Papers by Bernhard Riedl
IEEE Software, 2021
To get on a mutual ground as a team of computer scientists and legal experts, mapping open legal ... more To get on a mutual ground as a team of computer scientists and legal experts, mapping open legal data, we had to shift our perspectives, dive into foreign concepts, and collaborate closely.
Proceedings - Second International Conference on Availability, Reliability and Security (ARES), 2007
Information technologies and society are highly interwoven nowadays, but in both, the private and... more Information technologies and society are highly interwoven nowadays, but in both, the private and business sector, users are often not aware of security issues or lack proper security skills. The branch of information technology security is growing constantly but attacks against the vocational sector as well as the personal sector still cause great losses each day. Considering that the end-user is the weakest link of the security chain we aim to raise awareness, regarding IT security, and train and educate IT security skills by establishing a European-wide initiative and framework.
Software Engineering and …, 2005
Inspection and testing are common verification and validation (V&V) approaches for defect detecti... more Inspection and testing are common verification and validation (V&V) approaches for defect detection and removal in the software development processes. Test-ing approaches require executable code, typically available in later life-cycle phases. Software Inspec-tion is a defect ...
Journal of Software, 2008
Due to the cost pressure on the health care system an increase in the need for electronic healthc... more Due to the cost pressure on the health care system an increase in the need for electronic healthcare records (EHR) could be observed in the last decade, because EHRs promise massive savings by digitizing and centrally providing medical data. As highly sensitive patient information is exchanged and stored within such systems, legitimate concerns about the privacy of the stored data occur, as confidential medical data is a promising goal for attackers. These concerns and the lack of existing approaches that provide a sufficient level of security raise the need for a system that guarantees data privacy and keeps the access to health data under strict control of the patient. This paper introduces the new architecture PIPE (Pseudonymization of Information for Privacy in e-Health) that integrates primary and secondary usage of health data. It provides an innovative concept for data sharing, authorization and data recovery that allows to restore the access to the health care records if the patients’ security token is lost or stolen. The concept can be used as basis for national EHR initiatives or as an extension to EHR applications.
Data Processing System for Processing Object Data
Patent (US), 2007
Disclosed is a data processing system for processing object data of a plurality of standard entit... more Disclosed is a data processing system for processing object data of a plurality of standard entities (101). Object identification data (100) and user data (110) can be separately stored and retrieved in the object database (20) such that no correlation between the object identification data (100) and the user data (110) can be deduced exclusively from the stored data records. At least one input device is provided which makes it possible to access the object identification data (100) of the associated standard entity and the relevant user data (100) when a security key assigned to the standard entities (101) is entered, said security key or part thereof remaining with the standard entity (101), the recovery entity, and other optional entities (50, 60) designated by the standard entity.
Improving Patients Privacy with Pseudonymization
Studies in Health Technology and Informatics, 2008
e-Health requires the sharing of patient related data when and where necessary. Electronic health... more e-Health requires the sharing of patient related data when and where necessary. Electronic health records promise to improve communication between health care providers, thus leading to better quality of patients’ treatment and reduced costs. As highly sensitive patient information provides a promising goal (e.g., for attackers), there is an increasing social and political pressure to guarantee patients privacy. This paper presents the new system PIPE (Pseudonymization of Information for Privacy in e-Health), that differs from existing approaches in its ability to securely integrate primary and secondary usage of health data.
Proceedings of ECTI-CON, 2010
Nowadays, the development in our demographics results in increased costs for providing services i... more Nowadays, the development in our demographics results in increased costs for providing services in health care systems. Recent studies show that the installation of an EHR (Electronic Health Record) could help in lowering expense while improving the treatment quality at the same time. Apart from this, such systems could also pose the threat of a privacy invasion, because patients' sensitive medical datasets are stored within an EHR. Several architectures have been published which can be used to implement an EHR system, but most of them do not provide an appropriate level of security. With our approach PIPE (Pseudonymization of Information for Privacy in e-Health) we focus on addressing the occurring security issues and provide a safe system for medical information.
