Your browser does not support JavaScript!
http://iet.metastore.ingenta.com
1887

Assessing source code vulnerabilities in a cloud-based system for health systems: OpenNCP

Assessing source code vulnerabilities in a cloud-based system for health systems: OpenNCP

For access to this article, please select a purchase option:

Buy article PDF
$19.95
(plus tax if applicable)
Buy Knowledge Pack
10 articles for $120.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
IET Software — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

Healthcare systems have been improved in order to provide support to cross-border situations where one citizen from one country travels to another country and requires the use of their health records. Several initiatives have been carried out to tackle this problem. This is the case for the OpenNCP which is supported by the European Commission by providing a common network and an infrastructure to connect different national healthcare systems which most of the times are cloud-based systems. The OpenNCP plays a key role in communicating health records among European Union's member states, and therefore it manages sensitive information. Therefore, this study provides a security analysis of this platform and a prototype is developed for identifying secure patterns in source code.

References

    1. 1)
      • 44. Booch, G.: ‘Goodness of fit’, IEEE Softw., 2006, 23, (6), pp. 1415.
    2. 2)
      • 43. Kallel, S., Tramoni, B., Tibermacine, C., et al: ‘Generating reusable, searchable and executable ‘architecture constraints as services’, J. Syst. Softw., 2017, 127, pp. 91108.
    3. 3)
      • 35. Avramidis, A., Kotzanikolaou, P., Douligeris, C., et al: ‘Chord-PKI: a distributed trust infrastructure based on P2P networks’, Comput. Netw., 2012, 56, (1), pp. 378398.
    4. 4)
      • 37. Michiardi, P., Molva, R.: ‘Core: A collaborative reputation mechanism to enforce node cooperation in mobile Ad Hoc networks’, in Jerman-Blažič, B., Klobučar, T. (Eds.): ‘Advanced communications and multimedia security’ (Springer US, Boston, MA, 2002), pp. 107121.
    5. 5)
      • 17. ‘Smart Open Services for European Patients (epSOS)’.
    6. 6)
      • 6. Khan, M.A.: ‘A survey of security issues for cloud computing’, J. Netw. Comput. Appl., 2016, 71, pp. 1129.
    7. 7)
      • 38. Bhuyan, S.S., Kim, H., Oluwaseyi, O., et al:‘Privacy and security issues in mobile health: current research and future directions’, Health. Policy. Technol., 2017, 6, (2), pp. 188191, doi: 10.1016/j.hlpt.2017.01.004.
    8. 8)
      • 23. Trupec, T.P., Ljubi, I., Belani, H.: ‘Sending and retrieving e-prescriptions across Europe: lessons learned’, 6th European Conf. of the Int. Federation for Medical and Biological Engineering, Dubrovnik, Croatia, 2014, vol. 45, pp. 715718.
    9. 9)
      • 5. Ali, M., Khan, S.U., Vasilakos, A.V.: ‘Security in cloud computing: opportunities and challenges’, Inf. Sci., 2015, 305, pp. 357383.
    10. 10)
      • 45. Bafandeh Mayvan, B., Rasoolzadegan, A., Ghavidel Yazdi, Z.: ‘The state of the art on design patterns: a systematic mapping of the literature’, J. Syst. Softw., 2017, 125, pp. 93118.
    11. 11)
      • 42. Rothenhaus, K.J., Michael, J.B., Shing, M.-T.: ‘Architectural patterns and auto-fusion process for automated multisensor fusion in SOA system-of-systems’, IEEE Syst. J., 2009, 3, (3), pp. 304316.
    12. 12)
      • 22. Bourquard, K., Le Gall, F., Cousin, P.: ‘Standards for interoperability in digital health: selection and implementation in an eHealth project’, in Fricker, S.A., Thümmler, C., Gavras, A. (Eds.): ‘Requirements engineering for digital health’ (Springer International Publishing, Cham, 2015), pp. 95115.
    13. 13)
      • 10. Coppolino, L., D'Antonio, S., Mazzeo, G., et al: ‘Cloud security: emerging threats and current solutions’, Comput. Electr. Eng., 2017, 59, pp. 126140.
    14. 14)
      • 9. Mackey, T.: ‘Building open source security into agile application builds’, Netw. Secur., 2018, 2018, (4), pp. 58.
    15. 15)
      • 33. ‘Openehr: An open domain-driven platform for developing flexible e-health systems’.
    16. 16)
      • 28. Werlang, F.C., Custódio, R.F., Vigil, M.A.G.: ‘A user-centric digital signature scheme’, in Katsikas, S., Agudo, I. (Eds.): ‘Public key infrastructures, services and applications’, vol. 8341, (Springer Berlin Heidelberg, Berlin, Heidelberg, 2014), pp. 152169.
    17. 17)
      • 27. Drozdowicz, M., Ganzha, M., Paprzycki, M.: ‘Semantically enriched data access policies in eHealth’, J. Med. Syst., 2016, 40, (11), doi: 10.1007/s10916-016-0581-7.
    18. 18)
      • 11. Colley, J.: ‘Why secure coding is not enough: professionals’ perspective’, in Pohlmann, N., Reimer, H., Schneider, W. (Eds.): ‘ISSE 2009 securing electronic business processes’, (Vieweg+Teubner, Wiesbaden, 2010), pp. 302311.
    19. 19)
      • 1. Li, J., Castiglione, A., Dong, C.: ‘Special issue on security in cloud computing’, J. Netw. Comput. Appl., 2018, 110, pp. 9798.
    20. 20)
      • 2. Amato, F., Moscato, F., Moscato, V., et al: ‘Improving security in cloud by formal modeling of IaaS resources’, Future Gener. Comput. Syst., 2018, 87, pp. 754764.
    21. 21)
      • 40. SANS: ‘CWE/SANS TOP 25 most dangerous software errors’.
    22. 22)
      • 7. Kang, J., Park, J.H.: ‘A secure-coding and vulnerability check system based on smart-fuzzing and exploit’, Neurocomputing, 2017, 256, pp. 2334.
    23. 23)
      • 50. ‘OWASP’, Available at: https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf.
    24. 24)
      • 41. Booch, G.: ‘The well-tempered architecture’, IEEE Softw., 2007, 24, (4), pp. 2425.
    25. 25)
      • 8. Anitha, R., Mukherjee, S.: ‘Data security in cloud for health care applications’, in Jeong, H.Y., Obaidat, M.S., Yen, N.Y., Park, J.J. (Eds.): ‘Advances in computer science and its applications’, vol. 279, (Springer Berlin Heidelberg, Berlin, Heidelberg, 2014), pp. 12011209.
    26. 26)
      • 49. MITRE: ‘Common Weakness Enumeration’, Available at: https://cwe.mitre.org/.
    27. 27)
      • 30. Hu, J., Chen, H.-H., Hou, T.-W.: ‘A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations’, Comput. Stand. Interfaces, 2010, 32, (5–6), pp. 274280.
    28. 28)
      • 3. Abawajy, J., Wang, G., Yang, L.T., et al: ‘Trust, security and privacy in emerging distributed systems’, Future Gener. Comput. Syst., 2016, 55, pp. 224226.
    29. 29)
      • 13. ‘Common vulnerabilities and exposures’, 28 July 2018.
    30. 30)
      • 26. Layouni, M., Verslype, K., Sandıkkaya, M.T., et al: ‘Privacy-preserving telemonitoring for eHealth’, in Gudes, E., Vaidya, J. (Eds.): ‘Data and applications security XXIII’, vol. 5645, (Springer Berlin Heidelberg, Berlin, Heidelberg, 2009), pp. 95110.
    31. 31)
      • 36. Lacey, T.H., Mills, R.F., Mullins, B.E., et al: ‘RIPsec – using reputation-based multilayer security to protect MANETs’, Comput. Secur., 2012, 31, (1), pp. 122136.
    32. 32)
      • 19. Staffa, M., Coppolino, L., Sgaglione, L., et al: ‘KONFIDO: An OpenNCP-Based Secure EHealth Data Exchange System’, in Gelenbe, E., Campegiani, P., Czachórski, T. (Eds): Security in Computer and Information Sciences, (Springer International Publishing, Cham, 2018), 821, pp. 1127, doi: 10.1007/978-3-319-95189-8_2.
    33. 33)
      • 12. European Commission: ‘OpenNCP’.
    34. 34)
      • 32. Moodley, D., Seebregts, C.J., Pillay, A.W., et al: ‘An ontology for regulating eHealth interoperability in developing african countries’, in Gibbons, J., MacCaull, W. (Eds.): ‘Foundations of health information engineering and systems’, vol. 8315, (Springer Berlin Heidelberg, Berlin, Heidelberg, 2014), pp. 107124.
    35. 35)
      • 4. Amoud, M., Roudiès, O.: ‘A systematic review of security in cloud computing’. Proc. of the Second Int. Afro-European Conf. for Industrial Advancement AECIA 2015, Villejuif (Paris-sud), France, 2016, pp. 6981.
    36. 36)
      • 34. Chadwick, D.W., Basden, A.: ‘Evaluating trust in a public key certification authority’, Comput. Secur., 2001, 20, (7), pp. 592611.
    37. 37)
      • 25. Duquenoy, P., Mekawie, N.M., Springett, M.: ‘Patients, trust and ethics in information privacy in eHealth’, in George, C., Whitehouse, D., Duquenoy, P. (Eds.): ‘Ehealth: legal, ethical and governance challenges’ (Springer Berlin Heidelberg, Berlin, Heidelberg, 2013), pp. 275295.
    38. 38)
      • 18. European Commission: ‘eHealth DSI Operations’.
    39. 39)
      • 48. Bertino, E., Deng, R.H., Huang, X., et al: ‘Security and privacy of electronic health information systems’, Int. J. Inf. Secur., 2015, 14, (6), pp. 485486.
    40. 40)
      • 29. He, D.D., Yang, J., Compton, M., et al: ‘Authorization in cross-border eHealth systems’, Inf. Syst. Front., 2012, 14, (1), pp. 4355.
    41. 41)
      • 21. Martino, R., DAntonio, S., Coppolino, L., et al: ‘Security in cross - border medical data interchange: a technical analysis and a discussion of possible improvements’, 2017, pp. 317322.
    42. 42)
      • 39. Mollah, M.B., Azad, M.A.K., Vasilakos, A.: ‘Security and privacy challenges in mobile cloud computing: survey and way ahead’, J. Netw. Comput. Appl., 2017, 84, pp. 3854.
    43. 43)
      • 15. ‘Common Attack Pattern Enumeration and Classification’, 28 July 2018.
    44. 44)
      • 16. Mumtaz, H., Alshayeb, M., Mahmood, S., et al: ‘An empirical study to improve software security through the application of code refactoring’, Inf. Softw. Technol., 2018, 96, pp. 112125.
    45. 45)
      • 14. ‘Common vulnerability scoring system’.
    46. 46)
      • 46. Jackson, M.: ‘Problem frames: analyzing and structuring software development problems’ (Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA).
    47. 47)
      • 24. Adibi, S. (Ed.), ‘Mobile health’, vol. 5., (Springer International Publishing, Cham, 2015).
    48. 48)
      • 31. Beštek, M., Brodnik, A.: ‘Interoperability and mHealth – precondition for successful eCare’, in Adibi, S. (Ed.): ‘Mobile health’, vol. 5, (Springer International Publishing, Cham, 2015), pp. 345374.
    49. 49)
      • 20. Staffa, M., Sgaglione, L., Mazzeo, G., et al: ‘An OpenNCP-Based Solution for Secure EHealth Data Exchange’, J. Netw. Comput. Appl., 2018, 116, pp. 6585, doi: 10.1016/j.jnca.2018.05.012.
    50. 50)
      • 47. Cavalli, E., Mattasoglio, A., Pinciroli, F., et al: ‘Information security concepts and practices: the case of a provincial multi-specialty hospital’, Int. J. Med. Inform., 2004, 73, (3), pp. 297303.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-sen.2018.5294
Loading

Related content

content/journals/10.1049/iet-sen.2018.5294
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
This is a required field
Please enter a valid email address