Change search
Link to record
Permanent link

Direct link
BETA
Publications (4 of 4) Show all publications
Barros, B. M., Iwaya, L. H., Simplício, M. A., Carvalho, T. C., Méhes, A. & Näslund, M. (2015). Classifying Security Threats in Cloud Networking. In: Markus Helfert, Donald Ferguson and Víctor Méndez Muñoz (Ed.), Proceedings of the 5th International Conference on Cloud Computing and Services Science: . Paper presented at CLOSER 2015 - The 5th International Conference on Cloud Computing and Services Science, 20 – 22 May 2015, Lisbon, Portugal (pp. 214-220). SciTePress
Open this publication in new window or tab >>Classifying Security Threats in Cloud Networking
Show others...
2015 (English)In: Proceedings of the 5th International Conference on Cloud Computing and Services Science / [ed] Markus Helfert, Donald Ferguson and Víctor Méndez Muñoz, SciTePress , 2015, p. 214-220Conference paper, Published paper (Refereed)
Abstract [en]

A central component of managing risks in cloud computing is to understand the nature of security threats. The relevance of security concerns are evidenced by the efforts from both the academic community and technological organizations such as NIST, ENISA and CSA, to investigate security threats and vulnerabilities related to cloud systems. Provisioning secure virtual networks (SVNs) in a multi-tenant environment is a fundamental aspect to ensure trust in public cloud systems and to encourage their adoption. However, comparing existing SVN-oriented solutions is a difficult task due to the lack of studies summarizing the main concerns of network virtualization and providing a comprehensive list of threats those solutions should cover. To address this issue, this paper presents a threat classification for cloud networking, describing threat categories and attack scenarios that should be taken into account when designing, comparing, or categorizing solutions. The classification is based o n the CSA threat report, building upon studies and surveys from the specialized literature to extend the CSA list of threats and to allow a more detailed analysis of cloud network virtualization issues.

Place, publisher, year, edition, pages
SciTePress, 2015
Keywords
Cloud Networking, Cloud Security, Security Threats, Security Taxonomy
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:kau:diva-40673 (URN)10.5220/0005489402140220 (DOI)978-989-758-104-5 (ISBN)
Conference
CLOSER 2015 - The 5th International Conference on Cloud Computing and Services Science, 20 – 22 May 2015, Lisbon, Portugal
Available from: 2016-02-23 Created: 2016-02-23 Last updated: 2018-01-10Bibliographically approved
Simplício, M. A., Carvalho, T. C., Dominicini, C., Håkansson, P., Iwaya, L. H. & Näslund, M. (2015). Method and Apparatus for Securing a Connection in a Communications Network. us 20150281958.
Open this publication in new window or tab >>Method and Apparatus for Securing a Connection in a Communications Network
Show others...
2015 (English)Patent (Other (popular science, discussion, etc.))
Abstract [en]

A method of securing a session between a Network Application Function, NAF, and a User Equipment, UE, connected to a network. The NAF is assigned a NAF identifier, NAF_id, using the Generic Bootstrapping Architecture, GBA, or a similar architecture and a shared secret is established between the UE and the NAF (S7.1). An application request containing a bootstrapping transaction identifier is sent to the NAF from the UE (S7.2) and an authentication request comprising the bootstrapping transaction identifier, the NAF_id, and information derived from the shared secret is sent to a Bootstrapping Server Function, BSF, from the NAF (S7.4). The BSF and the UE determine a NAF key, Ks_NAF, by using a modified parameter in place of or in addition to an original parameter in a key derivation function, the modified parameter being derived from the shared secret and the original parameter of the key derivation function (S7.5). This NAF key is transmitted from the BSF to the NAF (S7.6) and used to secure communications between the NAF and the UE (S7.7). Also provided are apparatus to act as a NAF, UE, and BSF in the method above.

