Home|Journals|Articles by Year|Audio Abstracts

Original Article

The Integrated Holistic Security and Privacy Framework Deployed in CrowdHEALTH Project

Stefanos Malliaros, Christos Xenakis, George Moldovan, John Mantas, Andriana Magdalinou, Lydia Montandon.


Introduction: Individuals and healthcare providers need to trust that the EHRs are protected and that the confidentiality of their personal information is not at stake. Aim: Within CrowdHEALTH project, a security and privacy framework that ensures confidentiality, integrity, and availability of the data was developed. Methods: The CrowdHEALTH Security and Privacy framework includes Privacy Enhancing Technologies (PETs) in order to comply with the GDPR EU laws of data protection. CrowdHEALTH deploys OpenID Connect, an authentication protocol to provide flexibility, scalability, and lightweight user authentication as well as the attribute-base access control (ABAC) mechanism which supports creating efficient access control policies. Results: CrowdHEALTH integrates ABAC with OpenID Connect to build an effective and scalable base for end-users’ authorization. CrowdHEALTH’s security and privacy framework interacts with other CrowdHEALTH’s components, for instance the Big Data Platform, that depends on user authentication and authorization. CrowdHEALTH users are able to access the CrowdHEALTH’s database based on the result of an ABAC request. Moreover, due to the fact that the CrowdHEALTH system requires proofs during the interactions with data producers of low trust or low reputation level, the requirements for the Trust and Reputation Model have been identified. Conclusion: The CrowdHEALTH Integrated Holistic Security and Privacy framework meets the security criteria for an e-health cross-border system, due to the adoption of security mechanisms, such as user authentication, user authorization, access control, data anonymization, trust management and reputation modelling. The implemented framework remains to be tested to ensure its robustness and to evaluate its performance. The holistic security and privacy framework might be adapted during the project’s life circle according to new legislations.

Key words: Privacy, Security, Information Systems.

Full-text options

Share this Article

Online Article Submission
• ejmanager.com

ejPort - eJManager.com
Refer & Earn
About BiblioMed
License Information
Terms & Conditions
Privacy Policy
Contact Us

The articles in Bibliomed are open access articles licensed under Creative Commons Attribution 4.0 International License (CC BY), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.