A Data-Centric Security Analysis Of ICGrid
The Data Grid is becoming a new paradigm for eHealth systems due to its enormous storage potential using decentralized resources managed by different organizations. The storage capabilities in these novel “Health Grids” are quite suitable for the requirements of systems like ICGrid, which captures, stores and manages data and metadata from Intensive Care Units. However, this paradigm depends on a widely distributed storage sites, therefore requiring new security mechanisms, able to avoid potential leaks to cope with modification and destruction of stored data under the presence of external or internal attacks. Particular emphasis must be put on the patient’s personal data, the protection of which is required by legislations in many countries of the European Union and the world in general. Taking into consideration underlying data protection legislations and technological data privacy mechanisms, in this paper we identify the security issues related with ICGrid’s data and metadata after applying an analysis framework extended from our previous research on the Data Grid’s storage services. Then, we present a privacy protocol that demonstrates the use of two basic approaches (encryption and fragmentation) to protect patients’ private data stored using the ICGrid system.
KeywordsData Grid eHealth Intensive Care Grid privacy security analysis
Unable to display preview. Download preview PDF.
- European Parliament. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Communities of 23 November 1995 No L. 281 p. 31., Octuber 1995.Google Scholar
- Jesus Luna et al. An analysis of security services in grid storage systems. In CoreGRID Workshop on Grid Middleware 2007, June 2007.Google Scholar
- K. Gjermundrod, M. Dikaiakos, D. Zeinalipour-Yazti, G. Panayi, and Th. Kyprianou. Icgrid: Enabling intensive care medical research on the EGEE grid. In From Genes to Personalized HealthCare: Grid Solutons for the Life Sciences. Proceedings of HealthGrid 2007, pages 248-257. IOS Press, 2007.Google Scholar
- DL Sackett et al. Evidence-Based Medicine: How to Practice and Teach EBM. Churchill Livingstone, 2nd edition, 2000.Google Scholar
- B.M. Dawant et al. Knowledge-based systems for intelligent patient monitoring and management in critical care environments. In Joseph D. Bronzino, editor, Biomedical Engineering Handbook. CRC Press Ltd, 2000.Google Scholar
- Enabling Grids for E-SciencE project. http://www.eu-egee.org/.
- N. Santos and B. Koblitz. Distributed Metadata with the AMGA Metadata Catalog. In Workshop on Next-Generation Distributed Data Management HPDC-15, June 2006.Google Scholar
- European Health Management Association. Legally eHealth - Deliverable 2. http://www.ehma.org/fileupload/Downloads/Legally eHealth-Del 02-Data Protection- v08(revised after submission).pdf, January 2006. Processing Medical data: data protection, confidentiallity and security.
- Federal Ministry of Health. The Electronic Health Card. http://www.die-gesundheitskarte.de/download/dokumente/broschuere elektronische gesundheitskarte engl. pdf, Octuber 2006. Public Relations Section. Berlin, Germany.
- Von Welch. Globus toolkit version 4 grid security infrastructure: A standards perspec- tive. http://www.globus.org/toolkit/docs/4.0/security/GT4-GSI-Overview.pdf, 2005. The Globus Security Team.
- R. Alfieri, R. Cecchini, V. Ciaschini, L. dellAgnello and A. Frohner, A. Gianoli, K. Lorentey, and F. Spataro. VOMS, an Authorization System for Virtual Organizations. In First European Across Grids Conference, February 2003.Google Scholar
- Erik Riedel, Mahesh Kallahalla, and Ram Swaminathan. A framework for evaluating storage system security. In Darrell D. E. Long, editor, FAST, pages 15-30. USENIX, 2002.Google Scholar
- Mark W. Storer, Kevin M. Greenan, Ethan L. Miller, and Kaladhar Voruganti. Se- cure, archival storage with potshards. In FAST’07: Proceedings of the 5th conference on USENIX Conference on File and Storage Technologies, pages 11-11, Berkeley, CA, USA, 2007. USENIX Association.Google Scholar
- Cleversafe. http://www.cleversafe.com, 2007.
- Atul Adya, William J. Bolosky, Miguel Castro, Gerald Cermak, Ronnie Chaiken, John R. Douceur, Jon Howell, Jacob R. Lorch, Marvin Theimer, and Roger Wattenhofer. Farsite: Federated, available, and reliable storage for an incompletely trusted environment. In OSDI, 2002.Google Scholar
- Adam L. Beberg and Vijay S. Pande. Storage@home: Petascale distributed storage. In IPDPS, pages 1-6. IEEE, 2007.Google Scholar
- John Kubiatowicz, David Bindel, Yan Chen, Steven E. Czerwinski, Patrick R. Eaton, Dennis Geels, Ramakrishna Gummadi, Sean C. Rhea, Hakim Weatherspoon, Westley Weimer, Chris Wells, and Ben Y. Zhao. Oceanstore: An architecture for global-scale persistent storage. In ASPLOS, pages 190-201, 2000.Google Scholar
- Encrypted Storage and Hydra. https://twiki.cern.ch/twiki/bin/view/EGEE/DMEDS, September 2007.
- Graeme A. Stewart, David Cameron, Greig A Cowan, and Gavin McCance. Storage and Data Management in EGEE. In 5th Australasian Symposium on Grid Computing and e-Research (AusGrid 2007), January 2007.Google Scholar