243,649 research outputs found

    Runtime Analysis with R2U2: A Tool Exhibition Report

    Get PDF
    We present R2U2 (Realizable, Responsive, Unobtrusive Unit), a hardware-supported tool and framework for the continuous monitoring of safety-critical and embedded cyber-physical systems. With the widespread advent of autonomous systems such as Unmanned Aerial Systems (UAS), satellites, rovers, and cars, real-time, on-board decision making requires unobtrusive monitoring of properties for safety, performance, security, and system health. R2U2 models combine past-time and future-time Metric Temporal Logic, “mission time” Linear Temporal Logic, probabilistic reasoning with Bayesian Networks, and model-based prognostics. The R2U2 monitoring engine can be instantiated as a hardware solution, running on an FPGA, or as a software component. The FPGA realization enables R2U2 to monitor complex cyber-physical systems without any overhead or instrumentation of the flight software. In this tool exhibition report, we present R2U2 and demonstrate applications on system runtime monitoring, diagnostics, software health management, and security monitoring for a UAS. Our tool demonstration uses a hardware-based processor-in-the-loop “iron-bird” configuration

    Considerations for introducing a cloud service in health informatics: user experience monitoring of information systems

    Get PDF
    This thesis will show concrete examples about how user experience monitoring will improve security of health information systems, patient safety, efficiency, and ease of use. This thesis will prove how the current EMR systems that are stand alone in nature lack the ability of advanced error monitoring capabilities. As part of this research, I will demonstrate with detailed interviews and data collection surveys how automated user monitoring systems improve data record accuracy consistently. Key terminology to Electronic Medical Records (EMR’s) and the usability of cloud computing software solutions will be defined. EMR’s are the primary software used in hospitals for charting patient information and this research focuses on the summarization of key information to the history of healthcare technologies and their functionalities. Usability testing, cloud computing, and how security and trust are affecting the adoption of cloud-based services will also be discussed in more detail. Along with the importance of market research, how to create buyer personas, and what drives their need to buy. The study was conducted in collaboration with Adusso Ltd. in Helsinki, Finland to gain better understanding about what motivates hospital IT departments to buy and the main issues with EMR systems. In collaboration with Adusso we investigated a use case example of their existing customer Apotti leveraging the user error reduction and cost saving benefits they experienced after deploying Adusso’s UX2play system. We sought answers to these topics using semi-structured interviews and analyzing our customer profiles. We found that UI layout, interoperability, and the number of clicks that nurses spend in the EMR are major issues that most EMR systems have. This implies that companies using EMR’s should implement user monitoring to pinpoint the issues they do have so that they can be fixed and the work of physicians and clinicians can be improved

