scholarly journals Improving security in NoSQL document databases through model-driven modernization

2021 ◽  
Author(s):  
Alejandro Maté ◽  
Jesús Peral ◽  
Juan Trujillo ◽  
Carlos Blanco ◽  
Diego García-Saiz ◽  
...  
Keyword(s):  
Information Systems ◽  
Access Control ◽  
Personal Data ◽  
Sensitive Information ◽  
Medical Database ◽  
Security Issue ◽  
Common Component ◽  
Model Driven ◽  
Security Issues ◽  
Modernization Process

AbstractNoSQL technologies have become a common component in many information systems and software applications. These technologies are focused on performance, enabling scalable processing of large volumes of structured and unstructured data. Unfortunately, most developments over NoSQL technologies consider security as an afterthought, putting at risk personal data of individuals and potentially causing severe economic loses as well as reputation crisis. In order to avoid these situations, companies require an approach that introduces security mechanisms into their systems without scrapping already in-place solutions to restart all over again the design process. Therefore, in this paper we propose the first modernization approach for introducing security in NoSQL databases, focusing on access control and thereby improving the security of their associated information systems and applications. Our approach analyzes the existing NoSQL solution of the organization, using a domain ontology to detect sensitive information and creating a conceptual model of the database. Together with this model, a series of security issues related to access control are listed, allowing database designers to identify the security mechanisms that must be incorporated into their existing solution. For each security issue, our approach automatically generates a proposed solution, consisting of a combination of privilege modifications, new roles and views to improve access control. In order to test our approach, we apply our process to a medical database implemented using the popular document-oriented NoSQL database, MongoDB. The great advantages of our approach are that: (1) it takes into account the context of the system thanks to the introduction of domain ontologies, (2) it helps to avoid missing critical access control issues since the analysis is performed automatically, (3) it reduces the effort and costs of the modernization process thanks to the automated steps in the process, (4) it can be used with different NoSQL document-based technologies in a successful way by adjusting the metamodel, and (5) it is lined up with known standards, hence allowing the application of guidelines and best practices.

A security study in Portuguese Public Hospitals - GDPR perspective (Preprint)

2020 ◽  
Author(s):  
Cátia Santos-Pereira
Keyword(s):  
Information Systems ◽  
Identity Management ◽  
Personal Data ◽  
Public Hospitals ◽  
Hospital Environment ◽  
Security Measures ◽  
Eu Member States ◽  
Security Issues ◽  
Management Processes ◽  
Authentication Security

BACKGROUND GDPR was scheduled to be formally adopted in 2016 with EU member states being given two years to implement it (May 2018). Given the sensitive nature of the personal data that healthcare organization process on a 24/7 basis, it is critical that the protection of that data in a hospital environment is given the high priority that data protection legislation (GDPR) requires. OBJECTIVE This study addresses the state of Public Portuguese hospitals regarding GDPR compliance in the moment of GDPR preparation period (2016-2018) before the enforcement in 25 May 2018, and what activities have started since then. The study focuses in three GDPR articles namely 5, 25 and 32, concerning authentication security, identity management processes and audit trail themes. METHODS The study was conducted between 2017 and 2019 in five Portuguese Public Hospitals (each different in complexity). In each hospital, six categories of information systems critical to health institutions were included in the study, trying to cover the main health information systems available and common to hospitals (ADT, EPR, PMS, RIS, LIS and DSS). It was conducted interviews in two phases (before and after GDPR enforcement) with the objective to identify the maturity of information systems of each hospital regarding authentication security, identity management processes and traceability and efforts in progress to avoid security issues. RESULTS A total of 5 hospitals were included in this study and the results of this study highlight the hospitals privacy maturity, in general, the hospitals studied where very far from complying with the security measures selected (before May 2018). Session account lock and password history policy were the poorest issues, and, on the other hand, store encrypted passwords was the best issue. With the enforcement of GDPR these hospitals started a set of initiatives to fill this gap, this is made specifically for means of making the whole process as transparent and trustworthy as possible and trying to avoid the huge fines. CONCLUSIONS We are still very far from having GDPR compliant systems and Institutions efforts are being done. The first step to align an organization with GDPR should be an initial audit of all system. This work collaborates with the initial security audit of the hospitals that belong to this study.

