Metrics-driven security objective decomposition for an e-health application with adaptive security management

Emerging E-health applications utilizing IoT (Internet of Things) solutions should be sufficiently secure and robust. Adaptive security management techniques enable maintenance of sufficient security level during changing context, threats and usage scenarios. Systematic adaptive security management is based on security metrics. We analyze security objective decomposition strategies for an IoT E-health application. These strategies enable development of meaningful security metrics. Adaptive security solutions need security metrics to be able to adapt the relevant security parameters according to contextual and threat changes, which are typical for patient-centric IoT solutions used in various environments. In order to achieve this we have developed a context-aware Markov game theoretic model for security metrics risk impact assessment to measurably evaluate and validate the run-time adaptivity of IoT security solutions.

[1]  Tansu Alpcan,et al.  Network Security , 2010 .

[2]  Habtamu Abie,et al.  Towards metrics-driven adaptive security management in e-health IoT applications , 2012, BODYNETS.

[3]  Reijo Savola Strategies for security measurement objective decomposition , 2012, 2012 Information Security for South Africa.

[4]  Ilangko Balasingham,et al.  Risk-based adaptive security for smart IoT in eHealth , 2012, BODYNETS.

[5]  Debra Herrmann,et al.  Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI , 2007 .

[6]  R. Califf,et al.  Health Insurance Portability and Accountability Act (HIPAA): must there be a trade-off between privacy and quality of health care, or can we advance both? , 2003, Circulation.

[7]  David P. Kirkman Requirement decomposition and traceability , 2008, Requirements Engineering.

[8]  Erik Blasch,et al.  An Adaptive Markov Game Model for Cyber Threat Intent Inference , 2009 .

[9]  Jr. Louis Anthony Cox,et al.  Game Theory and Risk Analysis , 2009 .

[10]  Chiman Kwan,et al.  An Adaptive Markov Game Model for Threat Intent Inference , 2007, 2007 IEEE Aerospace Conference.

[11]  Reijo Savola,et al.  Development of Measurable Security for a Distributed Messaging System , 2010 .

[12]  Ray A. Perlner,et al.  Electronic Authentication Guideline , 2014 .

[13]  F. Mtenzi,et al.  Security Metrics for e-Healthcare Information Systems: A Domain Specific Metrics Approach , 2010 .

[14]  Andrew Jaquith Security Metrics: Replacing Fear, Uncertainty, and Doubt , 2007 .

[15]  Philip J. Koopman A TAXONOMY OF DECOMPOSITION STRATEGIES BASED ON STRUCTURES, BEHAVIORS, AND GOALS , 1995 .

[16]  Gene Tyler Information Assurance Technology Analysis Center (IATAC) , 2008 .

[17]  Dan Shen,et al.  Adaptive Markov Game Theoretic Data Fusion Approach for Cyber Network Defense , 2007, MILCOM 2007 - IEEE Military Communications Conference.

[18]  Jose B. Cruz,et al.  Game Theoretic Approach to Threat Prediction and Situation Awareness , 2006, 2006 9th International Conference on Information Fusion.

[19]  F. Dressler,et al.  A Comprehensive and Comparative Metric for Information Security , 2005 .

[20]  Lynda L. McGhie,et al.  THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT , 2004 .

[21]  H. D. Rombach,et al.  The Goal Question Metric Approach , 1994 .

[22]  Debra Herrmann,et al.  Complete Guide to Security and Privacy Metrics , 2007 .

[23]  William A. Wulf,et al.  TOWARDS A FRAMEWORK FOR SECURITY MEASUREMENT , 1997 .

[24]  Wayne A. Jansen,et al.  Directions in Security Metrics Research , 2009 .

[25]  Hongsheng Xi,et al.  A Markov Game Theory-Based Risk Assessment Model for Network Information System , 2008, 2008 International Conference on Computer Science and Software Engineering.