    Hardening High-Assurance Security Systems with Trusted Computing

    Get PDF
    We are living in the time of the digital revolution in which the world we know changes beyond recognition every decade. The positive aspect is that these changes also drive the progress in quality and availability of digital assets crucial for our societies. To name a few examples, these are broadly available communication channels allowing quick exchange of knowledge over long distances, systems controlling automatic share and distribution of renewable energy in international power grid networks, easily accessible applications for early disease detection enabling self-examination without burdening the health service, or governmental systems assisting citizens to settle official matters without leaving their homes. Unfortunately, however, digitalization also opens opportunities for malicious actors to threaten our societies if they gain control over these assets after successfully exploiting vulnerabilities in the complex computing systems building them. Protecting these systems, which are called high-assurance security systems, is therefore of utmost importance. For decades, humanity has struggled to find methods to protect high-assurance security systems. The advancements in the computing systems security domain led to the popularization of hardware-assisted security techniques, nowadays available in commodity computers, that opened perspectives for building more sophisticated defense mechanisms at lower costs. However, none of these techniques is a silver bullet. Each one targets particular use cases, suffers from limitations, and is vulnerable to specific attacks. I argue that some of these techniques are synergistic and help overcome limitations and mitigate specific attacks when used together. My reasoning is supported by regulations that legally bind high-assurance security systems' owners to provide strong security guarantees. These requirements can be fulfilled with the help of diverse technologies that have been standardized in the last years. In this thesis, I introduce new techniques for hardening high-assurance security systems that execute in remote execution environments, such as public and hybrid clouds. I implemented these techniques as part of a framework that provides technical assurance that high-assurance security systems execute in a specific data center, on top of a trustworthy operating system, in a virtual machine controlled by a trustworthy hypervisor or in strong isolation from other software. I demonstrated the practicality of my approach by leveraging the framework to harden real-world applications, such as machine learning applications in the eHealth domain. The evaluation shows that the framework is practical. It induces low performance overhead (<6%), supports software updates, requires no changes to the legacy application's source code, and can be tailored to individual trust boundaries with the help of security policies. The framework consists of a decentralized monitoring system that offers better scalability than traditional centralized monitoring systems. Each monitored machine runs a piece of code that verifies that the machine's integrity and geolocation conform to the given security policy. This piece of code, which serves as a trusted anchor on that machine, executes inside the trusted execution environment, i.e., Intel SGX, to protect itself from the untrusted host, and uses trusted computing techniques, such as trusted platform module, secure boot, and integrity measurement architecture, to attest to the load-time and runtime integrity of the surrounding operating system running on a bare metal machine or inside a virtual machine. The trusted anchor implements my novel, formally proven protocol, enabling detection of the TPM cuckoo attack. The framework also implements a key distribution protocol that, depending on the individual security requirements, shares cryptographic keys only with high-assurance security systems executing in the predefined security settings, i.e., inside the trusted execution environments or inside the integrity-enforced operating system. Such an approach is particularly appealing in the context of machine learning systems where some algorithms, like the machine learning model training, require temporal access to large computing power. These algorithms can execute inside a dedicated, trusted data center at higher performance because they are not limited by security features required in the shared execution environment. The evaluation of the framework showed that training of a machine learning model using real-world datasets achieved 0.96x native performance execution on the GPU and a speedup of up to 1560x compared to the state-of-the-art SGX-based system. Finally, I tackled the problem of software updates, which makes the operating system's integrity monitoring unreliable due to false positives, i.e., software updates move the updated system to an unknown (untrusted) state that is reported as an integrity violation. I solved this problem by introducing a proxy to a software repository that sanitizes software packages so that they can be safely installed. The sanitization consists of predicting and certifying the future (after the specific updates are installed) operating system's state. The evaluation of this approach showed that it supports 99.76% of the packages available in Alpine Linux main and community repositories. The framework proposed in this thesis is a step forward in verifying and enforcing that high-assurance security systems execute in an environment compliant with regulations. I anticipate that the framework might be further integrated with industry-standard security information and event management tools as well as other security monitoring mechanisms to provide a comprehensive solution hardening high-assurance security systems

    Penetration Testing Tangerang City Web Application With Implementing OWASP Top 10 Web Security Risks Framework

    Get PDF
    The speed of technological development has made it possible for all people to be connected to one another. The creation of web-based information systems that help in all areas, including government, health, and education, is one of the forces behind the development of technology. With these technological advancements, websites are susceptible to cybercrimes that could end in the theft of crucial data. Top 10 Web Application Security Risks is the most effective prevention process for decrease company information leaks. On the website tangerangkota.go.id, the researcher will conduct a test using the Top 10 Web Application Security Risks technique. Top 10 Web Application Security Risks consist of Broken Access Control, Cryptographic Failures, Injection, Insecure Design, Security Misconfiguration, Vulnerable and Outdated Components, Identification and Authentication Failures, Software and Data Integrity Failures, Security Logging and Monitoring Failures, Server-Side Request Forgery. The penetration testing results found on the Tangerang City website which are 4 injections, 2 broken access controls, 1 security misconfiguration

    Biometric behavior authentication exploiting propagation characteristics of wireless channel

    Get PDF
    Massive expansion of wireless body area networks (WBANs) in the field of health monitoring applications has given rise to the generation of huge amount of biomedical data. Ensuring privacy and security of this very personal data serves as a major hurdle in the development of these systems. An effective and energy friendly authentication algorithm is, therefore, a necessary requirement for current WBANs. Conventional authentication algorithms are often implemented on higher levels of the Open System Interconnection model and require advanced software or major hardware upgradation. This paper investigates the implementation of a physical layer security algorithm as an alternative. The algorithm is based on the behavior fingerprint developed using the wireless channel characteristics. The usability of the algorithm is established through experimental results, which show that this authentication method is not only effective, but also very suitable for the energy-, resource-, and interface-limited WBAN medical applications

