Securing mHealth Applications Using IoTsecM Security Modelling: Dentify.Me mApp Case Study for Urgent Care Management

Autores/as

  • Ponciano Jorge Escamilla Ambrosio Instituto Politécnico Nacional, Centro de Investigación en Computación
  • David Robles Ramírez Instituto Politécnico Nacional, Centro de Investigación en Computación
  • Shada Alsalamah King Saud University
  • Theo Tryfonas University of Bristol, Faculty of Engineering
  • Sandra Orantes Jiménez Instituto Politécnico Nacional, Centro de Investigación en Computación
  • Abraham Rodríguez Mota Instituto Politécnico Nacional, Centro de Investigación en Computación
  • Sakher AlQahtani College of Dentistry
  • Thamer Nouh College of Medicine
  • Hessah Alsalamah King Saud University
  • Shahad Almutawaa King Saud University
  • Hend Alkabani King Saud University
  • Mshael Alsmari King Saud University
  • Nouf Alashgar King Saud University
  • Abeer Alrajeh King Saud University
  • Heba Kurdi Cambridge, Mechanical Engineering Department

DOI:

https://doi.org/10.13053/cys-23-4-3093

Palabras clave:

mHealth, mobile application design, information security, internet of things, modelling, UML, SysML, UML extension, security controls, disaster management

Resumen

Mobile devices and the Internet of Things (IoT) are revolutionizing today’s digital sectors, including healthcare. eHealth services delivery enables integrated mHealth care and informed-decision making for emergency medical services, especially in the event of disasters when every second could mean the difference between life or death. The risk of cyber-attacks directed to mHealth applications can compromise the availability and integrity of patient information, crippling care mobility and sometimes threatening patients’ lives if decisions are made based on invalid information. Such risks can be treated by considering appropriate information security controls at the early stages of the mobile Application (mApp) development lifecycle for mHealth model of care. However, most developers consider security at a later stage, and even if they do, there is a lack of an appropriate tool to help them represent security requirements in design models. This has proven to be bad practice, resulting in insecure mApp development. This paper aims to bridge this gap by equipping analysts with the tool necessary to identify risks and treat them while designing the application. Therefore, we propose the approach referred to as Internet of Things Security Modelling (IoTsecM) for mApp security modelling in mHealth. IoTsecM is a UML extension to model identified security controls against possible attacks to guarantee the existence of a security analysis and security mechanisms. Results show that IoTsecM, first, allows mHealth designers to apply and depict non-functional security requirements with the functional requirements. Second, its annotation illustrates meaningful information security requirements at early design stages as part of the mHealth application development lifecycle and not afterwards.

Biografía del autor/a

Ponciano Jorge Escamilla Ambrosio, Instituto Politécnico Nacional, Centro de Investigación en Computación

Ponciano Jorge Escamilla-Ambrosio received the B.Sc. degree in Mechanical Electrical Engineering and the M.Sc. degree in Electrical Engineering, from the National Autonomous University of Mexico (UNAM) in 1995 and 2000, respectively. He received the Ph.D. degree from the University of Sheffield, UK, in 2004. From 2003 to 2010 he was researcher at the University of Bristol, UK, within the departments of Aerospace Engineering and Computer Science. From 2010 to 2011 he was researcher at the National Institute of Astrophysics Optics and Electronics, Mexico. From 2011 to 2013 Dr. Escamilla was General Director of Innovation and Development at the Scientific Division of the Federal Secretariat of Security, Mexico. Currently, he is researcher at the Computing Research Centre (CIC) at the National Polytechnic Institute (IPN), Mexico. He is member of the National Research System (SNI), Mexico, level 1. Dr. Escamilla has more than 85 publications among journals, conference proceedings and book chapters.

Shada Alsalamah, King Saud University

Descargas

Publicado

2019-12-20

Número

Vol. 23 Núm. 4 (2019): 23-4(2019)

Sección

Artículos

Licencia

Transfiero exclusivamente a la revista “Computación y Sistemas”, editada por el Centro de Investigación en Computación (CIC), los Derechos de Autor del artículo antes mencionado, asimismo acepto que no serán transferidos a ninguna otra publicación, en cualquier formato, idioma, medio existente (incluyendo los electrónicos y multimedios) o por desarrollar.

Certifico que el artículo, no ha sido divulgado previamente o sometido simultáneamente a otra publicación y que no contiene materiales cuya publicación violaría los Derechos de Autor u otros derechos de propiedad de cualquier persona, empresa o institución. Certifico además que tengo autorización de la institución o empresa donde trabajo o estudio para publicar este Trabajo.

El autor, representante acepta la responsabilidad por la publicación del Trabajo en nombre de todos y cada uno de los autores.

Esta Transferencia está sujeta a las siguientes reservas:

  • Los autores conservan todos los derechos de propiedad (tales como derechos de patente) de este Trabajo, con excepción de los derechos de publicación transferidos al CIC, mediante este documento.
  • Los autores conservan el derecho de publicar el Trabajo total o parcialmente en cualquier libro del que ellos sean autores o editores y hacer uso personal de este trabajo en conferencias, cursos, páginas web personal, etc.