research-article

Metrics-driven security objective decomposition for an e-health application with adaptive security management

Authors:

Reijo M. Savola and

Habtamu AbieAuthors Info & Claims

ASPI '13: Proceedings of the International Workshop on Adaptive Security

September 2013

Article No.: 6, Pages 1 - 8

https://doi.org/10.1145/2523501.2523507

Published: 08 September 2013 Publication History

Get Access

Abstract

Emerging E-health applications utilizing IoT (Internet of Things) solutions should be sufficiently secure and robust. Adaptive security management techniques enable maintenance of sufficient security level during changing context, threats and usage scenarios. Systematic adaptive security management is based on security metrics. We analyze security objective decomposition strategies for an IoT E-health application. These strategies enable development of meaningful security metrics. Adaptive security solutions need security metrics to be able to adapt the relevant security parameters according to contextual and threat changes, which are typical for patient-centric IoT solutions used in various environments. In order to achieve this we have developed a context-aware Markov game theoretic model for security metrics risk impact assessment to measurably evaluate and validate the run-time adaptivity of IoT security solutions.

References

[1]

Abie, H. and Balasingham, I. 2012. Risk-Based Adaptive Security for Smart IoT in eHealth. In Proc. BODYNETS 2012, Workshop SeTTIT 2012, 269--275.

Digital Library

Google Scholar

[2]

Alpcan, T. and Bacsar, T. 2011. Network Security: A Decision and Game Theoretic Approach, Cambridge University Press.

Digital Library

Google Scholar

[3]

Bartol, N., Bates, B., Goertzel, K. M. and Winograd, T. 2009. Measuring cyber security and information assurance: a state-of-the-art report. Information Assurance Technology Analysis Center (IATAC).

Google Scholar

[4]

Basili, V., Caldiera, G., and Rombach, H. D. 1994. The Goal Question Metric Approach. Marciniak, J. (ed.), Encyclopedia of Software Engineering, Wiley.

Google Scholar

[5]

Burr, W. E. et al. 2011. Electronic Authentication Guideline. NIST Special Publication 800-63-1. National Institute of Standards and Technology.

Google Scholar

[6]

Chen, G., Shen, D., Kwan, C., Cruz, J. B., Kruger, M., and Blasch, E. 2007. Game Theoretic Approach to Threat Prediction and Situation Awareness. Journal of Advances in Information Fusion, 2(1), 35--48

Google Scholar

[7]

Cox, L. A. 2009. Game Theory and Risk Analysis. Risk Analysis, 29(8), 1062--1068. DOI=10.1111/j.1539-6924.2009.01247.x.

Crossref

Google Scholar

[8]

HIPAA. 1996. Health insurance portability and accountability act (HIPAA). U.S. Public Law, 104--191, 1996

Google Scholar

[9]

Herrmann, D. S. 2007. Complete guide to security and privacy metrics -- Measuring regulatory compliance, operational resilience and ROI. Auerbach Publications.

Digital Library

Google Scholar

[10]

ISO/IEC 15408-1:2005. Common Criteria for Information Technology Security Evaluation -- Part 1: Introduction and General Model. International Organization for Standardization and the International Electro Technical Commission.

Google Scholar

[11]

ISO/IEC 27005:2008. Information technology - Security techniques - Information security risk management. International Organization for Standardization and International Electrotechnical Commission.

Google Scholar

[12]

ITSEC. 1991. Information Technology Security Evaluation Criteria (ITSEC), Version 1.2. Commission for the European Communities.

Google Scholar

[13]

Jafari, S., Mtenzi, F., Fitzpatrick, R., and O'Shea, B. 2010. Security metrics for e-healthcare information systems: a domain specific metrics approach. Int. Journal of Digital Society, 1(4), 238--245.

Crossref

Google Scholar

[14]

Jansen, W. 2009. Directions in Security Metrics Research. U.S. National Institute of Standards and Technology, NISTIR 7564.

Google Scholar

[15]

Jaquith, A. 2007. Security metrics: replacing fear, uncertainty and doubt. Addison-Wesley.

Digital Library

Google Scholar

[16]

Kirkman, D. 1998. Requirement Decomposition and Traceability, Requirements Engineering, 3(2), 107--114. DOI=10.1007/BF02919970

Digital Library

Google Scholar

[17]

Koopman, P. 1995. A Taxonomy of Decomposition Strategies based on Structures, Behaviors, and Goals. In Proc. Design Theory & Methodology, 611--618.

Google Scholar

[18]

Leister, W., Abie, H., and Poslad, S. 2012. Defining ASSET Scenarios -- ASSET D6.1 Technical Note: Case study scenarios definition, Version 1. Technical Report DAR/17/12, Norwegian Computing Center.