    Epi Info 2015 annual report

    Get PDF
    In 2015, CDC\ue2\u20ac\u2122s Epi Info\ue2\u201e\ua2 team made major contributions to support the agency\ue2\u20ac\u2122s mission to protect America from health, safety, and security threats, both here at home and abroad. The Epi Info\ue2\u201e\ua2 team provided tools to support outbreak investigations, disease surveillance, monitoring of mass gatherings and data analysis and visualization projects. The team also conducted training sessions for more than 1,000 individuals across the United States and among our international partners.Epi Info\ue2\u201e\ua2 is a public domain suite of interoperable software tools designed for the global community of public healthpractitioners and researchers.It provides for easy construction of data entry forms and databases, a customized data entry experience, and dataanalyses with epidemiologic statistics, maps, and graphs for public health professionals who may lack an informationtechnology background.Epi Info\ue2\u201e\ua2 is used for outbreak investigations; for developing small to mid-sized disease surveillance systems; asanalysis, visualization, and reporting (AVR) components of larger systems; and in continuing education in the scienceof epidemiology and public health analytic methods at schools of public health around the world.Publication date from document properties.2015_annualreport_epiinfo.pd

    Privacy Concerns Related to Data Sharing for European Diabetes Devices

    Get PDF
    Background: Individuals with diabetes rely on medical equipment (eg, continuous glucose monitoring (CGM), hybrid closed-loop systems) and mobile applications to manage their condition, providing valuable data to health care providers. Data sharing from this equipment is regulated via Terms of Service (ToS) and Privacy Policy documents. The introduction of the Medical Devices Regulation (MDR) and In Vitro Diagnostic Medical Devices Regulation (IVDR) in the European Union has established updated rules for medical devices, including software. Objective: This study examines how data sharing is regulated by the ToS and Privacy Policy documents of approved diabetes medical equipment and associated software. It focuses on the equipment approved by the Norwegian Regional Health Authorities. Methods: A document analysis was conducted on the ToS and Privacy Policy documents of diabetes medical equipment and software applications approved in Norway. Results: The analysis identified 11 medical equipment and 12 software applications used for diabetes data transfer and analysis in Norway. Only 3 medical equipment (OmniPod Dash, Accu-Chek Insight, and Accu-Chek Solo) were registered in the European Database on Medical Devices (EUDAMED) database, whereas none of their respective software applications were registered. Compliance with General Data Protection Regulation (GDPR) security requirements varied, with some software relying on adequacy decisions (8/12), whereas others did not (4/12). Conclusions: The study highlights the dominance of non-European Economic Area (EEA) companies in medical device technology development. It also identifies the lack of registration for medical equipment and software in the EUDAMED database, which is currently not mandatory. These findings underscore the need for further attention to ensure regulatory compliance and improve data-sharing practices in the context of diabetes management

    New intelligent network approach for monitoring physiological parameters : the case of Benin

    Get PDF
    Benin health system is facing many challenges as: (i) affordable high-quality health care to a growing population providing need, (ii) patients’ hospitalization time reduction, (iii) and presence time of the nursing staff optimization. Such challenges can be solved by remote monitoring of patients. To achieve this, five steps were followed. 1) Identification of the Wireless Body Area Network (WBAN) systems’ characteristics and the patient physiological parameters’ monitoring. 2) The national Integrated Patient Monitoring Network (RIMP) architecture modeling in a cloud of Technocenters. 3) Cross-analysis between the characteristics and the functional requirements identified. 4) Each Technocenter’s functionality simulation through: a) the design approach choice inspired by the life cycle of V systems; b) functional modeling through SysML Language; c) the communication technology and different architectures of sensor networks choice studying. 5) An estimate of the material resources of the national RIMP according to physiological parameters. A National Integrated Network for Patient Monitoring (RNIMP) remotely, ambulatory or not, was designed for Beninese health system. The implementation of the RNIMP will contribute to improve patients’ care in Benin. The proposed network is supported by a repository that can be used for its implementation, monitoring and evaluation. It is a table of 36 characteristic elements each of which must satisfy 5 requirements relating to: medical application, design factors, safety, performance indicators and materiovigilance

    Security aspects in cloud based condition monitoring of machine tools

    Get PDF
    In the modern competitive environments companies must have rapid production systems that are able to deliver parts that satisfy highest quality standards. Companies have also an increased need for advanced machines equipped with the latest technologies in maintenance to avoid any reduction or interruption of production. Eminent therefore is the need to monitor the health status of the manufacturing equipment in real time and thus try to develop diagnostic technologies for machine tools. This paper lays the foundation for the creation of a safe remote monitoring system for machine tools using a Cloud environment for communication between the customer and the maintenance service company. Cloud technology provides a convenient means for accessing maintenance data anywhere in the world accessible through simple devices such as PC, tablets or smartphones. In this context the safety aspects of a Cloud system for remote monitoring of machine tools becomes crucial and is, thus the focus of this pape
    • …
    corecore