Uma arquitectura segura e colaborativa para registos de saúde eletrónicos com suporte a mobilidade

Since their early adoption Electronic Health Records (EHR) have been evolving to cope with increasing requirements from institutions, professionals and, more recently, from patients. Citizens became more involved demanding successively more control over their records and an active role on their content. Mobility brought also new requirements, data become scattered over heterogeneous systems and formats, with increasing di culties on data sharing between distinct providers. To cope with these challenges several solutions appeared, mostly based on service level agreements between entities, regions and countries. They usually required de ning complex federated scenarios and left the patient outside the process. More recent approaches, such as personal health records (PHR), enable patient control although raises clinical integrity doubts to other actors, such as physicians. Also, information security risk increase as data travels outside controlled networks and systems. To overcome this, new solutions are needed to facilitate trustable collaboration between the diverse actors and systems. In this thesis we present a solution that enables a secure and open collaboration between all healthcare actors. It is based on a service-oriented architecture that deals with the clinical data using a closed envelope concept. The architecture was modeled with minimal functionality and privileges bearing in mind strong protection of data during transmission, processing and storing. The access control is made through patient policies and authentication uses electronic identi cation cards or similar certi cates, enabling auto-enrollment. All the components require mutual authentication and uses cyphering mechanisms to assure privacy. We also present a threat model to verify, through our solution, if possible threats were mitigated or if further re nement is needed. The proposed solution solves the problem of patient mobility and data dispersion, and empowers citizens to manage and collaborate in their personal healthcare information. It also permits open and secure collaboration, enabling the patient to have richer and up to date records that can foster new ways to generate and use clinical or complementary information.Durante as últimas décadas, os registos de saúde electrónicos (EHR) têm evoluído para se adaptar a novos requisitos. O cidadão tem-se envolvido cada vez mais na prestação dos cuidados médicos, sendo mais pró activo e desejando potenciar a utilização do seu registo. A mobilidade do cidadão trouxe mais desafios, a existência de dados dispersos, heterogeneidade de sistemas e formatos e grande dificuldade de partilha e comunicação entre os prestadores de serviços. Para responder a estes requisitos, diversas soluções apareceram, maioritariamente baseadas em acordos entre instituições, regiões e países. Estas abordagens são usualmente assentes em cenários federativos muito complexos e fora do controlo do paciente. Abordagens mais recentes, como os registos pessoais de saúde (PHR), permitem o controlo do paciente, mas levantam dúvidas da integridade clinica da informação aos profissionais clínicos. Neste cenário os dados saem de redes e sistemas controlados, aumentando o risco de segurança da informação. Assim sendo, são necessárias novas soluções que permitam uma colaboração confiável entre os diversos actores e sistemas. Esta tese apresenta uma solução que permite a colaboração aberta e segura entre todos os actores envolvidos nos cuidados de saúde. Baseia-se numa arquitectura orientada ao serviço, que lida com a informação clínica usando o conceito de envelope fechado. Foi modelada recorrendo aos princípios de funcionalidade e privilégios mínimos, com o propósito de fornecer protecção dos dados durante a transmissão, processamento e armazenamento. O controlo de acesso é estabelecido por políticas definidas pelo paciente. Cartões de identificação electrónicos, ou certificados similares são utilizados para a autenticação, permitindo uma inscrição automática. Todos os componentes requerem autenticação mútua e fazem uso de algoritmos de cifragem para garantir a privacidade dos dados. Apresenta-se também um modelo de ameaça para a arquitectura, por forma a analisar se as ameaças possíveis foram mitigadas ou se são necessários mais refinamentos. A solução proposta resolve o problema da mobilidade do paciente e a dispersão de dados, capacitando o cidadão a gerir e a colaborar na criação e manutenção da sua informação de saúde. A arquitectura permite uma colaboração aberta e segura, possibilitando que o paciente tenha registos mais ricos, actualizados e permitindo o surgimento de novas formas de criar e usar informação clínica ou complementar.Programa PROTEC, bolsa SFRH/BD/49765/200

