Abstract
To address today’s major concerns of health service providers regarding security, resilience and data protection when moving on the cloud, we propose an approach to build a trustworthy healthcare platform cloud, based on a trustworthy cloud infrastructure. This paper first highlights the main security and privacy risks of market available commodity clouds, and outlines security and privacy requirements of a trustworthy health platform cloud, on top of which to deploy various health applications, in compliance with EU data protection legislation. Results from the recent EU TClouds project will be described as a possible solution towards trustworthy cloud architecture, based on a federated cloud-of-clouds, while enforcing security, resilience and data protection in various cloud layers for provisioning trustworthy IaaS, PaaS and SaaS healthcare services.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abbadi, I.M., Alawneh, M., Martin, A.: Secure virtual layer management in clouds. In: International Joint Conference of IEEE TrustCom/IEEE ICESS/FCST, pp. 99–110 (2011)
Behl, J., Distler, T., Heisig, F., Kapitza, R., Schunter, M.: Providing Fault-tolerant Execution of Web-service-based Workflows within Clouds. In: Proceedings of the 2nd International Workshop on Cloud Computing Platforms, CloudCP 2012 (2012)
Bessani, A., Abbadi, I.M., Bugiel, S., Cesena, E., Deng, M., Gröne, M., Marnau, N., Nürnberger, S., Pasin, M., Schirmer, N.: Tclouds: Privacy and resilience for internet-scale critical infrastructures. In: Petcu, D., Poletti, J.V. (eds.) European Research Activities in Cloud Computing, ch. 6, pp. 160–186. Cambridge Scholars Publishing (March 2012)
Bessani, A.N., Correia, M.P., Quaresma, B., André, F., Sousa, P.: Depsky: dependable and secure storage in a cloud-of-clouds. In: Proceedings of the Sixth European Conference on Computer Systems, pp. 31–46 (2011)
Bleikertz, S., Bugiel, S., Nagy, Z.A., Nürnberger, S., Kurmus, A., Schunter, M.: Chapter 4 security analysis of openstack, technical requirements and architecture for privacyenhanced and resilient trusted clouds. Technical report, TClouds (2011)
Bleikertz, S., Schunter, M., Probst, C.W., Pendarakis, D., Eriksson, K.: Security audits of multi-tier virtual infrastructures in public infrastructure clouds. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop, CCSW 2010, pp. 93–102. ACM (2010)
Bugiel, S., Nürnberger, S., Pöppelmann, T., Sadeghi, A.-R., Schneider, T.: Amazonia: when elasticity snaps back. In: ACM Conference on Computer and Communications Security, pp. 389–400 (2011)
Cachin, C., Keidar, I., Shraer, A.: Fail-aware untrusted storage. SIAM J. Comput. 40(2), 493–533 (2011)
CSA. Cloud security alliance: Top threats to cloud computing (2010), https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf
Deng, M., Petkovic, M., Nalin, M., Baroni, I.: A home healthcare system in the cloud-addressing security and privacy challenges. In: IEEE International Conference on Cloud Computing, pp. 549–556 (2011)
ENISA. Cloud computing risk assessment (2009), http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment
Griffin, J.L., Jaeger, T., Perez, R., Sailer, R., Van Doorn, L., Caceres, R.: Trusted virtual domains: Toward secure distributed services. In: Proc. of 1st IEEE Workshop on Hot Topics in System Dependability, HotDep (2005)
Heiser, J., Nicolett, M.: Gartner’s assessing the security risks of cloud computing (2008), http://www.gartner.com/DisplayDocument?id=685308
Ma, D., Tsudik, G.: A new approach to secure logging. TOS 5(1) (2009)
Microsoft. Windows azure service disruption update (2012), http://blogs.msdn.com/b/windowsazure/archive/2012/03/01/windows-azure-service-disruption-update.aspx
Nalin, M., Baroni, I., Sanna, A.: E-health drivers and barriers for cloud computing adoption. In: CLOSER 2011, pp. 385–390 (2011)
OpenStack. OpenStack Open Source Cloud Computing Software, http://www.openstack.org/ (retrieved in 2012)
Schneier, B., Kelsey, J.: Secure audit logs to support computer forensics. ACM Trans. Inf. Syst. Secur. 2(2), 159–176 (1999)
Sirrix. High-assurance security kernel protection profile (eal5), according to the common criteria v3.1 r2, 2007, certified by german federal office for information security, bsi (2008)
Vernizzi, D., Cesena, E., Ramunno, G., Smiraglia, P.: Chapter 11 logging, tclouds d2.2.1, preliminary architecture of middleware for adaptive resilience. Technical report, TClouds (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Deng, M., Nalin, M., Petković, M., Baroni, I., Marco, A. (2012). Towards Trustworthy Health Platform Cloud. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2012. Lecture Notes in Computer Science, vol 7482. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32873-2_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-32873-2_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32872-5
Online ISBN: 978-3-642-32873-2
eBook Packages: Computer ScienceComputer Science (R0)