research-article

A Security and Privacy Validation Methodology for e-Health Systems

Authors:

Valentina Casola,

Giovanni Cozzolino,

Alessandra De Benedictis,

Nicola Mazzocca,

Francesco MoscatoAuthors Info & Claims

ACM Transactions on Multimedia Computing, Communications, and Applications (TOMM), Volume 17, Issue 2s

Article No.: 67, Pages 1 - 22

https://doi.org/10.1145/3412373

Published: 18 May 2021 Publication History

Abstract

e-Health applications enable one to acquire, process, and share patient medical data to improve diagnosis, treatment, and patient monitoring. Despite the undeniable benefits brought by the digitization of health systems, the transmission of and access to medical information raises critical issues, mainly related to security and privacy. While several security mechanisms exist that can be applied in an e-Health system, they may not be adequate due to the complexity of involved workflows, and to the possible inherent correlation among health-related concepts that may be exploited by unauthorized subjects. In this article, we propose a novel methodology for the validation of security and privacy policies in a complex e-Health system, that leverages a formal description of clinical workflows and a semantically enriched definition of the data model used by the workflows, in order to build a comprehensive model of the system that can be analyzed with automated model checking and ontology-based reasoning techniques. To validate the proposed methodology, we applied it to two case studies, subjected to the directives of the EU GDPR regulation for the protection of health data, and demonstrated its ability to correctly verify the fulfillment of desired policies in different scenarios.

References

[1]

Rajeev Alur, Costas Courcoubetis, and David Dill. 1993. Model-checking in dense real-time. Information and Computation 104, 1 (1993), 2–34.

Digital Library

[2]

Rajeev Alur and David L. Dill. 1994. A theory of timed automata. Theoretical Computer Science 126, 2 (1994), 183–235.

Digital Library

[3]

F. Amato, V. Casola, G. Cozzolino, A. De Benedictis, and F. Moscato. 2019. Exploiting workflow languages and semantics for validation of security policies in IoT composite services. IEEE Internet of Things Journal (2019), 1–1.

[4]

Muhammad Asim, Artsiom Yautsiukhin, Achim D. Brucker, Thar Baker, Qi Shi, and Brett Lempereur. 2018. Security policy monitoring of BPMN-based service compositions. Journal of Software: Evolution and Process 30, 9 (2018), e1944.

[5]

Hasiba Attia, Laid Kahloul, Saber Benharzallah, and Samir Bourekkache. 2019. Using hierarchical timed coloured Petri nets in the formal study of TRBAC security policies. International Journal of Information Security 19 (2020), 163–187.

[6]

David Basin, Felix Klaedtke, Samuel Müller, and Eugen Zălinescu. 2015. Monitoring metric first-order temporal properties. Journal of the ACM 62, 2 (May 2015), Article 15, 45 pages.

Digital Library

[7]

Gerd Behrmann, Alexandre David, and Kim G. Larsen. 2004. A tutorial on UPPAAL. Formal Methods for the Design of Real-time Systems. Springer, 200–236.

[8]

S. Chenthara, K. Ahmed, H. Wang, and F. Whittaker. 2019. Security and privacy-preserving challenges of e-health solutions in cloud computing. IEEE Access 7 (2019), 74361–74382.

[9]

Junho Choi, Chang Choi, SungHwan Kim, and Hoon Ko. 2019. Medical information protection frameworks for smart healthcare based on IoT. In Proceedings of the 9th International Conference on Web Intelligence, Mining and Semantics (WIMS’19). Association for Computing Machinery, New York, NY, Article 29, 5 pages.

Digital Library

[10]

Peter R. Croll. 2011. Determining the privacy policy deficiencies of health ICT applications through semi-formal modelling. International Journal of Medical Informatics 80, 2 (2011), e32–e38. Special Issue: Security in Health Information Systems.

[11]

Salvatore Cuomo, Francesco Maiorano, and Francesco Piccialli. 2018. Remarks of social data mining applications in the Internet of data. In International Conference on Network-Based Information Systems. Springer, 944–951.

[12]

European Commission. [n.d.]. General Data Protection Regulation. Retrieved January 23, 2020 from https://gdpr-info.eu/.

[13]

Bahar Farahani, Mojtaba Barzegari, Fereidoon Shams Aliee, and Khaja Ahmad Shaik. 2020. Towards collaborative intelligent IoT eHealth: From device to fog, and cloud. Microprocessors and Microsystems 72 (2020), 102938.

Digital Library

[14]

Antonios Gouglidis, Ioannis Mavridis, and Vincent C. Hu. 2014. Security policy verification for multi-domains in cloud systems. International Journal of Information Security 13, 2 (April 2014), 97–111.