Query log analysis for SQL injection detection

Nowadays, more and more services are dependent on the use of resources hosted on the web. The realization of operations such as access to the account bank, credit card operations, among other operations, is something increasingly common in current times, demonstrating not only human dependence on the internet connection, as well as the need to adapt the web resources to the daily life of society. As a result of this growing dependency, web resources now provide a greater amount of confidential information, making the risk of a cyberattack and information leaking grow considerably. In the web context, one of the most well-known attacks is SQL injection that allows the attacker to exploit, through the injection of malicious queries, access to confidential information. This paper suggests a solution for the detection of SQL injection via web resources, using the analysis of the logs of the executed queries.This work was partially supported by the Norte Portugal Regional Operational Programme(NORTE 2020), under the PORTUGAL 2020 Partnership Agreement, through the European Regional Development Fund (ERDF), within project “CybersSe- CIP” (NORTE-01-0145-FEDER-000044). The authors are grateful to the Foundation for Science and Technology (FCT, Portugal) for financial support through national funds FCT/MCTES (PIDDAC) to CeDRI (UIDB/05757/2020 and UIDP/05757/2020) and SusTEC (LA/P/0007/2021).info:eu-repo/semantics/publishedVersio

An SNMP filesystem in userspace

Modern computer networks are constantly increasing in size and complexity. Despite this, data networks are a critical factor for the success of many organizations. Monitoring their health and operation sta- tus is fundamental, and usually performed through specific network man- agement architectures, developed and standardized in the last decades. On the other hand, file systems have become one of the best well known paradigms of human-computer interaction, and have been around since early days in the personal computer industry. In this paper we propose a file system interface to network management information, allowing users to open, edit and visualize network and systems operation information

New insights from low-temperature thermochronology into the tectonic and geomorphologic evolution of the south-eastern Brazilian highlands and passive margin

The South Atlantic passive margin along the south-eastern Brazilian highlands exhibits a complex landscape, including a northern inselberg area and a southern elevated plateau, separated by the Doce River valley. This landscape is set on the Proterozoic to early Paleozoic rocks of the region that once was the hot core of the Aracuaf orogen, in Ediacaran to Ordovician times. Due to the break-up of Gondwana and consequently the opening of the South Atlantic during the Early Cretaceous, those rocks of the Aracuaf orogen became the basement of a portion of the South Atlantic passive margin and related southeastern Brazilian highlands. Our goal is to provide a new set of constraints on the thermo-tectonic history of this portion of the south-eastern Brazilian margin and related surface processes, and to provide a hypothesis on the geodynamic context since break-up. To this end, we combine the apatite fission track (AFT) and apatite (U-Th)/He (AHe) methods as input for inverse thermal history modelling. All our AFT and AHe central ages are Late Cretaceous to early Paleogene. The AFT ages vary between 62 Ma and 90 Ma, with mean track lengths between 12.2 mu m and 13.6 mu m. AHe ages are found to be equivalent to AFT ages within uncertainty, albeit with the former exhibiting a lesser degree of confidence. We relate this Late Cretaceous-Paleocene basement cooling to uplift with accelerated denudation at this time. Spatial variation of the denudation time can be linked to differential reactivation of the Precambrian structural network and differential erosion due to a complex interplay with the drainage system. We argue that posterior large-scale sedimentation in the offshore basins may be a result of flexural isostasy combined with an expansion of the drainage network. We put forward the combined compression of the Mid-Atlantic ridge and the Peruvian phase of the Andean orogeny, potentially augmented through the thermal weakening of the lower crust by the Trindade thermal anomaly, as a probable cause for the uplift. (C) 2019, China University of Geosciences (Beijing) and Peking University. Production and hosting by Elsevier B.V

Towards a IoT secure smart environment system

Systems that deal with personal data always bring privacy and security issues. And also the balance of these issues, with the need that persons have in interact with spaces in a transparent way, and that those spaces smartly adapt to their preferences. That said, in this project, is proposed a solution to overcome these issues, and don’t compromise the balance between security and personal comfort. Currently IoT systems are in a big security risk. Especially because the developers, are not worried enough about the safety of such systems. However, with the growing trend of such systems and is integration in our everyday lives, this concern will have to increase as they start to appear isolated cases which have harmed the users, both financially and in their safety and welfare. This project, deals with the actual problem of secure an IoT system. Namely using secure techniques to secure a Smart Environment System. This work wants to promote a balanced solution between the need of personal information and the user’s privacy expectations. We propose a solution based on requiring the minimal information possible, together with techniques to anonymize and disassociate the preferences from the users. The proposed security architecture, to one of these IoT systems, wants to avoid any of the presented risks, to the users of this system.info:eu-repo/semantics/publishedVersio