Modeling Access Control in Healthcare Organizations

2011 ◽  
pp. 23-44
Author(s):  
Efstratia Mourtou
Keyword(s):  
Information Security ◽  
Access Control ◽  
Security Policy ◽  
Healthcare Professionals ◽  
Vital Role ◽  
Sensitive Information ◽  
Healthcare Organizations ◽  
Security Issues ◽  
Efficiency And Effectiveness ◽  
The Status

Since Hospital Information Systems (HIS) are designed to support doctors and healthcare professionals in their daily activities, information security plays a vital role in managing access control. Efficiency and effectiveness of information security policy is crucial, especially when dealing with situations that affect the status and life-history of the patient. In addition, the rules and procedures to follow, in order to provide confidentiality of sensitive information, have to focus on management of events on any table of the HIS. On the other hand, control and statement constraints, as well as events and security auditing techniques, play also an important role, due to the heterogeneity of healthcare professionals’ roles, actions and physical locations, as well as to the specific characteristics and needs of the healthcare organizations. This chapter will first explore issues in managing access control and security of healthcare information by reviewing the possible threats and vulnerabilities as well as the basic attributes of the hospital’s security plan. The authors will then present a hierarchical access model that, from a security policy perspective, refers to data ownership and access control issues. The authors conclude the chapter with discussions of upcoming security issues.

Modeling Access Control in Healthcare Organizations

2013 ◽  
pp. 835-856
Author(s):  
Efstratia Mourtou
Keyword(s):  
Information Security ◽  
Access Control ◽  
Security Policy ◽  
Healthcare Professionals ◽  
Vital Role ◽  
Sensitive Information ◽  
Healthcare Organizations ◽  
Security Issues ◽  
Efficiency And Effectiveness ◽  
The Status

Since Hospital Information Systems (HIS) are designed to support doctors and healthcare professionals in their daily activities, information security plays a vital role in managing access control. Efficiency and effectiveness of information security policy is crucial, especially when dealing with situations that affect the status and life-history of the patient. In addition, the rules and procedures to follow, in order to provide confidentiality of sensitive information, have to focus on management of events on any table of the HIS. On the other hand, control and statement constraints, as well as events and security auditing techniques, play also an important role, due to the heterogeneity of healthcare professionals’ roles, actions and physical locations, as well as to the specific characteristics and needs of the healthcare organizations. This chapter will first explore issues in managing access control and security of healthcare information by reviewing the possible threats and vulnerabilities as well as the basic attributes of the hospital’s security plan. The authors will then present a hierarchical access model that, from a security policy perspective, refers to data ownership and access control issues. The authors conclude the chapter with discussions of upcoming security issues.

Security Issues and Challenges in Internet of Things

2017 ◽  
pp. 189-204
Author(s):  
Sudhosil Panda
Keyword(s):  
Information Systems ◽  
Internet Of Things ◽  
Access Control ◽  
Mobile Network ◽  
Security And Privacy ◽  
The Internet ◽  
Everyday Objects ◽  
Security Issues ◽  
Further Development ◽  
The Internet Of Things

The Internet of Things (IoT) aims at connecting a large number of communication and information systems. With the further development of pervasive computing, these systems can be integrated into everyday objects, such as household devices and tools. When complex systems are interconnected, it is complicated to keep track of how secure a system or connection is and to distinguish which devices are connected within the IoT and which devices are not. As to the security, the IoT will be faced with more severe challenges. There are the following reasons: 1) the IoT extends the ‘internet' through the traditional internet, mobile network and sensor network and so on, 2) every ‘thing' will be connected to this ‘internet' and 3) these ‘things' will communicate with each other. Therefore, the new security and privacy problems will arise out of which authentication and access control are the most vital security issues that need to be taken care of. Therefore, we should pay more attention to the issues for confidentiality, authenticity and integrity of data in the IoT.

scholarly journals PaaS Platform Securityenhancement Using Fuzzy and Trust Based Signature

2021 ◽  
Author(s):  
PATHAKAMURI SRINIVAS ◽  
B.V. Ramana Reddy ◽  
A.P. Siva Kumar
Keyword(s):  
Access Control ◽  
Personal Data ◽  
Computing System ◽  
Security Requirements ◽  
Cloud Provider ◽  
Security Measures ◽  
Platform As A Service ◽  
Security Issues ◽  
Security Feature ◽  
Cloud Computing System

