7,775 research outputs found
Medical Cyber-Physical Systems Development: A Forensics-Driven Approach
The synthesis of technology and the medical industry has partly contributed
to the increasing interest in Medical Cyber-Physical Systems (MCPS). While
these systems provide benefits to patients and professionals, they also
introduce new attack vectors for malicious actors (e.g. financially-and/or
criminally-motivated actors). A successful breach involving a MCPS can impact
patient data and system availability. The complexity and operating requirements
of a MCPS complicates digital investigations. Coupling this information with
the potentially vast amounts of information that a MCPS produces and/or has
access to is generating discussions on, not only, how to compromise these
systems but, more importantly, how to investigate these systems. The paper
proposes the integration of forensics principles and concepts into the design
and development of a MCPS to strengthen an organization's investigative
posture. The framework sets the foundation for future research in the
refinement of specific solutions for MCPS investigations.Comment: This is the pre-print version of a paper presented at the 2nd
International Workshop on Security, Privacy, and Trustworthiness in Medical
Cyber-Physical Systems (MedSPT 2017
The future of Cybersecurity in Italy: Strategic focus area
This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management
Recommended from our members
LEVERAGING BLOCKCHAIN TECHNOLOGY FOR SLA ENFORCEMENT IN HEALTH CARE CLOUD PARTNERSHIPS
The healthcare industry is rapidly adopting cloud-based solutions to improve operational efficiency and patient outcomes. However, healthcare cloud partnerships often face challenges related to the lack of scalability, trust, and Service Level Agreement (SLA) enforcement, and has a notable impact on consumer care quality. To address this issue, the study proposed leveraging blockchain technology to enhance SLA enforcement by using smart contracts in health care cloud partnerships for small and medium-sized facilities. The research questions were: Q.1 What are the current challenges facing small to medium sized healthcare facilities in enforcing SLAs in cloud partnerships? Q.2 How can BC-based smart contracts helps enhance scalability in cloud computing systems in healthcare SMEs by enforcing Service Level Agreements (SLAs) in a safe and efficient manner? Q.3 What are the factors that affect the implementation of blockchain-based smart contracts for SLA enforcement in healthcare SMEs cloud partnerships? The project utilized case studies to demonstrate the effectiveness of using BC technology based smart contracts to enhance SLA enforcement and improve patient outcomes. The findings and conclusions were as follows: 1. Current challenges facing healthcare SMEs in enforcing SLAs in cloud partnerships: SMEs may lack bargaining power, resources, and technical expertise to effectively negotiate, monitor, and enforce SLAs in cloud partnerships, leading to service disruptions, compliance issues, and financial losses. 2. BC-based smart contracts can enhance the scalability of cloud computing systems in healthcare SMEs by automating SLA execution, ensuring real-time data integrity, transparency, and accountability, reducing fraud, error, and transaction costs, and enabling decentralized trust among stakeholders. 3. Factors affecting the implementation of BC-based smart contracts to better SLA enforcement in healthcare SMEs cloud partnerships: regulatory uncertainty, interoperability, standardization, privacy, security, cost, complexity, governance, and user adoption, and 4. Unique Trends and challenges in the healthcare industry for its data analysis: increasing demand for real-time, patient-centered, personalized, and evidence-based care, generating and integrating large volumes of diverse and complex data from multiple sources, ensuring data quality, privacy, and security, complying with regulations and standards, and fostering collaboration and innovation across stakeholders. MedRec, SimplyVital Health, and Medical Chain demonstrate how BC provides secure data sharing, encryption and access control mechanisms, and promotes interoperability through standard data formats and protocols. Results showed improved scalability, trust, and SLA enforcement with the use of BC technology. Further research in the other domains of this area is recommended. It is required to address broader aspects related to the topic. The areas for further study that emerged from the findings and conclusions of this project include: 1. interoperability,2. trusted monitoring solutions, 3.user experience, 4. privacy and security,5. med tokens, cost and 6. integration with existing BSS and OSS.
Keywords: Cloud computing, Blockchain technology, SLA enforcement, Smart Contracts, Healthcare cloud, Blockchain-based SLA enforcement, Smart Healthcare, e-healthcare, Scalability
DevOps in an ISO 13485 Regulated Environment: A Multivocal Literature Review
Background: Medical device development projects must follow proper directives
and regulations to be able to market and sell the end-product in their
respective territories. The regulations describe requirements that seem to be
opposite to efficient software development and short time-to-market. As agile
approaches, like DevOps, are becoming more and more popular in software
industry, a discrepancy between these modern methods and traditional regulated
development has been reported. Although examples of successful adoption in this
context exist, the research is sparse. Aims: The objective of this study is
twofold: to review the current state of DevOps adoption in regulated medical
device environment; and to propose a checklist based on that review for
introducing DevOps in that context. Method: A multivocal literature review is
performed and evidence is synthesized from sources published between 2015 to
March of 2020 to capture the opinions of experts and community in this field.
