TY - JOUR
T1 - Securing mHealth applications using IoTsecM security modelling
T2 - Dentify. Me mApp case study for urgent care management
AU - Escamilla Ambrosio, Ponciano J.
AU - Ramírez, David Robles
AU - Alsalamah, Shada
AU - Tryfonas, Theo
AU - Jiménez, Sandra Orantes
AU - Mota, Abraham Rodríguez
AU - AlQahtani, Sakher
AU - Nouh, Thamer
AU - Alsalamah, Hessah
AU - Almutawaa, Shahad
AU - Alkabani, Hend
AU - Alsmari, Mshael
AU - Alashgar, Nouf
AU - Alrajeh, Abeer
AU - Kurdi, Heba
N1 - Publisher Copyright:
© 2019 Instituto Politecnico Nacional. All rights reserved.
PY - 2019
Y1 - 2019
N2 - Mobile devices and the Internet of Things (IoT) are revolutionizing today's digital sectors, including healthcare. eHealth services delivery enables integrated mHealth care and informed-decision making for emergency medical services, especially in the event of disasters when every second could mean the difference between life or death. The risk of cyber-attacks directed to mHealth applications can compromise the availability and integrity of patient information, crippling care mobility and sometimes threatening patients' lives if decisions are made based on invalid information. Such risks can be treated by considering appropriate information security controls at the early stages of the mobile Application (mApp) development lifecycle for mHealth model of care. However, most developers consider security at a later stage, and even if they do, there is a lack of an appropriate tool to help them represent security requirements in design models. This has proven to be bad practice, resulting in insecure mApp development. This paper aims to bridge this gap by equipping analysts with the tool necessary to identify risks and treat them while designing the application. Therefore, we propose the approach referred to as Internet of Things Security Modelling (IoTsecM) for mApp security modelling in mHealth. IoTsecM is a UML extension to model identified security controls against possible attacks to guarantee the existence of a security analysis and security mechanisms. Results show that IoTsecM, first, allows mHealth designers to apply and depict non-functional security requirements with the functional requirements. Second, its annotation illustrates meaningful information security requirements at early design stages as part of the mHealth application development lifecycle and not afterwards.
AB - Mobile devices and the Internet of Things (IoT) are revolutionizing today's digital sectors, including healthcare. eHealth services delivery enables integrated mHealth care and informed-decision making for emergency medical services, especially in the event of disasters when every second could mean the difference between life or death. The risk of cyber-attacks directed to mHealth applications can compromise the availability and integrity of patient information, crippling care mobility and sometimes threatening patients' lives if decisions are made based on invalid information. Such risks can be treated by considering appropriate information security controls at the early stages of the mobile Application (mApp) development lifecycle for mHealth model of care. However, most developers consider security at a later stage, and even if they do, there is a lack of an appropriate tool to help them represent security requirements in design models. This has proven to be bad practice, resulting in insecure mApp development. This paper aims to bridge this gap by equipping analysts with the tool necessary to identify risks and treat them while designing the application. Therefore, we propose the approach referred to as Internet of Things Security Modelling (IoTsecM) for mApp security modelling in mHealth. IoTsecM is a UML extension to model identified security controls against possible attacks to guarantee the existence of a security analysis and security mechanisms. Results show that IoTsecM, first, allows mHealth designers to apply and depict non-functional security requirements with the functional requirements. Second, its annotation illustrates meaningful information security requirements at early design stages as part of the mHealth application development lifecycle and not afterwards.
KW - Disaster management
KW - Information security
KW - Internet of things
KW - Mobile application design
KW - Modelling
KW - Security controls
KW - SysML
KW - UML
KW - UML extension
KW - mHealth
UR - http://www.scopus.com/inward/record.url?scp=85077548031&partnerID=8YFLogxK
U2 - 10.13053/CyS-23-4-3093
DO - 10.13053/CyS-23-4-3093
M3 - Artículo
AN - SCOPUS:85077548031
SN - 1405-5546
VL - 23
SP - 1139
EP - 1158
JO - Computacion y Sistemas
JF - Computacion y Sistemas
IS - 4
ER -