Google Scholar

[19]

Savola, R., Abie, H., and Sihvonen, M. 2012. Towards metrics-driven adaptive security management in E-health IoT applications. In Proc. BODYNETS 2012, Workshop SeTTIT 2012, 276--281.

Digital Library

Google Scholar

[20]

Savola, R. and Abie, H. 2009. Development of measurable security for a distributed messaging system. Int. Journal on Advances in Security, 2(4), 358--380.

Google Scholar

[21]

Savola, R. Strategies for Security Measurement Objective Decomposition. In Proc. Information Security for South Africa (ISSA), 2012, 1--8.

Google Scholar

[22]

Shen, D., Chen, G., Blasch, E., and Tadda, G. 2007. Adaptive Markov Game Theoretic Data Fusion Approach for Cyber Network Defense. IEEE Military Communications Conference (MILCOM 2007), 1--7. DOI=10.1109/MILCOM.2007.4454758.

Crossref

Google Scholar

[23]

Shen, D., Chen, G., Cruz, J. J. B., Blasch, E., and Pham, K. 2009. An Adaptive Markov Game Model for Cyber Threat Intent Inference. Theory and Novel Applications of Machine Learning, Meng Joo Erand Yi Zhou (Ed.), ISBN: 978-953-7619-55-4, InTech, 317--334. DOI=10.5772/6690.

Crossref

Google Scholar

[24]

Wang, C., and Wulf, W. A. 1997. Towards a framework for security measurement. In Proc 20th National Information Systems Security, 522--533.

Google Scholar

[25]

Weiss, S., Weissmann, O., and Dressler, F. 2010. A comprehensive and comparative metric for information security. In Proc. ICTSM'05, 0--10.

Google Scholar

[26]

Xiaolin, C., Xiaobin, T. Yong, Z., and Hongsheng, X. 2008. A Markov Game Theory-based Risk Assessment Model for Network Information System. In Proc. 2008 International Conference on Computer Science and Software Engineering, 1057--1061. DOI=10.1109/CSSE.2008.949

Digital Library

Google Scholar

Cited By

View all

Kumar VKumar Jha RJain S(2021)ANGUISHTransactions on Emerging Telecommunications Technologies10.1002/ett.398732:6Online publication date: 13-Jun-2021
https://dl.acm.org/doi/10.1002/ett.3987
Iwaya LAhmad ABabar M(2020)Security and Privacy for mHealth and uHealth Systems: A Systematic Mapping StudyIEEE Access10.1109/ACCESS.2020.30159628(150081-150112)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.3015962
Eliash CLazar INissim N(2020)SEC-C-U: The Security of Intensive Care Unit Medical Devices and Their EcosystemsIEEE Access10.1109/ACCESS.2020.29847268(64193-64224)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.2984726
Show More Cited By

Index Terms

Metrics-driven security objective decomposition for an e-health application with adaptive security management
1. Security and privacy
  1. Network security

Recommendations

Towards metrics-driven adaptive security management in e-health IoT applications
BodyNets '12: Proceedings of the 7th International Conference on Body Area Networks

E-health applications utilizing IoT (Internet of Things) technologies hold a significant promise: biomedical sensor networks and the appropriate interpretation of the data originating from them enable better self-care of chronic diseases, and thus are ...
Read More
Applicability of security metrics for adaptive security management in a universal banking hub system
ECSA '10: Proceedings of the Fourth European Conference on Software Architecture: Companion Volume

Banking applications require a high standard of security, resilience and adaptation. The results presented here were obtained from a case study of the deployment of the security metrics-driven adaptive security solutions of a distributed middleware in ...
Read More
Risk-based adaptive security for smart IoT in eHealth
BodyNets '12: Proceedings of the 7th International Conference on Body Area Networks

Emerging Internet of Things (IoTs) technologies provide many benefits to the improvement of eHealth. The successful deployment of IoTs depends on ensuring security and privacy that need to adapt to their processing capabilities and resource use. IoTs ...
Read More

Reviews

Reviewer: Eduardo B. Fernandez

This paper analyzes security objectives (SOs) for an Internet of Things (IoT) eHealth application, which supposedly lead to meaningful security metrics. The metrics in turn are used to adapt security parameters to changes in context and threats. The framework measures the runtime adaptability of an application using a Markov game model. Several tables describe SO decompositions. However, they are not used to derive any specific metric, and are just enumerations. Instead, the paper talks about a framework for context awareness and impact assessment. None of the inputs to the framework are about SOs, so it is not clear how they are used in the framework. Actually, no specific metrics are shown in the paper. Supposedly, these metrics are specifically for IoT eHealth applications, which demands the question: How are they different from general application metrics__?__ The paper is very unclear. The English is awkward, with many grammatical errors and apparently made-up words or typographical errors, such as "SuI." Many acronyms are used without first spelling out their meaning and without explanation. Several sentences refer to other papers by the authors; they will not make much sense if you have not already read those papers. Section 2 talks about security effectiveness, but this term is never defined. The paper implies an underlying security methodology. Does the use of SOs and their specific metrics serve to effectively build or evaluate secure systems__?__ There are secure development methodologies, but I don't see the merits of this approach. Regretfully, I cannot recommend this paper. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Information & Contributors

