Title: Securing the weak link of federated systems via trusted execution: a case study from the eHealth domain

Authors: Luigi Coppolino; Salvatore D'Antonio; Giovanni Mazzeo; Luigi Romano; Luigi Sgaglione

Addresses: Department of Engineering, University of Naples 'Parthenope', Naples, Italy ' Department of Engineering, University of Naples 'Parthenope', Naples, Italy ' Department of Engineering, University of Naples 'Parthenope', Naples, Italy ' Department of Engineering, University of Naples 'Parthenope', Naples, Italy ' Department of Engineering, University of Naples 'Parthenope', Naples, Italy

Abstract: The interconnection of organisations from distributed, heterogeneous, and autonomous domains having different regulations often requires a trusted third-party gateway to translate security means applied in one domain to those of a different domain. At that point, sensitive data is exposed unencrypted on the gateway host, thus vulnerable to attacks. In this paper, we provide a solution to this weakness of federated architectures by using hardware-assisted trusted computing (TC). We propose an approach where the new Intel's CPU extension, namely Software Guard eXtension (SGX), is exploited to guarantee the trustworthiness of the weakest link - i.e., the gateway - in spite of an aggressive attack model. The validation of our work was realised through the European eHealth infrastructure, namely OpenNCP, that enables cross-border health care and establishes shared practices to implement mechanisms and policies allowing patient data exchange between distinct national eHealth systems.

Keywords: federated systems; heterogeneity; trusted execution; eHealth; Open National Contact Point; OpenNCP; Intel SGX.

DOI: 10.1504/IJCCBS.2019.106823

International Journal of Critical Computer-Based Systems, 2019 Vol.9 No.4, pp.293 - 317

Received: 12 Sep 2018
Accepted: 12 Sep 2019

Published online: 21 Apr 2020 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article