Securing the weak link of federated systems via trusted execution: A case study from the eHealth domain

The interconnection of organisations from distributed, heterogeneous, and autonomous domains having different regulations often requires a trusted third-party gateway to translate security means applied in one domain to those of a different domain. At that point, sensitive data is exposed unencrypted on the gateway host, thus vulnerable to attacks. In this paper, we provide a solution to this weakness of federated architectures by using hardware-assisted trusted computing (TC). We propose an approach where the new Intel's CPU extension, namely Software Guard eXtension (SGX), is exploited to guarantee the trustworthiness of the weakest link - i.e., the gateway - in spite of an aggressive attack model. The validation of our work was realised through the European eHealth infrastructure, namely OpenNCP, that enables cross-border health care and establishes shared practices to implement mechanisms and policies allowing patient data exchange between distinct national eHealth systems.



Titolo: Securing the weak link of federated systems via trusted execution: A case study from the eHealth domain
Autori: 
COPPOLINO, Luigi
D'ANTONIO, Salvatore
MAZZEO, GIOVANNI
ROMANO, LUIGI
SGAGLIONE, Luigi
Data di pubblicazione: 2019
Rivista: 
INTERNATIONAL JOURNAL OF CRITICAL COMPUTER-BASED SYSTEMS  
Handle: http://hdl.handle.net/11367/84312
Appare nelle tipologie:1.1 Articolo in rivista

File in questo prodotto:
Non ci sono file associati a questo prodotto.
Utilizza questo identificativo per citare o creare un link a questo documento:
http://hdl.handle.net/11367/84312
  • Citazioni
  • ND
  • ND

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
 
 
 
Powered by IRIS-about IRIS-Utilizzo dei cookie
Logo CINECA  Copyright © 2020