e-Health for Rural Areas in Developing Countries: Lessons from the Sebokeng Experience

We report the experience gained in an e-Health project in the Gauteng province, in South Africa. A Proof-of-Concept of the project has been already installed in 3 clinics in the Sebokeng township. The project is now going to be applied to 300 clinics in the whole province. This extension of the Proof-of-Concept can however give rise to security aws because of the inclusion of rural areas with unreliable Internet connection. We address this problem and propose a safe solution

On Secure Implementation of an IHE XUA-Based Protocol for Authenticating Healthcare Professionals

The importance of the Electronic Health Record (EHR) has been addressed in recent years by governments and institutions.Many large scale projects have been funded with the aim to allow healthcare professionals to consult patients data. Properties such as confidentiality, authentication and authorization are the key for the success for these projects. The Integrating the Healthcare Enterprise (IHE) initiative promotes the coordinated use of established standards for authenticated and secure EHR exchanges among clinics and hospitals. In particular, the IHE integration profile named XUA permits to attest user identities by relying on SAML assertions, i.e. XML documents containing authentication statements. In this paper, we provide a formal model for the secure issuance of such an assertion. We first specify the scenario using the process calculus COWS and then analyse it using the model checker CMC. Our analysis reveals a potential flaw in the XUA profile when using a SAML assertion in an unprotected network. We then suggest a solution for this flaw, and model check and implement this solution to show that it is secure and feasible

A standard-driven communication protocol for disconnected clinics in rural areas

The importance of the Electronic Health Record (EHR), which stores all healthcare-related data belonging to a patient, has been recognized in recent years by governments, institutions, and industry. Initiatives like Integrating the Healthcare Enterprise (IHE) have been developed for the definition of standard methodologies for secure and interoperable EHR exchanges among clinics and hospitals. Using the requisites specified by these initiatives, many large-scale projects have been set up to enable healthcare professionals to handle patients' EHRs. Applications deployed in these settings are often considered safety-critical, thus ensuring such security properties as confidentiality, authentication, and authorization is crucial for their success. In this paper, we propose a communication protocol, based on the IHE specifications, for authenticating healthcare professionals and assuring patients' safety in settings where no network connection is available, such as in rural areas of some developing countries. We define a specific threat model, driven by the experience of use cases covered by international projects, and prove that an intruder cannot cause damages to the safety of patients and their data by performing any of the attacks falling within this threat model. To demonstrate the feasibility and effectiveness of our protocol, we have fully implemented it

Itinerary planner: A mashup case study

The wide adoption of Web Services and the availability of web APIs are transforming the web into a programmatic environment for developing innovative web applications that combine information from various sources to provide a rich user experience. These mashup applications are characterized by rapid development using existing data sources and the use of new technologies such as AJAX, JSON, etc. Developers often focus on delivering rich functionality via the browser environment and pay little attention to the design and maintainability of the applications. In this paper we describe our experience in developing an Itinerary Planner travel application, and discuss the challenges associated with developing mashups. In the conclusion, we briefly discuss the lessons learned in addressing these challenges and how these lessons can be applied to future mashup projects. © 2009 Springer Berlin Heidelberg

A business service selection model for automated web service discovery requirements

Automated web service (WS) discovery, i.e. discovery without human intervention, is a goal of service-oriented computing. So far it is an elusive goal. The weaknesses of UDDI and other partial solutions have been extensively discussed, but little has been articulated concerning the totality of requirements for automated web service discovery. Our work has led to the conclusion that solving automated web service discovery will not be found through solely technical thinking. We argue that the business motivation for web services must be given prominence and so have looked to processes in business for the identification, assessment and selection of business services in order to assess comprehensively the requirements for web service discovery and selection. The paper uses a generic business service selection model as a guide to analyze a comprehensive set of requirements for facilities to support automated web service discovery. The paper presents an overview of recent work on aspects of WS discovery, proposes a business service selection model, considers a range of technical issues against the business model, articulates a full set of requirements, and concludes with comments on a system to support them

Safe abstractions of data encodings in formal security protocol models

When using formal methods, security protocols are usually modeled at a high level of abstraction. In particular, data encoding and decoding transformations are often abstracted away. However, if no assumptions at all are made on the behavior of such transformations, they could trivially lead to security faults, for example leaking secrets or breaking freshness by collapsing nonces into constants. In order to address this issue, this paper formally states sufficient conditions, checkable on sequential code, such that if an abstract protocol model is secure under a Dolev-Yao adversary, then a refined model, which takes into account a wide class of possible implementations of the encoding/decoding operations, is implied to be secure too under the same adversary model. The paper also indicates possible exploitations of this result in the context of methods based on formal model extraction from implementation code and of methods based on automated code generation from formally verified model

A fuzzy outranking approach in risk analysis of web service security

Risk analysis is considered as an important process to identify the known and potential vulnerabilities and threats in the web services security. It is quite difficult for users to collect adequate events to estimate the full vulnerabilities and probability of threats in the Web, due to the rapid change of the malicious attacks and the new computer’s vulnerabilities. In this paper, a fuzzy risk assessment model is developed in order to evaluate the risk of web services in a situation where complete information is not available. The proposed model extends Pseudo-Order Preference Model (POPM) to estimate the imprecise risk based on richness of information and to determine their ranking using a weighted additive rule. A case study of a number of web services is presented in order to test the proposed approach