Towards metrics-driven adaptive security management in e-health IoT applications

E-health applications utilizing IoT (Internet of Things) technologies hold a significant promise: biomedical sensor networks and the appropriate interpretation of the data originating from them enable better self-care of chronic diseases, and thus are potential to imply remarkable savings in national healthcare budgets. However, security is a major concern in these applications due to varying use context, changing threats and the high privacy and confidentiality requirements of healthcare data. Novel adaptive security management solutions, based on security effectiveness, correctness and efficiency evidence, can be used to respond to these needs. We analyze security objectives of E-health IoT applications and their adaptive security decision-making needs, and propose a high-level adaptive security management mechanism based on security metrics to cope with the challenges.

[1]  R. Califf,et al.  Health Insurance Portability and Accountability Act (HIPAA): must there be a trade-off between privacy and quality of health care, or can we advance both? , 2003, Circulation.

[2]  Ilangko Balasingham,et al.  Quality of Service, Adaptation, and Security Provisioning in Wireless Patient Monitoring Systems , 2011 .

[3]  Ashwin Machanavajjhala,et al.  l-Diversity: Privacy Beyond k-Anonymity , 2006, ICDE.

[4]  Debra Herrmann,et al.  Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI , 2007 .

[5]  Andrew Jaquith Security Metrics: Replacing Fear, Uncertainty, and Doubt , 2007 .

[6]  Reijo Savola,et al.  Development of Measurable Security for a Distributed Messaging System , 2010 .

[7]  Kimmo Hätönen,et al.  Utilizing a Risk-Driven Operational Security Assurance Methodology and Measurement Architecture - Experiences from a Case Study , 2012, ICNS 2012.

[8]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[9]  John Bigham,et al.  Self-healing and secure adaptive messaging middleware for business-critical systems , 2010 .

[10]  Pierangela Samarati,et al.  Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression , 1998 .

[11]  Habtamu Abie Adaptive security and trust management for autonomic message-oriented middleware , 2009, 2009 IEEE 6th International Conference on Mobile Adhoc and Sensor Systems.

[12]  Pramod K. Varshney,et al.  QoS Support in Wireless Sensor Networks: A Survey , 2004, International Conference on Wireless Networks.

[13]  Haralambos Mouratidis,et al.  Taxonomy of quality metrics for assessing assurance of security correctness , 2011, Software Quality Journal.