L. Coppolino, S. D'Antonio, Giovanni Mazzeo, L. Romano, Luigi Sgaglione
{"title":"Exploiting New CPU Extensions for Secure Exchange of eHealth Data at the EU Level","authors":"L. Coppolino, S. D'Antonio, Giovanni Mazzeo, L. Romano, Luigi Sgaglione","doi":"10.1109/EDCC.2018.00015","DOIUrl":null,"url":null,"abstract":"Cross-border healthcare requires that secure mechanisms for patient data exchange among distinct eHealth infrastructures be implemented. OpenNCP is a major initiative for achieving interoperability of eHealth data among European Member States. It is an Open Source implementation of a broker-based solution that enables the exchange of clinical data among countries having different languages and regulations. It provides some level of protection - using common security technologies (e.g., TLS) - but it has not been designed with the specific goal of achieving high levels of security, and therefore it is vulnerable to more subtle attacks, such as those by privileged users and/or software. In this paper we discuss how the new extension of COTS processors - namely Software Guard eXtension (SGX) - can be exploited to implement effective mechanisms against this specific category of attacks, which is particularly challenging. We present a general approach to harden systems, and discuss in detail how we implemented it in the context of OpenNCP. Also importantly, we evaluate the performance degradation induced by SGX.","PeriodicalId":129399,"journal":{"name":"2018 14th European Dependable Computing Conference (EDCC)","volume":"417 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 14th European Dependable Computing Conference (EDCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EDCC.2018.00015","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 12
Abstract
Cross-border healthcare requires that secure mechanisms for patient data exchange among distinct eHealth infrastructures be implemented. OpenNCP is a major initiative for achieving interoperability of eHealth data among European Member States. It is an Open Source implementation of a broker-based solution that enables the exchange of clinical data among countries having different languages and regulations. It provides some level of protection - using common security technologies (e.g., TLS) - but it has not been designed with the specific goal of achieving high levels of security, and therefore it is vulnerable to more subtle attacks, such as those by privileged users and/or software. In this paper we discuss how the new extension of COTS processors - namely Software Guard eXtension (SGX) - can be exploited to implement effective mechanisms against this specific category of attacks, which is particularly challenging. We present a general approach to harden systems, and discuss in detail how we implemented it in the context of OpenNCP. Also importantly, we evaluate the performance degradation induced by SGX.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