National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:kau:diva-40674 (URN)
Patent
US 20150281958
Available from: 2016-02-23 Created: 2016-02-23 Last updated: 2018-01-10Bibliographically approved
Simplício, M. A., Iwaya, L. H., Barros, B. M., Carvalho, T. C. & Näslund, M. (2015). SecourHealth: a delay-tolerant security framework for mobile health data collection.. IEEE journal of biomedical and health informatics, 19(2), 761-772
Open this publication in new window or tab >>SecourHealth: a delay-tolerant security framework for mobile health data collection.
Show others...
2015 (English)In: IEEE journal of biomedical and health informatics, ISSN 2168-2194, E-ISSN 2168-2208, Vol. 19, no 2, p. 761-772Article in journal (Refereed) Published
Abstract [en]

Security is one of the most imperative requirements for the success of systems that deal with highly sensitive data, such as medical information. However, many existing mobile health solutions focused on collecting patients' data at their homes that do not include security among their main requirements. Aiming to tackle this issue, this paper presents SecourHealth, a lightweight security framework focused on highly sensitive data collection applications. SecourHealth provides many security services for both stored and in-transit data, displaying interesting features such as tolerance to lack of connectivity (a common issue when promoting health in remote locations) and the ability to protect data even if the device is lost/stolen or shared by different data collection agents. Together with the system's description and analysis, we also show how SecourHealth can be integrated into a real data collection solution currently deployed in the city of Sao Paulo, Brazil.

National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:kau:diva-40063 (URN)10.1109/JBHI.2014.2320444 (DOI)000351091200039 ()24801629 (PubMedID)
Available from: 2016-02-12 Created: 2016-02-12 Last updated: 2018-01-10Bibliographically approved
Iwaya, L. H., Gomes, M. A., Simplício, M. A., Carvalho, T. C., Dominicini, C. K., Sakuragui, R. R., . . . Håkansson, P. (2013). Mobile health in emerging countries: a survey of research initiatives in Brazil.. International Journal of Medical Informatics, 82(5), 283-298
Open this publication in new window or tab >>Mobile health in emerging countries: a survey of research initiatives in Brazil.
Show others...
2013 (English)In: International Journal of Medical Informatics, ISSN 1386-5056, E-ISSN 1872-8243, Vol. 82, no 5, p. 283-298Article in journal (Refereed) Published
Abstract [en]

OBJECTIVE: To conduct a comprehensive survey of mobile health (mHealth) research initiatives in Brazil, discussing current challenges, gaps, opportunities and tendencies.

METHODS: Systematic review of publicly available electronic documents related to mHealth, including scientific publications, technical reports and descriptions of commercial products. Specifically, 42 projects are analyzed and classified according to their goals. This analysis considers aspects such as security features provided (if any), the health condition that are focus of attention, the main providers involved in the projects development and deployment, types of devices used, target users, where the projects are tested and/or deployed, among others.

RESULTS: The study shows a large number (86%) of mHealth solutions focused on the following categories: health surveys, surveillance, patient records and monitoring. Meanwhile, treatment compliance, awareness raising and decision support systems are less explored. The main providers of solutions are the universities (56%) and health units (32%), with considerable cooperation between such entities. Most applications have physicians (55%) and Community Health Agents (CHAs) (33%) as targeted users, the latter being important elements in nation-wide governmental health programs. Projects focused on health managers, however, are a minority (5%). The majority of projects do not focus on specific diseases but rather general health (57%), although solutions for hearth conditions are reasonably numerous (21%). Finally, the lack of security mechanisms in the majority of the surveyed solutions (52%) may hinder their deployment in the field due to the lack of compliance with general regulations for medical data handling.

CONCLUSION: There are currently many mHealth initiatives in Brazil, but some areas have not been much explored, such as solutions for treatment compliance and awareness raising, as well as decision support systems. Another research trend worth exploring refers to creating interoperable security mechanisms, especially for widely explored mHealth categories such as health surveys, patient records and monitoring. Challenges for the expansion of mHealth solutions, both in number and coverage, include the further involvement of health managers in the deployment of such solutions and in coordinating efforts among health and research institutions interested in the mHealth trend, possibly exploring the widespread presence of CHAs around the country as users of such technology.

National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:kau:diva-40062 (URN)10.1016/j.ijmedinf.2013.01.003 (DOI)000318998000016 ()23410658 (PubMedID)
Available from: 2016-02-12 Created: 2016-02-12 Last updated: 2018-01-10Bibliographically approved
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0002-0821-0614

Search in DiVA

Show all publications