JISE


  [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14]


Journal of Information Science and Engineering, Vol. 40 No. 6, pp. 1197-1209


Securing IoMT Applications: A n Approach for Enhancing the Reliability of Security Policies within Cloud Databases


SONDES KSIBI1,+, FAOUZI JAIDI1,2 AND ADEL BOUHOULA3
1InnovCom\Digital Security Research Lab
University of Carthage, Higher School of Communications of Tunis
Tunis, 2083 Tunisia

2National School of Engineers of Carthage
University of Carthage
Tunis, 2035 Tunisia

3Department of Next-Generation Computing
College of Graduate Studies
Arabian Gulf University
Manama, 329 Kingdom of Bahrain
E-mail: sondes.ksibi@supcom.tn


Applications of the Internet-of-Things (IoT) in healthcare have a great potential since they bring, in a cost effective manner, supreme solutions to large scale medical-care. The Internet-of-Medical-Things (IoMT) connects patients to caregivers and facilitates remote healthcare capabilities. Regardless of their expansion, especially during the COVID19 pandemic, IoMT applications encounter critical types of security risks. Many research efforts were conducted to help designing reliable E-Health Systems (EHS), but compliance and privacy-preserving solutions for EHS still require a lot of work. To address this requirement, we focus on reliability enhancement of security policies in the context of EHS. We especially deal with risk management within the data processing and storage area, in IoMT systems, composed mainly of cloud/private databases that store confidential medical data. Malicious users and attackers can discover and leak unauthorized data via exploiting authorized information and may expand their rights by using advanced features such as database functional dependencies. In such critical systems, identifying and evaluating risks associated to non authorized accesses and policies misconfigurations is highly required. We address, in this paper, the analysis and the management of the compliance of concrete security policies based on appropriate risk metrics. Our solution enhances a well-established formal verification and validation approach that allows identifying non-compliance anomalies in concrete policies with a quantified risk-assessment approach for evaluating risks. A case of application is presented as an example to illustrate the relevance of our proposal.


Keywords: e-health, IoMT security, access control, risk management, cloud security

  Retrieve PDF document (JISE_202406_03.pdf)