Results: Our findings reveal that adoption of DevOps in a regulated medical
device environment such as ISO 13485 has its challenges, but potential benefits
may outweigh those in areas such as regulatory, compliance, security,
organizational and technical. Conclusion: DevOps for regulated medical device
environments is a highly appealing approach as compared to traditional methods
and could be particularly suited for regulated medical development. However, an
organization must properly anchor a transition to DevOps in top-level
management and be supportive in the initial phase utilizing professional
coaching and space for iterative learning; as such an initiative is a complex
organizational and technical task.Comment: ACM / IEEE International Symposium on Empirical Software Engineering
and Measurement (ESEM '20), October 8--9, 2020, Bari, Ital
The future of social is personal: the potential of the personal data store
This chapter argues that technical architectures that facilitate the longitudinal, decentralised and individual-centric personal collection and curation of data will be an important, but partial, response to the pressing problem of the autonomy of the data subject, and the asymmetry of power between the subject and large scale service providers/data consumers. Towards framing the scope and role of such Personal Data Stores (PDSes), the legalistic notion of personal data is examined, and it is argued that a more inclusive, intuitive notion expresses more accurately what individuals require in order to preserve their autonomy in a data-driven world of large aggregators. Six challenges towards realising the PDS vision are set out: the requirement to store data for long periods; the difficulties of managing data for individuals; the need to reconsider the regulatory basis for third-party access to data; the need to comply with international data handling standards; the need to integrate privacy-enhancing technologies; and the need to future-proof data gathering against the evolution of social norms. The open experimental PDS platform INDX is introduced and described, as a means of beginning to address at least some of these six challenges
The Value of User-Visible Internet Cryptography
Cryptographic mechanisms are used in a wide range of applications, including
email clients, web browsers, document and asset management systems, where
typical users are not cryptography experts. A number of empirical studies have
demonstrated that explicit, user-visible cryptographic mechanisms are not
widely used by non-expert users, and as a result arguments have been made that
cryptographic mechanisms need to be better hidden or embedded in end-user
processes and tools. Other mechanisms, such as HTTPS, have cryptography
built-in and only become visible to the user when a dialogue appears due to a
(potential) problem. This paper surveys deployed and potential technologies in
use, examines the social and legal context of broad classes of users, and from
there, assesses the value and issues for those users
Recommended from our members
Implementing Cloud Computing In Small & Mid-Market Life-Sciences
This paper uses a mixed-method approach to study cloud computing implementation in emerging biotech and pharmaceutical companies. The study investigated four small biotech and pharmaceutical companies. The objective was to determine the positive and negative impacts of cloud computing and the impact of such implementation – especially the business impacts in an increasing global and competitive environment. The unique benefits, drawbacks, and various drivers of cloud implementation in these companies were identified. The research techniques were mixed qualitative methods that included action research, observations, and review of other case studies. The research indicated that small biotech and pharmaceutical companies found cloud computing to be very attractive albeit with some drawbacks. The paper provides a detailed discussion of the rationale in opting for cloud implementation by the emerging life-sciences companies; a comprehensive literature review of cloud implementation; the processes involved during the planning and implementation stages. The paper concludes by providing detailed recommendations on cloud implementation to organizations in the life-sciences domain
EU Privacy seals project: Challenges and Possible Scope of an EU Privacy Seal Scheme. Final Report Study Deliverable 3.4
The objective of this report is focus on the challenges of implementing an effective EU privacy seal and its possible scope. It returns the focus to privacy and data protection, and presents further groundwork to feed into Task 4 of the Study (Proposals and evaluation of options for an EU-wide privacy seals scheme). Where relevant, research results and analyses of Tasks 1 and 2 are used.
First, the report assesses the gaps in current privacy seal sector. Next, it highlights the advantages of, priorities for and possible scope of an EU privacy seal scheme. Eventually, four case studies (CCTV systems, cloud services, smart metering systems and biometric systems) illustrate the possible scope of an EU privacy seal scheme and demonstrate whether an EU privacy seals scheme would bring any added value to privacy and data protection.JRC.G.6-Digital Citizen Securit
Semantic Support for Log Analysis of Safety-Critical Embedded Systems
Testing is a relevant activity for the development life-cycle of Safety
Critical Embedded systems. In particular, much effort is spent for analysis and
classification of test logs from SCADA subsystems, especially when failures
occur. The human expertise is needful to understand the reasons of failures,
for tracing back the errors, as well as to understand which requirements are
affected by errors and which ones will be affected by eventual changes in the
system design. Semantic techniques and full text search are used to support
human experts for the analysis and classification of test logs, in order to
speedup and improve the diagnosis phase. Moreover, retrieval of tests and
requirements, which can be related to the current failure, is supported in
order to allow the discovery of available alternatives and solutions for a
better and faster investigation of the problem.Comment: EDCC-2014, BIG4CIP-2014, Embedded systems, testing, semantic
discovery, ontology, big dat
- …