Perspectives of Threat Modeling of a Secure Cloud Picture Archiving and Communication System

J. A. Awokola, O. N. Emuoyibofarhe, A. Omotosho, J. O. Emuoyibofarhe, J. O. Mebawondu

Abstract


The Picture Archiving and Communication System (PACS) used in electronic health, is computationally enhanced by the migration into the cloud, which reduces the cost of storage space and equipment. However, cloud-PACS technology is susceptible to threats and vulnerabilities. This paper implements a threat modeling approach on a cloud-PACS framework, using Microsoft Threat Modelling Tools. Security requirements and mitigation strategies were formulated for the implementation of the framework, in order to improve cloud PACS security.


Keywords


Picture Archiving and Communication (PAC); e-health; modeling; threat; cloud

Full Text:

PDF

References


K. A. Kurlakose, Infrastructure for secure medical image sharing between distributed PACS and DI-r systems, Msc Thesis, University of Ontario, 2013

R. K. Grace, R. Manimegalai, S. S. Kumar, “Medical image retrieval system in grid using hadoop framework”, International Conference on Computational Science and Computational Intelligence, Las Vegas, USA, March 9-12, 2014

C. Stergiou, K. E. Psannis, B. G. Kim, B. Gupta, “Secure integration of IoT and cloud computing”, Future Generation Computer Systems, Vol. 78, No. 3, pp. 964-975, 2018

S. K. Vuppala, M. S. Dinesh, S. Viswanathan, G. Ramachandran, N. Bussa, M. Geetha, “Cloud-based big data platform for image analytics”, IEEE International Conference on Cloud Computing in Emerging Markets (CCEM), Bangalore, India, November 1–3, 2017

P. H. Meland, E. Paja, E. A. Gjaere, S. Paul, F. Dalpiaz, P. Giorgini, “Threat analysis in goal-oriented security requirements modelling”, International Journal of Secure Systems and Software Engineering, Vol. 5, No. 2, pp. 1-19, 2018

L. Sion, K. Yskout, D. Van Landuyt, W. Joosen, “Poster: Knowledge-enriched security and privacy threat modelling”, 40th International Conference on Software Engineering: Companion, Gothenburg, Sweden, May 27-June 03, 2018

J. Freund, J. Jones, Measuring and managing information risk: a FAIR approach, Butterworth-Heinemann, 2018

S. Cleemput, Secure and privacy-friendly smart electricity metering, PhD Thesis, Arenberg Doctoral School, 2018

Microsoft, “Microsoft Threat Modelling Tool 2016”, available at: www.aka.ms/tmt2016

M. Cagnazzo, M. Hertlein, T. Holz, N. Pohlmann, “Threat modelling for mobile health systems”, IEEE Communications and Networking Conference, Barcelona, Spain, April 15–18, 2018

A. Omotosho, J. A. Awokola, O. J. Emuoyibofarhe, C. Meinel, “A secure cloud-based picture archiving and communication system for developing countries”, Journal of Theoretical and Applied Information Technology, Vol. 97, No. 7, pp. 1902-1913 2019

A. Omotosho, J. Emuoyibofarhe, “A criticism of the current security, privacy and accountability issues in electronic health records”, International Journal of Applied Information Systems, Vol. 7, No. 8, pp. 11–18, 2014

A. Omotosho, J. Emuoyibofarhe, C. Meinel, “Ensuring patients' privacy in a cryptographic-based-electronic health record using bio-cryptography”, International Journal of Electronic Healthcare, Vol. 9, No. 4, pp. 227-254, 2017

A. Omotosho, J. Emuoyibofarhe, A. Oke, “Securing private keys in electronic health records using session-based hierarchical key encryption”, Journal of Applied Security Research, Vol. 12, No. 4, pp. 463-477, 2017




eISSN: 1792-8036     pISSN: 2241-4487