Implementation of big data analytics tool in a higher education Institution

In search of intelligent solutions that could help improve teaching in higher education, we discovered a set of analyzes that had already been discussed and just needed to be implemented. We believe that this reality can be found in several educational institutions, with paper or mini-projects that deal with educational data and can have positive impacts on teaching. Because of this, we designed an architecture that could extract from multiple sources of educational data and support the implementation of some of these projects found. The results show an important tool that can contribute positively to the teaching institution. Effectively, we can highlight that the implementation of a predictive model of students at risk of dropping out will bring a new analytical vision. Also, the system’s practicality will save managers a lot of time in creating analyzes of the state of the institutions, respecting privacy concerns of the manipulated data, supported by a secure development methodology.info:eu-repo/semantics/publishedVersio

Towards a IoT secure smart environment system

Currently IoT systems are in a big security risk. Especially because the developers, are not worried enough about the safety of such systems. However, with the growing trend of such systems and is integration in our everyday lives, this concern will have to increase as they start to appear isolated cases which have harmed the users, both financially and in their safety and welfare. The proposed security architecture, to one of these IoT systems, wants to avoid any of the presented risks, to the users of this system. For future work, we have identified the need to develop solutions that enable communication between the application and the local system, using different communication technologies without user interaction. Some extra work must be done to overcome this constraint, and get a transparent use solution for every user.info:eu-repo/semantics/publishedVersio

An architecture for sharing cyberiIntelligence based on blockchain

Cyber-intelligence sharing can leverage the development and deployment of security plans and teams within organizations, making infrastructures resilient and resistant to cyberattacks. To be efficient, information sharing should be performed in a trusted environment, ensuring both the integrity, privacy and confidentiality and the truthfulness and usefulness of the information. This paper addresses this issue with the development and deployment of an architecture based on blockchain technology. Each participant is granted a reputation level, that is used to assess and verify the information other actors produce. Each actor, then, is given an amount of credit, corresponding to the number and accuracy of the validation. Information is also organized in topics, instantiated in independent ledgers. The architecture was validated with a three organization scenario, for proof-of-concept.info:eu-repo/semantics/publishedVersio

Secure data exchange in Industrial Internet of Things

The use of the Industrial Internet of Things (IoT) is widespread, working as an enabler to implement large, scalable, reliable, and secure industrial environments. Although existing deployments do not meet security standards and have limited resources for each component which leads to several security breaches, such as trust between components, partner factories, or remote-control. These security failures can lead to critical outcomes, from theft of production information to forced production stoppages, accidents, including physical and others. The combination of blockchain-based solutions with IIoT environments is gaining momentum due to their resilience and security properties. However, chain-structured classic blockchain solutions are very resource-intensive and are not suitable for power-constrained IoT devices. To mitigate the mentioned security concerns, a secure architecture is proposed using a structured asynchronous blockchain DAG (Directed Acyclic Graph) that simultaneously provides security and transaction efficiency for the solution. The solution was modelled with special details in the use cases and sequence diagrams. Security concerns were integrated from the start, and a threat model was created using the STRIDE approach to test the security of the proposed solution. As a result, a flexible solution was been developed that significantly reduces the attack vectors in IIoT environments. The proposed architecture is versatile and flexible, is supported by an extensive security assessment, which allows it to be deployed in a variety of customizable industrial environments and scenarios, as well as to include future hardware and software extensions.This work has been supported by FCT – Fundação para a Ciência e Tecnologia within the Project Scope: UIDB/05757/2020.info:eu-repo/semantics/publishedVersio

Security for a multi-agent cyber-physical conveyor system using machine learning

One main foundation of Industry 4.0 is the connectivity of devices and systems using Internet of Things (IoT) technologies, where Cyber-physical systems (CPS) act as the backbone infrastructure based on distributed and decentralized structures. This approach provides significant benefits, namely improved performance, responsiveness and reconfigurability, but also brings some problems in terms of security, as the devices and systems become vulnerable to cyberattacks. This paper describes the implementation of several mechanisms to increase the security in a self-organized cyber-physical conveyor system, based on multi-agent systems (MAS) and build up with different individual modular and intelligent conveyor modules. For this purpose, the JADE-S add-on is used to enforce more security controls, also an Intrusion Detection System (IDS) is created supported by Machine Learning (ML) techniques that analyses the communication between agents, enabling to monitor and analyse the events that occur in the system, extracting signs of intrusions, together they contribute to mitigate cyberattacks.info:eu-repo/semantics/publishedVersio