Abstract The study of PaaS platform security enhancement has occupied scholars from a number of disciplines, in previous works has so many security issues like Security problems can be a big barrier to cloud computing. System servers require trustworthy security measures to different data domains according to the system servers own operating mechanism. Problem is constructed by filtering out those cloud providers not conforming to high-level security requirements. By including low-level security requirements to be used for filtering the cloud provider space and formulating the optimisation function. To overcome all the above drawbacks our proposed work mainly focused on the security of Platform-as-a-Service (PaaS) as well as the most critical security issues that were documented regarding PaaS infrastructure. This work has two main aspects: First, suitable access control on user personal data, VMs and platform services and Second planning and adapting application deployments based on security requirements. In Fuzzy based access control to information sources is mainly realised by exploiting the CDO security feature. In Security feature code was modified to map the class and packet filter for any specific permission to our own class. If the Identity Provider (IdP) has included public security information on the two main parts in the small token on which Trust based Signature elements are placed, i.e., the whole token or the assertions included, this public key is used to validate the respective signature. The experimental results will show that our proposed method outperforms the traditional methods. Our proposed methodology was implemented in the platform of JAVA.

scholarly journals Ethics Certification of Health Information Professionals

2018 ◽  
Vol 27 (01) ◽  
pp. 037-040 ◽  
Author(s):  
Eike-Henner Kluge ◽  
Paulette Lacroix ◽  
Pekka Ruotsalainen
Keyword(s):  
Health Care ◽  
Information Systems ◽  
Health Information ◽  
Working Group ◽  
Ethical Issues ◽  
Care Delivery ◽  
Health Data ◽  
Sensitive Information ◽  
Security Issue ◽  
Privacy And Security

Objectives: To provide a model for ensuring the ethical acceptability of the provisions that characterize the interjurisdictional use of eHealth, telemedicine, and associated modalities of health care delivery that are currently in place. Methods: Following the approach initiated in their Global Protection of Health Data project within the Security in Health Information Systems (SiHIS) working group of the International Medical Informatics Association (IMIA), the authors analyze and evaluate relevant privacy and security approaches that are intended to stem the erosion of patients' trustworthiness in the handling of their sensitive information by health care and informatics professionals in the international context. Results: The authors found that while the majority of guidelines and ethical codes essentially focus on the role and functioning of the institutions that use EHRs and information technologies, little if any attention has been paid to the qualifications of the health informatics professionals (HIPs) who actualize and operate information systems to deal with or address relevant ethical issues. Conclusion: The apparent failure to address this matter indicates that the ethical qualification of HIPs remains an important security issue and that the Global Protection of Health Data project initiated by the SiHIS working group in 2015 should be expanded to develop into an internationally viable method of certification. An initial model to this effect is sketched and discussed.

Security Issues and Challenges in Internet of Things

2017 ◽  
pp. 369-385
Author(s):  
Sudhosil Panda
Keyword(s):  
Information Systems ◽  
Internet Of Things ◽  
Access Control ◽  
Mobile Network ◽  
Security And Privacy ◽  
The Internet ◽  
Everyday Objects ◽  
Security Issues ◽  
Further Development ◽  
The Internet Of Things

The Internet of Things (IoT) aims at connecting a large number of communication and information systems. With the further development of pervasive computing, these systems can be integrated into everyday objects, such as household devices and tools. When complex systems are interconnected, it is complicated to keep track of how secure a system or connection is and to distinguish which devices are connected within the IoT and which devices are not. As to the security, the IoT will be faced with more severe challenges. There are the following reasons: 1) the IoT extends the ‘internet' through the traditional internet, mobile network and sensor network and so on, 2) every ‘thing' will be connected to this ‘internet' and 3) these ‘things' will communicate with each other. Therefore, the new security and privacy problems will arise out of which authentication and access control are the most vital security issues that need to be taken care of. Therefore, we should pay more attention to the issues for confidentiality, authenticity and integrity of data in the IoT.

Security issues in Mobile Computing

2018 ◽  
Vol 8 (4) ◽  
pp. 13
Author(s):  
Kartik Khurana ◽  
Harpreet Kaur ◽  
Ritu Chauhan ◽  
Shalu Chauhan ◽  
Shaveta Bhatia ◽  
...  
Keyword(s):  
Mobile Computing ◽  
Mobile Devices ◽  
Mobile Communication ◽  
Internet Access ◽  
Mobile Security ◽  
Security Issue ◽  
Security Issues

Now a day’s mobile communication has become a serious business tool for the users. Mobile devices are mainly used for the applications like banking, e-commerce, internet access, entertainment, etc. for communication. This has become common for the user to exchange and transfer the data. However people are still facing problems to use mobile devices because of its security issue. This paper deals with various security issues in mobile computing. It also covers all the basic points which are useful in mobile security issues such as categorisation of security issues, methods or tactics for success in security issues in mobile computing, security frameworks.

Sign in / Sign up

Export Citation Format

Share Document