Model-based security analysis of the German Health Card architecture

Methods of Information in Medicine

Volumn 47, Issue 5, 2008, Pages 409-416

  Jurjens J ^a   Rumm, R ^b  

^a OPEN UNIVERSITY   (United Kingdom)

^b NONE

Author keywords

German Health Card; Health information systems; Model based development; Security; UMLsec

Indexed keywords

ACCESS TO INFORMATION; ARTICLE; COMPUTER LANGUAGE; COMPUTER PROGRAM; COMPUTER SECURITY; CONFIDENTIALITY; ELECTRONIC DATA INTERCHANGE; ELECTRONIC MEDICAL RECORD; GERMANY; HEALTH INSURANCE; HUMAN; INFORMATION TECHNOLOGY; MEDICAL INFORMATION SYSTEM; PATIENT INFORMATION; PRESCRIPTION; PRIORITY JOURNAL; PROCESS MODEL; SMART CARD;

COMPUTER SECURITY; GERMANY; MODELS, ORGANIZATIONAL; PATIENT IDENTIFICATION SYSTEMS;

EID: 55049118116     PISSN: 00261270     EISSN: None     Source Type: Journal    
DOI: 10.3414/ME9122     Document Type: Article

References (27)

1. Jürjens J. Secure Systems Development with UML. Heidelberg: Springer; 2004.
2. Jürjens J, Rumm R. Security analysis of complex telematics systems at the hand of the electronic health card: Experimental results. 2007. http://mcs.open.ac.uk/jj2924/umlsectool/applications/healthcard
3. Best B, Jürjens J, Nuseibeh B. Model-based security engineering of distributed information systems using UMLsec. 29th International Conference on Software Engineering (ICSE 2007), Minneapolis. IEEE Computer Society; 2007. pp 581-590.
4. Jürjens J, Schreck J, Bartmann P. Model-based security analysis for mobile communications. 30th Intern. Conference on Software Engineering (ICSE 2008), Leipzig. ACM; 2008. pp 683-692.
5. Apvrille A, Pourzandi M. Secure software development by example. IEEE Security & Privacy 2005; 3, 4: 10-17.
6. Jürjens J. Model-based security engineering for real. 14th Intern Symposium on Formal Methods (FM 2006). LNCS 2006; 4085: 600-606.
7. Blobel B, Nordberg R, Davis J, Pharow P. Modelling privilege management and access control. International Journal of Medical Informatics 2006; 75, 8: 597-623.
8. Blobel B, Pharow P. A model-driven approach for the German health telematics architectural framework and security infrastructure. International Journal of Medical Informatics 2007; 76, 2-3: 169-175.
9. Alam M, Hafner M, Memon M, Hung P. Modeling and enforcing advanced access control policies in healthcare systems with SECTET. In: Sztipanovits et al. [10].
10. Sztipanovits J, Breu R, Ammenwerth E, Bajcsy R, Mitchell J, Pretschner A (eds.). Workshop on Model-based Trustworthy Health Information Systems (MOTHIS_models), 2007. Contributions available at http://mothis.isis.vanderbilt.edu
11. Alam M, Hafner M, Breu R. Model-driven security engineering for trust management in SECTET. Journal of Software 2007; 2, 1: 47-59.
12. Agreiter B, Alam M, Hafner M, Seifert J-P, Zhang X. Model driven configuration of secure operating systems for mobile applications in healthcare. In: Sztipanovits et al. [10].
13. Lopez H, Massacci F, Zannone N. Goal-equivalent secure business process re-engineering for e-health, In: Sztipanovits et al. [10].
14. Fredriksen R, Kristiansen M, Gran B, Stølen K, Opperud T, Dimitrakos T. The CORAS framework for a model-based risk management process. SAFECOMP. LNCS 2002; 2434: 94-105.
15. Mathe J, Duncavage S, Werner J, Malin B, Ledeczi A, and Sztipanovits J. Implementing a model-based design environment for clinical information systems. In: Sztipanovits et al. [10].
16. Gesetz zur Modemisierung der gesetzlichen Krankenversicherung (GKV-Modemisierungsgesetz/GMG). Germany, Bundesgesetzblatt 2003; I: 2190.
17. Bundesdatenschutzgesetz (BDSG). Germany, Bundesgesetzblatt 2007; I: 201 and 1977; I: 66.
18. Bundesministerium des Innern. Standards und Architekturen fur E-Government-Anwendungen (SAGA Version 4.0). Germany, Mar. 2008.
19. Bundesamt für Sicherheit in der Informationstechnik, IT Sicherheit auf Basis der Common Criteria - ein Leiffaden. Germany, 2005. Available at http://www.bsi.bund.de/cc/cc_leitf.pdf
20. Gesetz über Rahmenbedingungen für elektronische Signaturen (Signaturgesetz/SigG). Germany, Bundesgesetzblatt 2001; I: 876 and 2007; I: 179, 185.
21. Verordnung zur elektronischen Signatur (Signaturverordnung/SigV). Germany, Bundesgesetzblatt 2001; I: 3074 and 2007; I: 2631, 2671.
22. eHealth card - bIT4Health architecture. http://www.dimdi.de/static/en/ ehealth. 2007.
23. German health professional card and security module card specification v2.1.0. 2006. http://www.dimdi.de/dynamic/de/ehealth/karte/ downloadcenter/technik/kartenspezifikation/spez_testphase_archiv/ spez_testphase_archiv_1_eglqhpc_p3_smc_v2-10.pdf.
24. Jürjens J. Sound methods and effective tools for model-based security engineering with UML. 27th Int. Conf. on Softw. Engineering (ICSE 2005), St. Louis. ACM 2005. pp 322-331.
25. Jürjens J, Shabalin P. Tools for secure systems development with UML. Intern. Journal on Software Tools for Technology Transfer 2007; 9: 527-544. Invited submission to the special issue for FASE 2004/05.
26. UMLsee tool. 2001-08. http://mes.open.ac.uk/jj2924/umlsectool.
27. Anderson R. Security Engineering: A Guide to Building Dependable Distributed Systems. New York: John Wiley & Sons; 2001.