Uma proposta de infraestrutura com segurança para PACS em nuvem através de identidade federada

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico, Programa de Pós-Graduação em Ciência da Computação, Florianópolis, 2013.Clínicas e hospitais vêm adquirindo cada vez mais recursos tecnológicos que auxiliam em um diagnóstico mais rápido e preciso, a fim de torná-lo mais dinâmico e eficaz. Isso vem fazendo com que entidades de saúde busquem equipamentos mais modernos e com recursos tecnológicos avançados. Os exames chegam aos médicos com muitas informações processadas em diferentes softwares e hardwares. Com o elevado número de informações contidas no exame, aumenta-se o tamanho e a quantidade de imagens presentes no exame do paciente. Com o passar do tempo, o volume de imagens cresce exponencialmente, saturando a capacidade de retenção de informações contidas nos dispositivos de armazenamento. A aquisição de novos hardwares para suportar tamanho acúmulo de informações tem-se mostrado um problema grave nestas instituições. Os sistemas PACS (Picture Archive and Communications System) podem adquirir, transmitir, armazenar e exibir informações de imagens médicas. O dcm4chee é um projeto de código aberto muito usado por provedores de sistemas de saúde, projetos de pesquisa e aplicações comerciais que fornece um conjunto de aplicações e bibliotecas usadas para implementar sistemas PACS. Normalmente, os sistemas PACS desenvolvidos são executados localmente em cada uma das instituições, nos seus servidores locais. Os médicos devem se cadastrar localmente em cada sistema PACS de cada uma das instituições de saúde nas quais exerçam sua profissão, para poder ter acesso às imagens médicas. Este trabalho propõe a implantação de sistemas PACS em ambientes de nuvem usando identidades federadas. Ambientes de nuvem auxiliam na eficiência do armazenamento de imagens médicas, possibilitando o acesso ao exame/laudo do paciente a partir de qualquer localidade, sendo independente a plataforma utilizada para o acesso. O acesso aos exames na nuvem é garantido e seguro através do conceito de federação que garante a confiança e segurança entre as partes. Foi desenvolvida a integração do sistema Shibboleth, que provê identidades federadas, com o sistema dcm4chee. Esta integração demonstra a utilização de PACS em nuvem através de identidades federadas.Abstract : Clinics and hospitals are acquiring increasingly technological resources that improve the diagnosis, turning it quicker, more accurate and effective. This way, the exams come to doctors with information that is processed on different software and hardware across the datacenter. With the large number of information required to make an exam, increases the size and number of images present on the examination file of the patient. The volume of images grows exponentially out of the storage devices. Then, the acquisition of new hardware to support increase on information has been a serious problem in these institutions. The PACS (Picture Archive and Communications System) may acquire, transmit, store and display information from medical images. The dcm4chee is an open source project used by providers of health systems, research projects and commercial applications that provides a set of applications and libraries used to implement PACS. Normally, developed systems PACS run locally in each of the institutions on local servers. Doctors must register locally on each system PACS of each health institutions in which they exercise their profession in order to have access to medical images. This paper proposes the implementation of PACS systems on cloud environments using federated identities. Cloud environments assist the efficient storage of medical images, enabling access to the report of the patient from any location, anywhere at any time. It was extended the dcm4chee application to integrate with the Shibboleth System, which provides federated identity. This integration demonstrates the use of cloud based PACS through the federated identity. This way the is secured and safe through the concept of federation that ensures trust and confidence between the involved parties

Mobile agents and their ontology serving a Federated Identity Platform

ISBN: 978-0-7695-3551-7Like the Web services, federated identity wins gradually businesses. The creation of an infrastructure of federated identity is a viable alternative to current systems. For employees or users, a federated identity leads to a better experience of the Internet, a greater level of customization, more security and a real control of this identity. In this work we propose choreography for a platform of federated identity based on mobile agents whose benefits will offer more autonomy and flexibility. The use of agents will be accompanied by a definition of ontology allowing them to rely on a single vocabulary, a structured description to better operate and cooperat