Digital Library

[15]

Michele Guerriero, Damian Andrew Tamburri, and Elisabetta Di Nitto. 2018. Defining, enforcing and checking privacy policies in data-intensive applications. In Proceedings of the 13th International Conference on Software Engineering for Adaptive and Self-Managing Systems (SEAMS’18). Association for Computing Machinery, New York, NY, 172–182.

Digital Library

[16]

Jigna J. Hathaliya and Sudeep Tanwar. 2020. An exhaustive survey on security and privacy issues in Healthcare 4.0. Computer Communications 153 (2020), 311–335.

Digital Library

[17]

Vincent Hu, D. Kuhn, Tao Xie, and Jeehyun Hwang. 2011. Model checking for verification of mandatory access control models and properties. International Journal of Software Engineering and Knowledge Engineering 21 (Feb. 2011), 103–127.

[18]

V. C. Hu and D. R. Kuhn. 2016. General methods for access control policy verification (application paper). In 2016 IEEE 17th International Conference on Information Reuse and Integration (IRI’16). 315–323.

[19]

Amani Abu Jabal, Maryam Davari, Elisa Bertino, Christian Makaya, Seraphin Calo, Dinesh Verma, Alessandra Russo, and Christopher Williams. 2019. Methods and tools for policy analysis. ACM Computing Surveys 51, 6 (Feb. 2019), Article 121, 35 pages.

Digital Library

[20]

Fakhri Alam Khan, Sadaf Shaheen, Muhammad Asif, Atta Ur Rahman, Muhammad Imran, and Saeed Ur Rehman. 2019. Towards reliable and trustful personal health record systems: A case of cloud-dew architecture based provenance framework. Journal of Ambient Intelligence and Humanized Computing 10, 10 (2019), 3795–3808.

[21]

J. Ma, D. Zhang, G. Xu, and Y. Yang. 2010. Model checking based security policy verification and validation. In Proceedings of the 2010 2nd International Workshop on Intelligent Systems and Applications. 1–4.

[22]

Irfan Mehmood, Zhihan Lv, Yudong Zhang, Kaoru Ota, Muhammad Sajjad, and Amit Kumar Singh. 2019. Mobile cloud-assisted paradigms for management of multimedia big data in healthcare systems: Research challenges and opportunities. International Jouornal of Information Management 45 (2019), 246–249.

[23]

Tom Mens and Pieter Van Gorp. 2006. A taxonomy of model transformation. Electronic Notes in Theoretical Computer Science 152 (2006), 125–142.

Digital Library

[24]

Samrat Mondal, Shamik Sural, and Vijayalakshmi Atluri. 2011. Security analysis of GTRBAC and its variants using model checking. Computer Security 30, 2–3 (March 2011), 128–147.

Digital Library

[25]

Francesco Piccialli and Jason J. Jung. 2018. Data fusion in the internet of data. Concurrency and Computation: Practice and Experience 30, 15 (2018), e4700.

[26]

Rohit Ranchal, Bharat Bhargava, Pelin Angin, and Lotfi Ben Othmane. 2018. Epics: A framework for enforcing security policies in composite web services. IEEE Transactions on Services Computing 12, 3 (2019), 415–428.

[27]

Sriti Thakur, Amit Kumar Singh, Satya Prakash Ghrera, and Mohamed Elhoseny. 2019. Multi-layer security of medical data through watermarking and chaotic encryption for tele-health applications. Multimedia Tools and Applications 78, 3 (Feb. 2019), 3457–3470.

Digital Library

[28]

Wil M. P. Van Der Aalst and Arthur H. M. ter Hofstede. 2012. Workflow patterns put into context. Software & Systems Modeling 11, 3 (2012), 319–323.

Digital Library

Cited By

Shojaei PVlahu-Gjorgievska EChow Y(2024)Security and Privacy of Technologies in Health Information Systems: A Systematic Literature ReviewComputers10.3390/computers1302004113:2(41)Online publication date: 31-Jan-2024
https://doi.org/10.3390/computers13020041
Ali S(2024)A Comprehensive Study on Security and Privacy of E-Health Cloud-Based SystemCybernetics and Control Theory in Systems10.1007/978-3-031-70300-3_1(1-31)Online publication date: 17-Oct-2024
https://doi.org/10.1007/978-3-031-70300-3_1
Muñoz-Saavedra LLuna-Perejón FCivit-Masot JEscobar-Linero E(2023)Perspective Chapter: Internet of Things in Healthcare – New Trends, Challenges and HurdlesInternet of Things - New Trends, Challenges and Hurdles10.5772/intechopen.104946Online publication date: 8-Feb-2023
https://doi.org/10.5772/intechopen.104946
Show More Cited By

Index Terms

A Security and Privacy Validation Methodology for e-Health Systems

Recommendations

Developing an interdisciplinary health informatics security and privacy program (abstract only)
SIGCSE '12: Proceedings of the 43rd ACM technical symposium on Computer Science Education

