Perspectives of Threat Modeling of a Secure Cloud Picture Archiving and Communication System
The Picture Archiving and Communication System (PACS) used in electronic health, is computationally enhanced by the migration into the cloud, which reduces the cost of storage space and equipment. However, cloud-PACS technology is susceptible to threats and vulnerabilities. This paper implements a threat modeling approach on a cloud-PACS framework, using Microsoft Threat Modelling Tools. Security requirements and mitigation strategies were formulated for the implementation of the framework, in order to improve cloud PACS security.
Keywords:Picture Archiving and Communication (PAC), e-health, modeling, threat, cloud
K. A. Kurlakose, Infrastructure for secure medical image sharing between distributed PACS and DI-r systems, Msc Thesis, University of Ontario, 2013
R. K. Grace, R. Manimegalai, S. S. Kumar, “Medical image retrieval system in grid using hadoop framework”, International Conference on Computational Science and Computational Intelligence, Las Vegas, USA, March 9-12, 2014 DOI: https://doi.org/10.1109/CSCI.2014.31
C. Stergiou, K. E. Psannis, B. G. Kim, B. Gupta, “Secure integration of IoT and cloud computing”, Future Generation Computer Systems, Vol. 78, No. 3, pp. 964-975, 2018 DOI: https://doi.org/10.1016/j.future.2016.11.031
S. K. Vuppala, M. S. Dinesh, S. Viswanathan, G. Ramachandran, N. Bussa, M. Geetha, “Cloud-based big data platform for image analytics”, IEEE International Conference on Cloud Computing in Emerging Markets (CCEM), Bangalore, India, November 1–3, 2017 DOI: https://doi.org/10.1109/CCEM.2017.11
P. H. Meland, E. Paja, E. A. Gjaere, S. Paul, F. Dalpiaz, P. Giorgini, “Threat analysis in goal-oriented security requirements modelling”, International Journal of Secure Systems and Software Engineering, Vol. 5, No. 2, pp. 1-19, 2018 DOI: https://doi.org/10.4018/ijsse.2014040101
L. Sion, K. Yskout, D. Van Landuyt, W. Joosen, “Poster: Knowledge-enriched security and privacy threat modelling”, 40th International Conference on Software Engineering: Companion, Gothenburg, Sweden, May 27-June 03, 2018 DOI: https://doi.org/10.1145/3183440.3194975
J. Freund, J. Jones, Measuring and managing information risk: a FAIR approach, Butterworth-Heinemann, 2018
S. Cleemput, Secure and privacy-friendly smart electricity metering, PhD Thesis, Arenberg Doctoral School, 2018
Microsoft, “Microsoft Threat Modelling Tool 2016”, available at: www.aka.ms/tmt2016
M. Cagnazzo, M. Hertlein, T. Holz, N. Pohlmann, “Threat modelling for mobile health systems”, IEEE Communications and Networking Conference, Barcelona, Spain, April 15–18, 2018 DOI: https://doi.org/10.1109/WCNCW.2018.8369033
A. Omotosho, J. A. Awokola, O. J. Emuoyibofarhe, C. Meinel, “A secure cloud-based picture archiving and communication system for developing countries”, Journal of Theoretical and Applied Information Technology, Vol. 97, No. 7, pp. 1902-1913 2019
A. Omotosho, J. Emuoyibofarhe, “A criticism of the current security, privacy and accountability issues in electronic health records”, International Journal of Applied Information Systems, Vol. 7, No. 8, pp. 11–18, 2014 DOI: https://doi.org/10.5120/ijais14-451225
A. Omotosho, J. Emuoyibofarhe, C. Meinel, “Ensuring patients' privacy in a cryptographic-based-electronic health record using bio-cryptography”, International Journal of Electronic Healthcare, Vol. 9, No. 4, pp. 227-254, 2017 DOI: https://doi.org/10.1504/IJEH.2017.085800
A. Omotosho, J. Emuoyibofarhe, A. Oke, “Securing private keys in electronic health records using session-based hierarchical key encryption”, Journal of Applied Security Research, Vol. 12, No. 4, pp. 463-477, 2017 DOI: https://doi.org/10.1080/19361610.2017.1354272
How to Cite
MetricsAbstract Views: 320
PDF Downloads: 177
Authors who publish with this journal agree to the following terms:
- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.