Operationalization of Privacy and Security Requirements for eHealth IoT Applications in the Context of GDPR and CSL

Tomashchuk, Oleksandr; Li, Yuan; Landuyt, Dimitri Van; Joosen, Wouter

doi:10.1007/978-3-030-55196-4_9

Lecture Notes in Computer Science

2020

DOI: 10.1007/978-3-030-55196-4_9

|View full text |Cite

Operationalization of Privacy and Security Requirements for eHealth IoT Applications in the Context of GDPR and CSL

Oleksandr Tomashchuk

Yuan Li

Dimitri Van Landuyt

et al.

Abstract: The Fourth Industrial Revolution imposes a number of unprecedented societal challenges and these are increasingly being addressed through regulation. This, in turn, lays the burden to adopt and implement the different concepts and principles (such as privacy-by-design) with practitioners. However, these concepts and principles are formulated by legal experts in a way that does not allow their direct usage by software engineers and developers, and the practical implications are thus not always obvious nor clear… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2020

Publication Types

Select...

Other1

Relationship

Self Cite1

Independent0

Authors

Journals

Cited by 1 publication

References 16 publications

(16 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

Threat and Risk Management Framework for eHealth IoT Applications

Tomashchuk

2020

Proceedings of the 24th ACM International Systems and Software Product Line Conference - Volume B

Self Cite

View full text Add to dashboard Cite

The impact of the Internet of Things (IoT) on the modern industrial and commercial systems is hard to be underestimated. Almost every domain favours from the benefits that IoT brings, and healthcare does not make an exception. This is also clearly demonstrated by a widespread adoption of eHealth systems that often arise from software product lines. Nevertheless, the benefits that IoT brings come together with new threats and risks. An eHealth system that processes many types of sensitive data sets the context for this thesis. Security and privacy gain crucial importance for successful operation and broad user acceptance of the system because of the properties of the data flows that it initiates and operates. However, due to a large number of feature combinations that originate from the software product line nature of the eHealth system in question, a combinatorial explosion of relevant configurations makes reaching security and privacy goals more difficult. Furthermore, another combinatorial explosion of threats and corresponding mitigation strategies for every configuration complicates the situation even further. Nonetheless, configurations that meet specific risk budgets need to be in place. Within this thesis, a new threat and risk management (TRM) framework will be provided. It is based on STRIDE and LINDDUN methodologies, and it will overcome existing limitations by employing components on feature space modelling, risk-driven scoring, configuration decision support, and regulatory compliance. Research outcomes that have been reached so far show promising developments on the vital framework components. CCS CONCEPTS • Security and privacy → Mobile platform security; Data anonymization and sanitization; Usability in security and privacy; Privacy protections; Mobile and wireless security; Information flow control; • Software and its engineering → Software product lines.

show abstract

Threat and Risk Management Framework for eHealth IoT Applications

Tomashchuk

2020

Proceedings of the 24th ACM International Systems and Software Product Line Conference - Volume B

Self Cite

View full text Add to dashboard Cite

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Operationalization of Privacy and Security Requirements for eHealth IoT Applications in the Context of GDPR and CSL

Cited by 1 publication

References 16 publications

Threat and Risk Management Framework for eHealth IoT Applications

Threat and Risk Management Framework for eHealth IoT Applications

Contact Info

Product

Resources

About