Checking and Enforcing Security through Opacity in Healthcare Applications

TL;DR

This paper introduces an IoT-based heart attack detection system that verifies and enforces opacity to protect patient privacy against passive observers, ensuring system confidentiality in healthcare applications.

Contribution

It presents a novel approach using a verification tool and a Symbolic Observation Graph algorithm to ensure and enforce opacity in healthcare IoT systems.

Findings

Verified opacity in the system to detect privacy leaks

Developed an efficient algorithm for enforcing opacity

Enhanced privacy protection in healthcare IoT applications

Abstract

The Internet of Things (IoT) is a paradigm that can tremendously revolutionize health care thus benefiting both hospitals, doctors and patients. In this context, protecting the IoT in health care against interference, including service attacks and malwares, is challenging. Opacity is a confidentiality property capturing a system's ability to keep a subset of its behavior hidden from passive observers. In this work, we seek to introduce an IoT-based heart attack detection system, that could be life-saving for patients without risking their need for privacy through the verification and enforcement of opacity. Our main contributions are the use of a tool to verify opacity in three of its forms, so as to detect privacy leaks in our system. Furthermore, we develop an efficient, Symbolic Observation Graph (SOG)-based algorithm for enforcing opacity.