Proceedings of the Forty-First Hawai'i International Conference on System Sciences, 2008
Electronic health records (EHR) promise to improve communication between health care providers, t... more Electronic health records (EHR) promise to improve communication between health care providers, thus leading to better quality of patients’ treatment and reduced costs. As highly sensitive patient information provides a promising goal for attackers and is also demanded by insurance companies and employers, there is an increasing social and political pressure regarding the prevention of health data misuse. This paper presents a detailed description of the new system PIPE (Pseudonymization of Information for Privacy in e-Health) which differs from existing approaches in its ability to securely integrate primary and secondary usage of health data. Therefore, PIPE provides a solution to shortcomings of existing approaches. Our approach may be used as a basis for implementing secure EHR architectures or as an extension to existing systems.
A research agenda for Autonomous Business Process Management
Proceedings of the Second International Conference on Availability, Reliability and Security (ARES), 2007
Fast changing requirements, regarding different types of resources such as personnel or IT-system... more Fast changing requirements, regarding different types of resources such as personnel or IT-systems, require companies to adapt their business processes in a very agile but yet sophisticated way. Most of today’s companies fail in accomplishing this goal because of too static business process analysis and management approaches. The Autonomous Business Process Management methodology presented in this paper enables companies to self-adapt to changing requirements as they happen using emerging technologies and concepts, such as RFID, nanotechnology or Autonomous Computing.
A Comparative Literature Review on RFID Security and Privacy
Proceedings of the 9th International Conference on Information Integration and Web-based Application & Services, 2007
RFID provides the basis for the development of ubiquitous computing. This ever present computing ... more RFID provides the basis for the development of ubiquitous computing. This ever present computing environment creates new exploitable channels for adversaries. Therefore, numerous publications on RFID security appear every year, adding to the topic’s diversity. Nevertheless, there are only few state-of-the-art overviews that clarify common opinions on the topic. Hence, we examined the existing literature and present our observations on privacy and security in RFID.
Information Security Fortification by Ontological Mapping of the ISO/IEC 27001 Standard
Proceedings of the 13th IEEE Pacific Rim International Symposium on Dependable Computing, 2007
This paper introduces an ontology-based framework to improve the preparation of ISO/IEC 27001 aud... more This paper introduces an ontology-based framework to improve the preparation of ISO/IEC 27001 audits, and to strengthen the security state of the company respectively. Building on extensive previous work on security ontologies, we elaborate on how ISO/IEC 27001 artifacts can be integrated into this ontology. A basic introduction to security ontologies is given first. Specific examples show how certain ISO/IEC 27001 requirements are to be integrated into the ontology; moreover, our rule-based engine is used to query the knowledge base to check whether specific security requirements are fulfilled. The aim of this paper is to explain how security ontologies can be used for a tool to support the ISO/IEC 27001 certification, providing pivotal information for the preparation of audits and the creation and maintenance of security guidelines and policies.
Secure Access to Emergency Data in an e-Health Architecture
Proceedings of the 9th International Conference on Information Integration and Web-based Application & Services,, 2007
The electronic health record (EHR) promises a decrease of costs as well as better service quality... more The electronic health record (EHR) promises a decrease of costs as well as better service quality for patients. Unfortunatly, with this planned centralized storage arise security issues, exemplarily privacy related-problems. As the special subset of medical data, the emergency data, has to be available just-in-time, complex authentication purposes occur. Our approach PIPE (Pseudonymization of Information for Privacy in e-Health) guarantees security for the sensible patient’s medical data by applying authentication soley based on encryption. Furthermore, we provide a novel ad-hoc authentication mechanism for emergency data, which is based on the notion of pseudonyms.
