论文信息 - Securing the e-health cloud

Securing the e-health cloud

Modern information technology is increasingly used in healthcare with the goal to improve and enhance medical services and to reduce costs. In this context, the outsourcing of computation and storage resources to general IT providers (cloud computing) has become very appealing. E-health clouds offer new possibilities, such as easy and ubiquitous access to medical data, and opportunities for new business models. However, they also bear new risks and raise challenges with respect to security and privacy aspects. In this paper, we point out several shortcomings of current e-health solutions and standards, particularly they do not address the client platform security, which is a crucial aspect for the overall security of e-health systems. To fill this gap, we present a security architecture for establishing privacy domains in e-health infrastructures. Our solution provides client platform security and appropriately combines this with network security concepts. Moreover, we discuss further open problems and research challenges on security, privacy and usability of e-health cloud systems.

[1] Wei Chen,et al. Developing Electronic Health Records in Taiwan , 2010, IT Professional.

[2] Elske Ammenwerth,et al. From a paper-based transmission of discharge summaries to electronic communication in health care regions , 2006, Int. J. Medical Informatics.

[3] Ahmad-Reza Sadeghi,et al. Trusted virtual domains: Color your network , 2010, Datenschutz und Datensicherheit - DuD.

[4] Jan Marco Leimeister,et al. Open Security Issues in German Healthcare Telematics , 2010, HEALTHINF.

[5] Ren C. Luo,et al. A Resource-Sharing Platform for Trading Biomedical Intellectual Property , 2010, IT Professional.

[6] Ahmad-Reza Sadeghi,et al. Modeling Trusted Computing Support in a Protection Profile for High Assurance Security Kernels , 2009, TRUST.

[7] Stefan Berger,et al. TVDc: managing security in the trusted virtual datacenter , 2008, OPSR.

[8] Helmut Krcmar,et al. Security Analysis of the German Electronic Health Card's Peripheral Parts , 2009, ICEIS.

[9] Ahmad-Reza Sadeghi,et al. Transparent Mobile Storage Protection in Trusted Virtual Domains , 2009, LISA.

[10] Trent Jaeger,et al. Trusted virtual domains: toward secure distributed services , 2005 .

[11] Chris I. Dalton,et al. Towards automated security policy enforcement in multi-tenant virtual data centers , 2010, J. Comput. Secur..

[12] Roger Frost,et al. International Organization for Standardization (ISO) , 2004 .

[13] Ahmad-Reza Sadeghi,et al. Trusted Virtual Domains - Design, Implementation and Lessons Learned , 2009, INTRUST.

[14] Ahmad-Reza Sadeghi,et al. Beyond secure channels , 2007, STC '07.

[15] Scott A. Rotondo. Trusted Computing Group , 2011, Encyclopedia of Cryptography and Security.

[16] Bernhard Jansen,et al. Trusted Virtual Domains: Secure Foundations for Business and IT Services , 2005 .

[17] Ahmad-Reza Sadeghi,et al. Patterns for Secure Boot and Secure Storage in Computer Systems , 2010, 2010 International Conference on Availability, Reliability and Security.

[18] Ahmad-Reza Sadeghi,et al. Trusted Privacy Domains - Challenges for Trusted Computing in Privacy-Protecting Information Sharing , 2009, ISPEC.

[19] Jochen Liedtke,et al. On micro-kernel construction , 1995, SOSP.