Information

Published In

ASPI '13: Proceedings of the International Workshop on Adaptive Security

September 2013

54 pages

ISBN:9781450325431

DOI:10.1145/2523501

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 September 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Tekes
Norges Forskningsräd
VTT Technical Research Centre of Finland

Conference

UbiComp '13

Sponsor:

UbiComp '13: The 2013 ACM International Joint Conference on Pervasive and Ubiquitous Computing

September 8 - 12, 2013

Zurich, Switzerland

Upcoming Conference

UBICOMP '24

Sponsor:
sigchi
sigchi

The 2024 ACM International Joint Conference on Pervasive and Ubiquitous Computing

October 5 - 9, 2024

Melbourne , VIC , Australia

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

21
Total Citations
View Citations
723
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Other Metrics

View Author Metrics

Citations

Cited By

View all

Kumar VKumar Jha RJain S(2021)ANGUISHTransactions on Emerging Telecommunications Technologies10.1002/ett.398732:6Online publication date: 13-Jun-2021
https://dl.acm.org/doi/10.1002/ett.3987
Iwaya LAhmad ABabar M(2020)Security and Privacy for mHealth and uHealth Systems: A Systematic Mapping StudyIEEE Access10.1109/ACCESS.2020.30159628(150081-150112)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.3015962
Eliash CLazar INissim N(2020)SEC-C-U: The Security of Intensive Care Unit Medical Devices and Their EcosystemsIEEE Access10.1109/ACCESS.2020.29847268(64193-64224)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.2984726
Verma DBertino Ede Mel GMelrose J(2019)On the Impact of Generative Policies on Security Metrics2019 IEEE International Conference on Smart Computing (SMARTCOMP)10.1109/SMARTCOMP.2019.00037(104-109)Online publication date: Jun-2019
https://doi.org/10.1109/SMARTCOMP.2019.00037
Kang JAdibi S(2018)Systematic Predictive Analysis of Personalized Life Expectancy Using Smart DevicesTechnologies10.3390/technologies60300746:3(74)Online publication date: 10-Aug-2018
https://doi.org/10.3390/technologies6030074
Stojanov RGramatikov SPopovski OTrajanov D(2018)Semantic-Driven Secured Data Access in Distributed IoT Systems2018 26th Telecommunications Forum (TELFOR)10.1109/TELFOR.2018.8611925(420-425)Online publication date: Nov-2018
https://doi.org/10.1109/TELFOR.2018.8611925
Karoui KFtima F(2018)New Engineering Method for the Risk Assessment: Case Study Signal Jamming of the M-Health NetworksMobile Networks and Applications10.1007/s11036-018-1098-8Online publication date: 9-Aug-2018
https://doi.org/10.1007/s11036-018-1098-8
Sen AMadria S(2018)Internet of Things: Current Trends and Emerging ProspectsProceedings of International Symposium on Sensor Networks, Systems and Security10.1007/978-3-319-75683-7_11(147-162)Online publication date: 24-May-2018
https://doi.org/10.1007/978-3-319-75683-7_11
Cook ARobinson MFerrag MMaglaras LHe YJones KJanicke H(2018)Internet of Cloud: Security and Privacy IssuesCloud Computing for Optimization: Foundations, Applications, and Challenges10.1007/978-3-319-73676-1_11(271-301)Online publication date: 27-Feb-2018
https://doi.org/10.1007/978-3-319-73676-1_11
Gebrie MAbie Hde Lemos R(2017)Risk-based adaptive authentication for internet of things in smart home eHealthProceedings of the 11th European Conference on Software Architecture: Companion Proceedings10.1145/3129790.3129801(102-108)Online publication date: 11-Sep-2017
https://dl.acm.org/doi/10.1145/3129790.3129801
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Towards metrics-driven adaptive security management in e-health IoT applications

Applicability of security metrics for adaptive security management in a universal banking hub system

Risk-based adaptive security for smart IoT in eHealth

Reviews

Access critical reviews of Computing literature here

Comments

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Upcoming Conference

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Towards metrics-driven adaptive security management in e-health IoT applications

Applicability of security metrics for adaptive security management in a universal banking hub system

Risk-based adaptive security for smart IoT in eHealth

Reviews

Access critical reviews of Computing literature here

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Get Access

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations