SlideShare une entreprise Scribd logo

MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data of Patients

Marcel Winandy
Marcel Winandy
Technologie
1  sur  17
Télécharger pour lire hors ligne
MediTrust Secure Client Systems for Healthcare IT to Protect Sensitive Data of Patients Biljana Cubaleska, Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Ruhr-University Bochum Ammar Alkassar, Christian Stüble Sirrix AG security technologies Med-e-Tel 2011, The International eHealth, Telemedicine and Health ICT Forum Luxembourg, 6 - 8 April 2011
Simple E-Health Cloud
Advanced E-Health Cloud
Security Problem Areas •  Data Storage and Processing -  Data centers: unauthorized information leakage -  Platform security: vulnerable to malware -  Mobile storage (USB memory sticks) •  Infrastructure Management -  Cryptographic keys, certificates -  Hardware / software components •  Usability and User Experience -  Smartcard PIN (when unconscious?) -  Time consuming
Platform Security (Server) unauthorized access (read/modify)
Platform Security (Client) authorized download unauthorized access (read/modify)
MediTrust: Project Goals •  Secure end-user platform -  Protect medical data from unauthorized access/manipulation -  Secure separation of data of different workflows •  Security infrastructure management -  Secure domains should span over several hardware nodes -  Central and easy management entity •  Usable security solution -  Transparent security protection -  No overhead in the normal workflow
Building Privacy Domains
Technology •  Security infrastructure: Trusted Virtual Domains -  TVD: coalition of trusted execution environments -  Transparent policy enforcement -  Secure communication •  Client platform security: TURAYA.TrustedDesktop -  Security Kernel -  Implements TVD security model on local platforms -  Isolated compartments (virtualization) -  Uses Trusted Computing functionality (TPM)
TVD Architecture TVD  B   TVD  A   TVD   TVD   TVD   Proxy  A   Policy Master  A   VM   VM   Proxy  B   Cred Turaya  Security  Kernel   Hardware   Security   Module   Hardware  
TURAYA.TrustedDesktop Main Security Features: • Full hard-disk encryption • Secure networking • Transparent file encryption • Secure graphical user interface
Secure Networking
Transparent File Encryption
Transparent File Encryption
Transparent File Encryption
Transparent File Encryption !  
Conclusion & Outlook •  Security infrastructure to protect sensitive data •  Based on TVDs and TURAYA.TrustedDesktop •  Field study (late 2011) -  20 users (health professionals) - Analysis of effectiveness and usability •  More information online: MediTrust http://www.rubtrust-meditrust.de Marcel Winandy marcel.winandy@trust.rub.de

Recommandé

PCI-DSS Compliance in the Cloud
PCI-DSS Compliance in the CloudPCI-DSS Compliance in the Cloud
PCI-DSS Compliance in the CloudControlCase
 
Slides for CC & IAAS
Slides for CC & IAASSlides for CC & IAAS
Slides for CC & IAASMekhi Da ‘Quay Daniels
 
S_IOT_Intro.pptx
S_IOT_Intro.pptxS_IOT_Intro.pptx
S_IOT_Intro.pptxrutika12345
 
The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...Ulf Mattsson
 
IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015Eurotech
 
Presentation of my paper in the IEEE Symposium on Computer and Communications...
Presentation of my paper in the IEEE Symposium on Computer and Communications...Presentation of my paper in the IEEE Symposium on Computer and Communications...
Presentation of my paper in the IEEE Symposium on Computer and Communications...Dalton Valadares
 
Information security
Information securityInformation security
Information securityMustahid Ali
 
Cloud computing security infrastructure
Cloud computing security infrastructureCloud computing security infrastructure
Cloud computing security infrastructureIntel IT Center
 

Recommandé

PCI-DSS Compliance in the Cloud
PCI-DSS Compliance in the CloudPCI-DSS Compliance in the Cloud
PCI-DSS Compliance in the CloudControlCase
 
Slides for CC & IAAS
Slides for CC & IAASSlides for CC & IAAS
Slides for CC & IAASMekhi Da ‘Quay Daniels
 
S_IOT_Intro.pptx
S_IOT_Intro.pptxS_IOT_Intro.pptx
S_IOT_Intro.pptxrutika12345
 
The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...The day when 3rd party security providers disappear into cloud bright talk se...
The day when 3rd party security providers disappear into cloud bright talk se...Ulf Mattsson
 
IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015IoT Security in Action - Boston Sept 2015
IoT Security in Action - Boston Sept 2015Eurotech
 
Presentation of my paper in the IEEE Symposium on Computer and Communications...
Presentation of my paper in the IEEE Symposium on Computer and Communications...Presentation of my paper in the IEEE Symposium on Computer and Communications...
Presentation of my paper in the IEEE Symposium on Computer and Communications...Dalton Valadares
 
Information security
Information securityInformation security
Information securityMustahid Ali
 
Cloud computing security infrastructure
Cloud computing security infrastructureCloud computing security infrastructure
Cloud computing security infrastructureIntel IT Center
 
Brochure Imperva Vormetric
Brochure Imperva VormetricBrochure Imperva Vormetric
Brochure Imperva VormetricMichelle Guerrero Montalvo
 
Robust Din-rail Fanless Embedded System with Intel® Atom™ Processor E3815 as ...
Robust Din-rail Fanless Embedded System with Intel® Atom™ Processor E3815 as ...Robust Din-rail Fanless Embedded System with Intel® Atom™ Processor E3815 as ...
Robust Din-rail Fanless Embedded System with Intel® Atom™ Processor E3815 as ...Anil Gadi
 
Security Level 3 (SL3) Capabilities
Security Level 3 (SL3) CapabilitiesSecurity Level 3 (SL3) Capabilities
Security Level 3 (SL3) CapabilitiesNXP MIFARE Team
 
Futurex Slides at ACI Exchange 2013, Boston
Futurex Slides at ACI Exchange 2013, BostonFuturex Slides at ACI Exchange 2013, Boston
Futurex Slides at ACI Exchange 2013, BostonGreg Stone
 
IoT Security Elements
IoT Security ElementsIoT Security Elements
IoT Security ElementsEurotech
 
Futurex Secure Key Injection Solution
Futurex Secure Key Injection SolutionFuturex Secure Key Injection Solution
Futurex Secure Key Injection SolutionGreg Stone
 
Introduction to IOT security
Introduction to IOT securityIntroduction to IOT security
Introduction to IOT securityPriyab Satoshi
 
Tax Preparers Presentation
Tax Preparers PresentationTax Preparers Presentation
Tax Preparers PresentationDoug Landoll
 
Secure Dynamic Messaging Feature
Secure Dynamic Messaging FeatureSecure Dynamic Messaging Feature
Secure Dynamic Messaging FeatureNXP MIFARE Team
 
Internet of things security challenges
Internet of things security challengesInternet of things security challenges
Internet of things security challengesHadi Fadlallah
 
Sect f43
Sect f43Sect f43
Sect f43SelectedPresentations
 
Multilevel
MultilevelMultilevel
MultilevelRee Tu
 
Intro Micro Hardware
Intro Micro HardwareIntro Micro Hardware
Intro Micro HardwareHudson Augusto
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT SystemsSecurity Innovation
 
Proprietary Information
Proprietary InformationProprietary Information
Proprietary Informationhypknight
 
P2PE Solutions From Futurex
P2PE Solutions From FuturexP2PE Solutions From Futurex
P2PE Solutions From FuturexGreg Stone
 
IoT Circuit Threats and Vulnerabilities
IoT Circuit Threats and VulnerabilitiesIoT Circuit Threats and Vulnerabilities
IoT Circuit Threats and Vulnerabilitieswww.securekm.com; Secure Knowledge Management Inc.
 
Security services
Security servicesSecurity services
Security servicesGayan Geethanjana
 
Security Architecture
Security ArchitectureSecurity Architecture
Security ArchitectureJoben Domingo
 
AET63 product presentation by Advanced Card Systems Ltd.
AET63 product presentation by Advanced Card Systems Ltd.AET63 product presentation by Advanced Card Systems Ltd.
AET63 product presentation by Advanced Card Systems Ltd.Advanced Card Systems Ltd.
 
Applying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysApplying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysMarcel Winandy
 
SafeNet - Data Protection Company
SafeNet - Data Protection CompanySafeNet - Data Protection Company
SafeNet - Data Protection CompanyASBIS SK
 

Contenu connexe

Tendances

Robust Din-rail Fanless Embedded System with Intel® Atom™ Processor E3815 as ...
Robust Din-rail Fanless Embedded System with Intel® Atom™ Processor E3815 as ...Robust Din-rail Fanless Embedded System with Intel® Atom™ Processor E3815 as ...
Robust Din-rail Fanless Embedded System with Intel® Atom™ Processor E3815 as ...Anil Gadi
 
Security Level 3 (SL3) Capabilities
Security Level 3 (SL3) CapabilitiesSecurity Level 3 (SL3) Capabilities
Security Level 3 (SL3) CapabilitiesNXP MIFARE Team
 
Futurex Slides at ACI Exchange 2013, Boston
Futurex Slides at ACI Exchange 2013, BostonFuturex Slides at ACI Exchange 2013, Boston
Futurex Slides at ACI Exchange 2013, BostonGreg Stone
 
IoT Security Elements
IoT Security ElementsIoT Security Elements
IoT Security ElementsEurotech
 
Futurex Secure Key Injection Solution
Futurex Secure Key Injection SolutionFuturex Secure Key Injection Solution
Futurex Secure Key Injection SolutionGreg Stone
 
Introduction to IOT security
Introduction to IOT securityIntroduction to IOT security
Introduction to IOT securityPriyab Satoshi
 
Tax Preparers Presentation
Tax Preparers PresentationTax Preparers Presentation
Tax Preparers PresentationDoug Landoll
 
Secure Dynamic Messaging Feature
Secure Dynamic Messaging FeatureSecure Dynamic Messaging Feature
Secure Dynamic Messaging FeatureNXP MIFARE Team
 
Internet of things security challenges
Internet of things security challengesInternet of things security challenges
Internet of things security challengesHadi Fadlallah
 
Multilevel
MultilevelMultilevel
MultilevelRee Tu
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT SystemsSecurity Innovation
 
Proprietary Information
Proprietary InformationProprietary Information
Proprietary Informationhypknight
 
P2PE Solutions From Futurex
P2PE Solutions From FuturexP2PE Solutions From Futurex
P2PE Solutions From FuturexGreg Stone
 
Security Architecture
Security ArchitectureSecurity Architecture
Security ArchitectureJoben Domingo
 
AET63 product presentation by Advanced Card Systems Ltd.
AET63 product presentation by Advanced Card Systems Ltd.AET63 product presentation by Advanced Card Systems Ltd.
AET63 product presentation by Advanced Card Systems Ltd.Advanced Card Systems Ltd.
 

Tendances (20)

Brochure Imperva Vormetric
Brochure Imperva VormetricBrochure Imperva Vormetric
Brochure Imperva Vormetric
 
Robust Din-rail Fanless Embedded System with Intel® Atom™ Processor E3815 as ...
Robust Din-rail Fanless Embedded System with Intel® Atom™ Processor E3815 as ...Robust Din-rail Fanless Embedded System with Intel® Atom™ Processor E3815 as ...
Robust Din-rail Fanless Embedded System with Intel® Atom™ Processor E3815 as ...
 
Security Level 3 (SL3) Capabilities
Security Level 3 (SL3) CapabilitiesSecurity Level 3 (SL3) Capabilities
Security Level 3 (SL3) Capabilities
 
Futurex Slides at ACI Exchange 2013, Boston
Futurex Slides at ACI Exchange 2013, BostonFuturex Slides at ACI Exchange 2013, Boston
Futurex Slides at ACI Exchange 2013, Boston
 
IoT Security Elements
IoT Security ElementsIoT Security Elements
IoT Security Elements
 
Futurex Secure Key Injection Solution
Futurex Secure Key Injection SolutionFuturex Secure Key Injection Solution
Futurex Secure Key Injection Solution
 
Introduction to IOT security
Introduction to IOT securityIntroduction to IOT security
Introduction to IOT security
 
Tax Preparers Presentation
Tax Preparers PresentationTax Preparers Presentation
Tax Preparers Presentation
 
Secure Dynamic Messaging Feature
Secure Dynamic Messaging FeatureSecure Dynamic Messaging Feature
Secure Dynamic Messaging Feature
 
Internet of things security challenges
Internet of things security challengesInternet of things security challenges
Internet of things security challenges
 
Sect f43
Sect f43Sect f43
Sect f43
 
Multilevel
MultilevelMultilevel
Multilevel
 
Intro Micro Hardware
Intro Micro HardwareIntro Micro Hardware
Intro Micro Hardware
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT Systems
 
Proprietary Information
Proprietary InformationProprietary Information
Proprietary Information
 
P2PE Solutions From Futurex
P2PE Solutions From FuturexP2PE Solutions From Futurex
P2PE Solutions From Futurex
 
IoT Circuit Threats and Vulnerabilities
IoT Circuit Threats and VulnerabilitiesIoT Circuit Threats and Vulnerabilities
IoT Circuit Threats and Vulnerabilities
 
Security services
Security servicesSecurity services
Security services
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
 
AET63 product presentation by Advanced Card Systems Ltd.
AET63 product presentation by Advanced Card Systems Ltd.AET63 product presentation by Advanced Card Systems Ltd.
AET63 product presentation by Advanced Card Systems Ltd.
 

Similaire à MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data of Patients

Applying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysApplying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysMarcel Winandy
 
SafeNet - Data Protection Company
SafeNet - Data Protection CompanySafeNet - Data Protection Company
SafeNet - Data Protection CompanyASBIS SK
 
Using DDS to Secure the Industrial Internet of Things (IIoT)
Using DDS to Secure the Industrial Internet of Things (IIoT)Using DDS to Secure the Industrial Internet of Things (IIoT)
Using DDS to Secure the Industrial Internet of Things (IIoT)Gerardo Pardo-Castellote
 
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho ITJak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho ITMarketingArrowECS_CZ
 
Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Amazon Web Services
 
Hardwar based Security of Systems
Hardwar based Security of SystemsHardwar based Security of Systems
Hardwar based Security of SystemsJamal Jamali
 
[Webinar] Software: The Lifeblood of any Medical Device
[Webinar] Software: The Lifeblood of any Medical Device[Webinar] Software: The Lifeblood of any Medical Device
[Webinar] Software: The Lifeblood of any Medical DeviceICS
 
CertainSafe MicroTokenization Technology Detailed Overview
CertainSafe MicroTokenization Technology Detailed OverviewCertainSafe MicroTokenization Technology Detailed Overview
CertainSafe MicroTokenization Technology Detailed OverviewSteven Russo
 
Come gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLMCome gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLMLuigi Perrone
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityInternap
 
Rivetz - A blockchain smartphone's secret sauce
Rivetz - A blockchain smartphone's secret sauceRivetz - A blockchain smartphone's secret sauce
Rivetz - A blockchain smartphone's secret sauceRivetz
 
Cloud Security Secure Your Infrastructure
Cloud Security Secure Your InfrastructureCloud Security Secure Your Infrastructure
Cloud Security Secure Your Infrastructurexband
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionADVA
 
Secure IOT Gateway
Secure IOT GatewaySecure IOT Gateway
Secure IOT GatewayLF Events
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourleyGovCloud Network
 
3 Telecom+Network Part1
3 Telecom+Network Part13 Telecom+Network Part1
3 Telecom+Network Part1Alfred Ouyang
 
SmartCard Forum 2009 - OpenTrust SCM
SmartCard Forum 2009 - OpenTrust SCMSmartCard Forum 2009 - OpenTrust SCM
SmartCard Forum 2009 - OpenTrust SCMOKsystem
 
Smau Bari 2012 Marco Soldi
Smau Bari 2012 Marco SoldiSmau Bari 2012 Marco Soldi
Smau Bari 2012 Marco SoldiSMAU
 

Similaire à MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data of Patients (20)

Applying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter GatewaysApplying a Security Kernel Framework to Smart Meter Gateways
Applying a Security Kernel Framework to Smart Meter Gateways
 
SafeNet - Data Protection Company
SafeNet - Data Protection CompanySafeNet - Data Protection Company
SafeNet - Data Protection Company
 
Using DDS to Secure the Industrial Internet of Things (IIoT)
Using DDS to Secure the Industrial Internet of Things (IIoT)Using DDS to Secure the Industrial Internet of Things (IIoT)
Using DDS to Secure the Industrial Internet of Things (IIoT)
 
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho ITJak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
 
Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012
 
Hardwar based Security of Systems
Hardwar based Security of SystemsHardwar based Security of Systems
Hardwar based Security of Systems
 
[Webinar] Software: The Lifeblood of any Medical Device
[Webinar] Software: The Lifeblood of any Medical Device[Webinar] Software: The Lifeblood of any Medical Device
[Webinar] Software: The Lifeblood of any Medical Device
 
CertainSafe MicroTokenization Technology Detailed Overview
CertainSafe MicroTokenization Technology Detailed OverviewCertainSafe MicroTokenization Technology Detailed Overview
CertainSafe MicroTokenization Technology Detailed Overview
 
Come gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLMCome gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLM
 
Cyber Security for the Connected Car
Cyber Security for the Connected Car Cyber Security for the Connected Car
Cyber Security for the Connected Car
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. Reality
 
Rivetz - A blockchain smartphone's secret sauce
Rivetz - A blockchain smartphone's secret sauceRivetz - A blockchain smartphone's secret sauce
Rivetz - A blockchain smartphone's secret sauce
 
DDS Secure Intro
DDS Secure IntroDDS Secure Intro
DDS Secure Intro
 
Cloud Security Secure Your Infrastructure
Cloud Security Secure Your InfrastructureCloud Security Secure Your Infrastructure
Cloud Security Secure Your Infrastructure
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryption
 
Secure IOT Gateway
Secure IOT GatewaySecure IOT Gateway
Secure IOT Gateway
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
 
3 Telecom+Network Part1
3 Telecom+Network Part13 Telecom+Network Part1
3 Telecom+Network Part1
 
SmartCard Forum 2009 - OpenTrust SCM
SmartCard Forum 2009 - OpenTrust SCMSmartCard Forum 2009 - OpenTrust SCM
SmartCard Forum 2009 - OpenTrust SCM
 
Smau Bari 2012 Marco Soldi
Smau Bari 2012 Marco SoldiSmau Bari 2012 Marco Soldi
Smau Bari 2012 Marco Soldi
 

Plus de Marcel Winandy

Security Patterns - An Introduction
Security Patterns - An IntroductionSecurity Patterns - An Introduction
Security Patterns - An IntroductionMarcel Winandy
 
Uni-directional Trusted Path: Transaction Confirmation on Just One Device
Uni-directional Trusted Path: Transaction Confirmation on Just One DeviceUni-directional Trusted Path: Transaction Confirmation on Just One Device
Uni-directional Trusted Path: Transaction Confirmation on Just One DeviceMarcel Winandy
 
A Note on the Security in the Card Management System of the German E-Health Card
A Note on the Security in the Card Management System of the German E-Health CardA Note on the Security in the Card Management System of the German E-Health Card
A Note on the Security in the Card Management System of the German E-Health CardMarcel Winandy
 
Securing the E-Health Cloud
Securing the E-Health CloudSecuring the E-Health Cloud
Securing the E-Health CloudMarcel Winandy
 
Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments
Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop EnvironmentsTrusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments
Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop EnvironmentsMarcel Winandy
 
Patterns for Secure Boot and Secure Storage in Computer Systems
Patterns for Secure Boot and Secure Storage in Computer SystemsPatterns for Secure Boot and Secure Storage in Computer Systems
Patterns for Secure Boot and Secure Storage in Computer SystemsMarcel Winandy
 
A Pattern for Secure Graphical User Interface Systems
A Pattern for Secure Graphical User Interface SystemsA Pattern for Secure Graphical User Interface Systems
A Pattern for Secure Graphical User Interface SystemsMarcel Winandy
 
TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication
TruWallet: Trustworthy and Migratable Wallet-Based Web AuthenticationTruWallet: Trustworthy and Migratable Wallet-Based Web Authentication
TruWallet: Trustworthy and Migratable Wallet-Based Web AuthenticationMarcel Winandy
 
Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...
Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...
Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...Marcel Winandy
 
Modeling Trusted Computing Support in a Protection Profile for High Assurance...
Modeling Trusted Computing Support in a Protection Profile for High Assurance...Modeling Trusted Computing Support in a Protection Profile for High Assurance...
Modeling Trusted Computing Support in a Protection Profile for High Assurance...Marcel Winandy
 
Property-Based TPM Virtualization
Property-Based TPM VirtualizationProperty-Based TPM Virtualization
Property-Based TPM VirtualizationMarcel Winandy
 
Compartmented Security for Browsers
Compartmented Security for BrowsersCompartmented Security for Browsers
Compartmented Security for BrowsersMarcel Winandy
 

Plus de Marcel Winandy (12)

Security Patterns - An Introduction
Security Patterns - An IntroductionSecurity Patterns - An Introduction
Security Patterns - An Introduction
 
Uni-directional Trusted Path: Transaction Confirmation on Just One Device
Uni-directional Trusted Path: Transaction Confirmation on Just One DeviceUni-directional Trusted Path: Transaction Confirmation on Just One Device
Uni-directional Trusted Path: Transaction Confirmation on Just One Device
 
A Note on the Security in the Card Management System of the German E-Health Card
A Note on the Security in the Card Management System of the German E-Health CardA Note on the Security in the Card Management System of the German E-Health Card
A Note on the Security in the Card Management System of the German E-Health Card
 
Securing the E-Health Cloud
Securing the E-Health CloudSecuring the E-Health Cloud
Securing the E-Health Cloud
 
Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments
Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop EnvironmentsTrusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments
Trusted Virtual Domains on OpenSolaris: Usable Secure Desktop Environments
 
Patterns for Secure Boot and Secure Storage in Computer Systems
Patterns for Secure Boot and Secure Storage in Computer SystemsPatterns for Secure Boot and Secure Storage in Computer Systems
Patterns for Secure Boot and Secure Storage in Computer Systems
 
A Pattern for Secure Graphical User Interface Systems
A Pattern for Secure Graphical User Interface SystemsA Pattern for Secure Graphical User Interface Systems
A Pattern for Secure Graphical User Interface Systems
 
TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication
TruWallet: Trustworthy and Migratable Wallet-Based Web AuthenticationTruWallet: Trustworthy and Migratable Wallet-Based Web Authentication
TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication
 
Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...
Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...
Dynamic Integrity Measurement and Attestation: Towards Defense Against Return...
 
Modeling Trusted Computing Support in a Protection Profile for High Assurance...
Modeling Trusted Computing Support in a Protection Profile for High Assurance...Modeling Trusted Computing Support in a Protection Profile for High Assurance...
Modeling Trusted Computing Support in a Protection Profile for High Assurance...
 
Property-Based TPM Virtualization
Property-Based TPM VirtualizationProperty-Based TPM Virtualization
Property-Based TPM Virtualization
 
Compartmented Security for Browsers
Compartmented Security for BrowsersCompartmented Security for Browsers
Compartmented Security for Browsers
 

Dernier

Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 

Dernier (20)

Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 

MediTrust: Secure Client Systems for Healthcare IT to Protect Sensitive Data of Patients

  • 1. MediTrust Secure Client Systems for Healthcare IT to Protect Sensitive Data of Patients Biljana Cubaleska, Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Ruhr-University Bochum Ammar Alkassar, Christian Stüble Sirrix AG security technologies Med-e-Tel 2011, The International eHealth, Telemedicine and Health ICT Forum Luxembourg, 6 - 8 April 2011
  • 4. Security Problem Areas •  Data Storage and Processing -  Data centers: unauthorized information leakage -  Platform security: vulnerable to malware -  Mobile storage (USB memory sticks) •  Infrastructure Management -  Cryptographic keys, certificates -  Hardware / software components •  Usability and User Experience -  Smartcard PIN (when unconscious?) -  Time consuming
  • 5. Platform Security (Server) unauthorized access (read/modify)
  • 6. Platform Security (Client) authorized download unauthorized access (read/modify)
  • 7. MediTrust: Project Goals •  Secure end-user platform -  Protect medical data from unauthorized access/manipulation -  Secure separation of data of different workflows •  Security infrastructure management -  Secure domains should span over several hardware nodes -  Central and easy management entity •  Usable security solution -  Transparent security protection -  No overhead in the normal workflow
  • 9. Technology •  Security infrastructure: Trusted Virtual Domains -  TVD: coalition of trusted execution environments -  Transparent policy enforcement -  Secure communication •  Client platform security: TURAYA.TrustedDesktop -  Security Kernel -  Implements TVD security model on local platforms -  Isolated compartments (virtualization) -  Uses Trusted Computing functionality (TPM)
  • 10. TVD Architecture TVD  B   TVD  A   TVD   TVD   TVD   Proxy  A   Policy Master  A   VM   VM   Proxy  B   Cred Turaya  Security  Kernel   Hardware   Security   Module   Hardware  
  • 11. TURAYA.TrustedDesktop Main Security Features: • Full hard-disk encryption • Secure networking • Transparent file encryption • Secure graphical user interface
  • 17. Conclusion & Outlook •  Security infrastructure to protect sensitive data •  Based on TVDs and TURAYA.TrustedDesktop •  Field study (late 2011) -  20 users (health professionals) - Analysis of effectiveness and usability •  More information online: MediTrust http://www.rubtrust-meditrust.de Marcel Winandy marcel.winandy@trust.rub.de