L. Coppolino, S. D'Antonio, Giovanni Mazzeo, L. Romano, Luigi Sgaglione
{"title":"利用新的CPU扩展来安全交换欧盟级别的电子健康数据","authors":"L. Coppolino, S. D'Antonio, Giovanni Mazzeo, L. Romano, Luigi Sgaglione","doi":"10.1109/EDCC.2018.00015","DOIUrl":null,"url":null,"abstract":"Cross-border healthcare requires that secure mechanisms for patient data exchange among distinct eHealth infrastructures be implemented. OpenNCP is a major initiative for achieving interoperability of eHealth data among European Member States. It is an Open Source implementation of a broker-based solution that enables the exchange of clinical data among countries having different languages and regulations. It provides some level of protection - using common security technologies (e.g., TLS) - but it has not been designed with the specific goal of achieving high levels of security, and therefore it is vulnerable to more subtle attacks, such as those by privileged users and/or software. In this paper we discuss how the new extension of COTS processors - namely Software Guard eXtension (SGX) - can be exploited to implement effective mechanisms against this specific category of attacks, which is particularly challenging. We present a general approach to harden systems, and discuss in detail how we implemented it in the context of OpenNCP. Also importantly, we evaluate the performance degradation induced by SGX.","PeriodicalId":129399,"journal":{"name":"2018 14th European Dependable Computing Conference (EDCC)","volume":"417 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"Exploiting New CPU Extensions for Secure Exchange of eHealth Data at the EU Level\",\"authors\":\"L. Coppolino, S. D'Antonio, Giovanni Mazzeo, L. Romano, Luigi Sgaglione\",\"doi\":\"10.1109/EDCC.2018.00015\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cross-border healthcare requires that secure mechanisms for patient data exchange among distinct eHealth infrastructures be implemented. OpenNCP is a major initiative for achieving interoperability of eHealth data among European Member States. It is an Open Source implementation of a broker-based solution that enables the exchange of clinical data among countries having different languages and regulations. It provides some level of protection - using common security technologies (e.g., TLS) - but it has not been designed with the specific goal of achieving high levels of security, and therefore it is vulnerable to more subtle attacks, such as those by privileged users and/or software. In this paper we discuss how the new extension of COTS processors - namely Software Guard eXtension (SGX) - can be exploited to implement effective mechanisms against this specific category of attacks, which is particularly challenging. We present a general approach to harden systems, and discuss in detail how we implemented it in the context of OpenNCP. Also importantly, we evaluate the performance degradation induced by SGX.\",\"PeriodicalId\":129399,\"journal\":{\"name\":\"2018 14th European Dependable Computing Conference (EDCC)\",\"volume\":\"417 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 14th European Dependable Computing Conference (EDCC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/EDCC.2018.00015\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 14th European Dependable Computing Conference (EDCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EDCC.2018.00015","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Exploiting New CPU Extensions for Secure Exchange of eHealth Data at the EU Level
Cross-border healthcare requires that secure mechanisms for patient data exchange among distinct eHealth infrastructures be implemented. OpenNCP is a major initiative for achieving interoperability of eHealth data among European Member States. It is an Open Source implementation of a broker-based solution that enables the exchange of clinical data among countries having different languages and regulations. It provides some level of protection - using common security technologies (e.g., TLS) - but it has not been designed with the specific goal of achieving high levels of security, and therefore it is vulnerable to more subtle attacks, such as those by privileged users and/or software. In this paper we discuss how the new extension of COTS processors - namely Software Guard eXtension (SGX) - can be exploited to implement effective mechanisms against this specific category of attacks, which is particularly challenging. We present a general approach to harden systems, and discuss in detail how we implemented it in the context of OpenNCP. Also importantly, we evaluate the performance degradation induced by SGX.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
