In this paper, we investigate the implications of the General Data Privacy Regulation (GDPR) on the design of an IoT healthcare system. On 25th May 2018, the GDPR has become mandatory within the European Union and hence also for all suppliers of IT products. Infringements on the regulation are now fined with penalties of up 20 Million EUR or 4% of the annual turnover of a company whichever is higher. This is a clear motivation for system designers to guarantee compliance to the GDPR. We propose a data labeling model to support access control for privacy-critical patient data together with the Fusion/UML process to design GDPR compliant system. We illustrate this design process on the case study of IoT based monitoring of Alzheimer's patients that we work on in the CHIST-ERA project SUCCESS.
Full bibliographic details must be given when referring to, or quoting from full items including the author's name, the title of the work, publication details where relevant (place, publisher, date), pagination, and for theses or dissertations the awarding institution, the degree type awarded, and the date of the award.
In this chapter, the authors give a short overview of the state of the art of formal verification techniques to the engineering of safe and secure systems. The main focus is on the support of security of real-world systems with mechanized verification techniques, in particular model checking. Based on prior experience with safety analysis—in particular the TWIN elevator (ThyssenKrupp) case study—the current case study ventures into the rising field of social engineering attacks on security. This main focus and original contribution of this chapter considers the security analysis of an insider attack illustrating the benefits of model checking with belief logics and actor system modeling.
Cloud computing is the delivery of on‐demand computing resources. It shares the resources or provides vir‐utilization that enables single user to access various Cloud services such as CPU, memory, storage devices, network, and so on. However, more commercial cloud services offered by several cloud service providers (CSPs) are available in the market place. Most CSPs must, therefore, deal with the dynamic resource allocation where the mobile services are migrating from one cloud to another cloud environment to provide heterogeneous resources based on user needs. There is still a lack of heuristics that are able to check requested resources and available resources to allocate and deallocate before it begins the secure service migration. We proposed a resource allocation security protocol that allows resources to be allocated and migrated efficiently in a secure service migration between cloud infrastructures. Furthermore, formal methods can be used for protocols to verify the desired properties, detecting attacks and producing accurate outcomes. This article presents formal modeling and verification of this abstract protocol using ProVerif cryptographic tool to validate the security properties such as secrecy of resources, authentication from both parties and key exchange in order to securely migrate resources in commercial cloud environments.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.