Threats identification for the smart Internet of Things in eHealth and adaptive security countermeasures

The Things in the smart Internet of Things (IoT) depend more on self decision making abilities instead of relying on human interventions. In the IoT, static security mechanisms are not well suited to handle all security risks sufficiently. A security mechanism can be considered static if it is developed with fixed security measures whereas an adaptive security mechanism can be considered dynamic if it can continuously monitor, analyse, and reassess a security risk at runtime. Adaptive security mechanisms can be a better choice to secure dynamic and heterogeneous computing systems in the IoT. This paper presents a patient monitoring scenario using the smart IoT and aims at highlighting all important assets, vulnerabilities, and threats that can harm assets and disrupt eHealth systems. We describe adaptive security and introduce a concept of adaptive security countermeasures for the smart IoT in eHealth.

[1]  Li Zhou,et al.  Adaptive trust negotiation and access control , 2005, SACMAT '05.

[2]  Mahsa Emami-Taba,et al.  On the Road to Holistic Decision Making in Adaptive Security , 2013 .

[3]  Gabriele Lenzini,et al.  Context Sensitive Adaptive Authentication , 2007, EuroSSC.

[4]  Wolfgang Leister,et al.  Security Analysis of a Patient Monitoring System for the Internet of Things in eHealth , 2015, eTELEMED 2015.

[5]  Paddy Nixon,et al.  Towards self-protecting ubiquitous systems: monitoring trust-based interactions , 2005, Personal and Ubiquitous Computing.

[6]  David Sinreich,et al.  An architectural blueprint for autonomic computing , 2006 .

[7]  Eila Ovaska,et al.  Comparison of Adaptive Information Security Approaches , 2013 .

[8]  Stefan Poslad,et al.  An Evaluation Framework for Adaptive Security for the IoT in eHealth , 2014 .

[9]  Salim Hariri,et al.  Autonomic Computing: An Overview , 2004, UPP.

[10]  Mohamed Hamdi,et al.  A testbed for adaptive security for IoT in eHealth , 2013, ASPI '13.

[11]  I. Monitor Information Security Management Handbook , 2000 .

[12]  Habtamu Abie Adaptive security and trust management for autonomic message-oriented middleware , 2009, 2009 IEEE 6th International Conference on Mobile Adhoc and Sensor Systems.

[13]  Marc Lacoste,et al.  Applying component-based design to self-protection of ubiquitous systems , 2008, SEPS '08.

[14]  John Bigham,et al.  Self-healing and secure adaptive messaging middleware for business-critical systems , 2010 .

[15]  Habtamu Abie,et al.  Towards Run-Time Verification of Adaptive Security for IoT in eHealth , 2014, ECSAW '14.

[16]  Mohamed Hamdi,et al.  Game-based adaptive security in the Internet of Things for eHealth , 2014, 2014 IEEE International Conference on Communications (ICC).

[17]  Stacy J. Prowell,et al.  Position Statement: Methodology to Support Dependable Survivable Cyber-Secure Infrastructures , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[18]  Martín Barrère,et al.  Vulnerability Assessment in Autonomic Networks and Services: A Survey , 2014, IEEE Communications Surveys & Tutorials.

[19]  Guangzhi Qu,et al.  Self-Protection against Attacks in an Autonomic Computing Environment , 2009, Int. J. Comput. Their Appl..

[20]  Ladan Tahvildari,et al.  Self-adaptive software: Landscape and research challenges , 2009, TAAS.

[21]  Harold F. Tipton,et al.  Information security management handbook, Sixth Edition , 2003 .

[22]  Noel De Palma,et al.  Self-protection for Distributed Component-Based Applications , 2006, SSS.

[23]  Ferenc Szidarovszky,et al.  Multi-Level Intrusion Detection System (ML-IDS) , 2008, 2008 International Conference on Autonomic Computing.

[24]  Sam Malek,et al.  A Systematic Survey of Self-Protecting Software Systems , 2014, ACM Trans. Auton. Adapt. Syst..

[25]  Karl N. Levitt,et al.  Intrusion Detection Inter-component Adaptive Negotiation , 1999, Recent Advances in Intrusion Detection.

[26]  Miguel Castro,et al.  Vigilante: end-to-end containment of internet worms , 2005, SOSP '05.

[27]  Franco Zambonelli,et al.  A survey of autonomic communications , 2006, TAAS.

[28]  Habtamu Abie,et al.  Metrics-driven security objective decomposition for an e-health application with adaptive security management , 2013, ASPI '13.

[29]  Wonil Kim,et al.  Autonomic Protection System Using Adaptive Security Policy , 2004, ICCSA.