Subscribe to RSS
DOI: 10.3414/ME9122
Model-based Security Analysis of the German Health Card Architecture
Publication History
Publication Date:
20 January 2018 (online)
Summary
Objectives: Health-care information systems are particularly security-critical. In order to make these applications secure, the security analysis has to be an integral part of the system design and IT management process for such systems.
Methods: This work presents the experiences and results from the security analysis of the system architecture of the German Health Card, by making use of an approach to model-based security engineering that is based on the UML extension UMLsec. The focus lies on the security mechanisms and security policies of the smart-card-based architecture which were analyzed using the UMLsec method and tools.
Results: Main results of the paper include a report on the employment of the UMLsec method in an industrial health information systems context as well as indications of its benefits and limitations. In particular, two potential security weaknesses were detected and countermeasures discussed.
Conclusions: The results indicate that it can be feasible to apply a model-based security analysis using UMLsec to an industrial health information system like the German Health Card architecture, and that doing so can have concrete benefits (such as discovering potential weaknesses, and an increased confidence that no further vulnerabilities of the kind that were considered are present).
-
References
- 1 Jürjens J. Secure Systems Development with UML. Heidelberg: Springer; 2004
- 2 Jürjens J, Rumm R. Security analysis of complex telematics systems at the hand of the electronic health card: Experimental results. 2007 http://mcs.open.ac.uk/jj2924/umlsectool/applications/healthcard
- 3 Best B, Jürjens J, Nuseibeh B. Model-based security engineering of distributed information systems using UMLsec. 29th International Conference on Software Engineering (ICSE 2007), Minneapolis. IEEE Computer Society; 2007 pp 581-590.
- 4 Jürjens J, Schreck J, Bartmann P. Model-based security analysis for mobile communications. 30th Intern. Conference on Software Engineering (ICSE 2008), Leipzig. ACM; 2008 pp 683-692.
- 5 Apvrille A, Pourzandi M. Secure software development by example. IEEE Security & Privacy 2005; 3 (04) 10-17.
- 6 Jürjens J. Model-based security engineering for real. 14th Intern Symposium on Formal Methods (FM 2006). LNCS 2006; 4085: 600-606.
- 7 Blobel B, Nordberg R, Davis J, Pharow P. Modelling privilege management and access control. International Journal of Medical Informatics 2006; 75, 8: 597-623.
- 8 Blobel B, Pharow P. A model-driven approach for the German health telematics architectural frame work and security infrastructure. International Journal of Medical Informatics 2007; 76, 2-3: 169-175.
- 9 Alam M, Hafner M, Memon M, Hung P. Modeling and enforcing advanced access control policies in healthcare systems with SECTET. In: Sztipanovits et al. [10].
- 10 Sztipanovits J, Breu R, Ammenwerth E, Bajcsy R, Mitchell J, Pretschner A. (eds.). Workshop on Model-based Trustworthy Health Information Systems (MOTHIS@Models),. 2007 Contributions available at http://mothis.isis.vanderbilt.edu
- 11 Alam M, Hafner M, Breu R. Model-driven security engineering for trust management in SECTET. Journal of Software 2007; 2, 1: 47-59.
- 12 Agreiter B, Alam M, Hafner M, Seifert J-P, Zhang X. Model driven configuration of secure operating systems for mobile applications in healthcare. In: Sztipanovits et al. [10].
- 13 Lopez H, Massacci F, Zannone N. Goal-equivalent secure business process re-engineering for e-health. In: Sztipanovits et al. [10].
- 14 Fredriksen R, Kristiansen M, Gran B, Stølen K, Opperud T, Dimitrakos T. The CORAS framework for a model-based risk management process. SAFECOMP. LNCS 2002; 2434: 94-105.
- 15 Mathe J, Duncavage S, Werner J, Malin B, Ledeczi A, and Sztipanovits J. Implementing a modelbased design environment for clinical information systems. In: Sztipanovits et al. [10].
- 16 Gesetz zur Modernisierung der gesetzlichen Krankenversicherung (GKV-Modernisierungsgesetz/ GMG). Germany, Bundesgesetzblatt 2003; I: 2190.
- 17 Bundesdatenschutzgesetz (BDSG). Germany, Bundesgesetzblatt 2007; I: 201 and 1977; I: 66.
- 18 Bundesministerium des Innern.. Standards und Architekturen fur E-Government-Anwendungen (SAGA Version 4.0). Germany, Mar. 2008
- 19 Bundesamt für Sicherheit in der Informationstechnik, IT Sicherheit auf Basis der Common Criteria – ein Leitfaden. Germany, 2005. Available at http://www.bsi.bund.de/cc/cc_leitf.pdf
- 20 Gesetz über Rahmenbedingungen für elektronische Signaturen (Signaturgesetz/SigG). Germany, Bundesgesetzblatt 2001; I: 876 and 2007; I: 179, 185.
- 21 Verordnung zur elektronischen Signatur (Signaturverordnung/ SigV). Germany, Bundesgesetzblatt 2001; I: 3074 and 2007; I: 2631, 2671.
- 22 eHealth card – bIT4Health architecture. http://www.dimdi.de/static/en/ehealth. 2007
- 23 German health professional card and security module card specification v2.1.0. 2006. http://www.dimdi.de/dynamic/de/ehealth/karte/downloadcenter/technik/kartenspezifikation/spez_testphase_archiv/spez_testphase_archiv_1_egk/hpc_p3_smc_v2–10.pdf.
- 24 Jürjens J. Sound methods and effective tools for model-based security engineering with UML. 27th Int. Conf. on Softw. Engineering (ICSE 2005), St. Louis. ACM 2005 pp 322-331.
- 25 Jürjens J, Shabalin P. Tools for secure systems development with UML. Intern. Journal on Software Tools for Technology Transfer 2007; 9: 527-544. Invited submission to the special issue for FASE 2004/05.
- 26 UMLsec tool. 2001-08. http://mcs.open.ac.uk/ jj2924/umlsectool.
- 27 Anderson R. Security Engineering: A Guide to Building Dependable Distributed Systems. New York: John Wiley & Sons; 2001