Architektur und Werkzeuge für dynamisches Identitätsmanagement in Föderationen

Federated Identity Management (FIM) hat die Motivation, Identitätsdaten eines Benutzers von einer Heimatorganisation, d. h. Identity Provider (IdP), einem Dienstbetreiber, Service Provider (SP) genannt, bereitzustellen. Dies ermöglicht zum einen die Vermeidung von Redundanzen und Inkonsistenzen und zum anderen kann der Benutzer viele weitere Dienste nutzen, ohne sich zusätzliche Benutzerkonten merken zu müssen. Mit der Security Assertion Markup Language (SAML) und dem Protokoll OpenID Connect haben sich in Wirtschaft und Research & Education (R&E) zwei Standards etabliert. Durch die vermehrte Vernetzung zeigen sich zunehmend die Grenzen der aktuell eingesetzten Architektur. In dieser Arbeit wird zunächst eine umfangreiche Anforderungsanalyse anhand verschiedener Szenarien durchgeführt, die unterschiedliche Perspektiven auf die Architektur und ihre Anforderungen ermöglicht. Die Schwerpunkte dieser mehr als 70 strukturierten und gewichteten Anforderungen liegen dabei auf der Automatisierung und der Skalierbarkeit, Vertrauen sowie der Interoperabilität. Zudem sollen organisatorische Randbedingungen wie Sicherheits- und Datenschutzaspekte eingehalten werden. Im Rahmen eines umfassenden, gesamtheitlichen Architekturkonzepts wird anschließend eine Managementplattform für dynamisches Federated Identity Management erarbeitet. Neben der Spezifikation des orchestrierten, technischen Metadatenaustausches, der den bestehenden Ansätzen fehlt, fokussiert diese Arbeit auf die organisatorische Eingliederung hinsichtlich des IT Service Managements. Hierbei liegt der Fokus auf Security Management und Change Management. Zur Kompensation weiterer Defizite bisheriger Ansätze werden zwei zusätzliche Werkzeuge spezifiziert, die auf eine optimierte Interoperabilität bestehender FIM-Systeme sowie die Automatisierung und Skalierbarkeit existierender Abläufe abzielen. Eine Beschreibung der prototypischen Implementierung der Managementplattform und der Werkzeugkonzepte mit einer Diskussion ihrer Skalierbarkeit und die methodische Anwendung auf ein realistisches Szenario runden diese Arbeit ab.Federated Identity Management (FIM) has the motivation to provide identity data of users from their home organisation, also called Identity Provider (IdP), to a Service Provider (SP). This facilitates the prevention of redundancy and inconsistency, while users can re-use their home account for other services, without remembering further user accounts and passwords. The Security Assertion Markup Language (SAML) and the protocol OpenID Connect are two well-known standards within the industry sector and research & education (R&E) environment. Due to the ongoing interconnectedness, the limitations of the current architecture are increasingly revealed. In the first part of the thesis, a profound and comprehensive analysis is presented, in order to illustrate different perspectives on the architecture and the requirements. The focus of the more than seventy structured and weighted requirements in the categories function, non-functional, organizational as well as privacy- and security-specific categories lays in the automation and scalability of the approach as well as trust implications and interoperability. As part of the holistic, integrated architecture conceived in this thesis, a management platform for dynamic FIM has been developed. Besides the precise specification of the orchestrated, technical metadata exchange, special emphasis has been put on the organizational integration concerning the IT service management. Dependencies and effects on the security management and change management have been investigated in detail. To compensate further shortcomings of existing approaches, two new FIM components have been specified, which enhance the interoperability between FIM systems in heterogeneous identity federations, as well as the scalability and automation of existing workflows. The thesis is concluded with a description of the prototypical implementation of the management platform and the tool concepts as well as a discussion on their scalability characteristics and the application of the architecture to a realistic scenario