Health informatics is one of the nation's largest growth industries. With the government's increasing interest in electronic health records and growing investment by healthcare organizations in technology, there is a large demand for a health ...
Privacy policies of personal health records: an evaluation of their effectiveness in protecting patient information
IHI '10: Proceedings of the 1st ACM International Health Informatics Symposium

In recent years, there has been growing demand by patients for access to their own health information via tools like Personal Health Records [1]. The Markle Foundation [2] defines the Personal Health Record (PHR) as an electronic application through ...
Privacy and security in open and trusted health information systems
HIKM '09: Proceedings of the Third Australasian Workshop on Health Informatics and Knowledge Management - Volume 97

The Open and Trusted Health Information Systems (OTHIS) Research Group has formed in response to the health sector's privacy and security requirements for contemporary Health Information Systems (HIS). Due to recent research developments in trusted ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Multimedia Computing, Communications, and Applications

ACM Transactions on Multimedia Computing, Communications, and Applications Volume 17, Issue 2s

June 2021

349 pages

ISSN:1551-6857

EISSN:1551-6865

DOI:10.1145/3465440

Editor:
Alberto Del Bimbo
University of Firenze, Italy

Issue’s Table of Contents

Copyright © 2021 Association for Computing Machinery.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 May 2021

Accepted: 01 July 2020

Revised: 01 June 2020

Received: 01 February 2020

Published in TOMM Volume 17, Issue 2s

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
341
Total Downloads

Downloads (Last 12 months)65
Downloads (Last 6 weeks)8

Reflects downloads up to 15 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Shojaei PVlahu-Gjorgievska EChow Y(2024)Security and Privacy of Technologies in Health Information Systems: A Systematic Literature ReviewComputers10.3390/computers1302004113:2(41)Online publication date: 31-Jan-2024
https://doi.org/10.3390/computers13020041
Ali S(2024)A Comprehensive Study on Security and Privacy of E-Health Cloud-Based SystemCybernetics and Control Theory in Systems10.1007/978-3-031-70300-3_1(1-31)Online publication date: 17-Oct-2024
https://doi.org/10.1007/978-3-031-70300-3_1
Muñoz-Saavedra LLuna-Perejón FCivit-Masot JEscobar-Linero E(2023)Perspective Chapter: Internet of Things in Healthcare – New Trends, Challenges and HurdlesInternet of Things - New Trends, Challenges and Hurdles10.5772/intechopen.104946Online publication date: 8-Feb-2023
https://doi.org/10.5772/intechopen.104946
Peng KLiu PBilal MXu XPrezioso E(2023)Mobility and Privacy-Aware Offloading of AR Applications for Healthcare Cyber-Physical Systems in Edge ComputingIEEE Transactions on Network Science and Engineering10.1109/TNSE.2022.318509210:5(2662-2673)Online publication date: 1-Sep-2023
https://doi.org/10.1109/TNSE.2022.3185092
Alwhishi GBentahar JElwhishi A(2023)Multi-valued Model Checking A Smart Glucose Monitoring System with Trust2023 International Wireless Communications and Mobile Computing (IWCMC)10.1109/IWCMC58020.2023.10183263(1697-1702)Online publication date: 19-Jun-2023
https://doi.org/10.1109/IWCMC58020.2023.10183263
Amato FBalzano WCozzolino G(2022)Design of a Wearable Healthcare Emergency Detection Device for Elder PersonsApplied Sciences10.3390/app1205234512:5(2345)Online publication date: 23-Feb-2022
https://doi.org/10.3390/app12052345
Allocca CJilali SAil RLee JKim BAntonini AMotta ESchellong JStieler LHaleem MGeorga EPecchia LGaeta EFico G(2022)Toward a Symbolic AI Approach to the WHO/ACSM Physical Activity & Sedentary Behavior GuidelinesApplied Sciences10.3390/app1204177612:4(1776)Online publication date: 9-Feb-2022
https://doi.org/10.3390/app12041776
Amato AAmato FBarolli LBonavolontà F(2021)Automatic Measurement of Acquisition for COVID-19 Related InformationAdvances in Intelligent Networking and Collaborative Systems10.1007/978-3-030-84910-8_6(49-58)Online publication date: 7-Aug-2021
https://doi.org/10.1007/978-3-030-84910-8_6
Amato AAmato FAngrisani LBarolli LBonavolontà FNeglia GTamburis O(2021)Artificial Intelligence-Based Early Prediction Techniques in Agri-Tech DomainAdvances in Intelligent Networking and Collaborative Systems10.1007/978-3-030-84910-8_5(42-48)Online publication date: 7-Aug-2021
https://doi.org/10.1007/978-3-030-84910-8_5

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Issue’s Table of Contents