total Solution: –Legal: Data Protection laws and harmonization. –Technological: R+D already taking place.

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 21 Conclusions (2) And the road ahead: –Storage Elements are the last line of defense, if authorization and authentication fail. –Performance and usability should be balanced with security. –Interoperability is a MUST!

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 22 Thank you for your attention! Questions? Jesus Luna

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.