Proceedings of the 13th IEEE Pacific Rim International Symposium on Dependable Computing, 2007
Due to the cost pressure on the health care system an increase in the need for electronic healthc... more Due to the cost pressure on the health care system an increase in the need for electronic healthcare records (EHR) could be observed in the last decade because EHRs promise massive savings by digitizing and centrally providing medical data. As highly sensitive patient information is exchanged and stored within such a system, legitimate concerns about the privacy of the stored data occur, as the life-long storage of medical data is a promising target for attackers. These concerns and the lack of existing approaches that provide a sufficient level of security raise the need for a system that guarantees data privacy and keeps the access to health data under strict control of the patient. This paper introduces PIPE (Pseudonymization of Information for Privacy in e-Health), a new EHR architecture for primary and secondary usage of health data. PIPE’s security model is based on pseudonymization instead of encryption.
Proceedings of the Second International Conference on Availability, Reliability and Security (ARES), 2007
As aging and very expensive programs put more pressure on health and social care systems, an incr... more As aging and very expensive programs put more pressure on health and social care systems, an increase in the need for electronic healthcare records can be observed, because they promise massive savings and better clinical quality. However, patients and commissioners for data protection have legitimate concerns about the privacy and confidentiality of the stored data. Although the concept of pseudonymization allows an association with a patient only under specified and controlled circumstances, existing approaches have major vulnerabilities. This paper provides a new architecture for the pseudonymization of medical data that combines primary and secondary use in one system and thus provides a solution to vulnerabilities of existing approaches.
Patent: Datenverarbeitungssystem zur Verarbeitung von Objektdaten
Datenverarbeitungssystem zur Verarbeitung von Objektdaten einer Vielzahl von Standard-Instanzen (... more Datenverarbeitungssystem zur Verarbeitung von Objektdaten einer Vielzahl von Standard-Instanzen (101), wobei Objektidentifikationsdaten (100) und Nutzdaten (110) in der Objektdaten-Datenbank (20) voneinander getrennt speicherbar und abrufbar sind, sodaß allein aus den gespeicherten Datensätzen kein Zusammenhang zwischen den Objektidentifikationsdaten (100) und den Nutzdaten (110) ableitbar ist, wobei zumindest eine Eingabevorrichtung vorgesehen ist, welche bei Eingabe eines von für die Standard-Instanzen (101) vergebenen Sicherheitsschlüssel den Zugriff auf die Objektidentifikationsdaten (100) der zugeordneten Standard-Instanz und auf die zugehörigen Nutzdaten (110) ermöglicht, und der Sicherheitsschlüssel oder ein Teil davon bei der Standard-Instanz (101), bei der Wiedergewinnungs-Instanz und gegebenenfalls bei weiteren von der Standard-Instanz bestimmten Instanzen (50, 60) verbleibt.
articles by Bernhard Riedl
Pseudonymisierung zur sicheren Umsetzung des elektronischen Gesundheitsakts
OCG Journal, 2007
Der elektronische Gesundheitsakt (ELGA) bietet hohes Potential zur Steigerung der Effizienz im Ge... more Der elektronische Gesundheitsakt (ELGA) bietet hohes Potential zur Steigerung der Effizienz im Gesundheitswesen und somit der Behandlungsqualität der Patienten. Es sind jedoch sicherheitstechnische Maßnahmen wie die Pseudonymisierung erforderlich, um zu gewährleisten, dass der Verfügungsberechtigte die absolute Hoheit über seine Daten behält und die Erfordernisse des Datenschutzes mit den gewohnt hohen Standards erfüllt werden.
phdtheses by Bernhard Riedl
PIPE: Pseudonymization of Information for Privacy in e-Health
Today, the health care sector is driven by the need to reduce costs while simultaneously increasi... more Today, the health care sector is driven by the need to reduce costs while simultaneously increasing the service quality for patients. One major aspect to reach this goal is the implementation of an EHR (Electronic Health Record) system which also supports the execution of medical standard processes. Nevertheless, these nation-wide medical storages are a promising goal for attackers. Thus, people are naturally concerned about their privacy. These concerns and the lack of existing approaches to provide a sufficient level of security raise the need for a system that guarantees data privacy and keeps the access to health data under strict control of the patient.
In this thesis we discuss our approach PIPE (Pseudonymization of Information for Privacy in e-Health), which differs from existing approaches in its ability to securely integrate primary and secondary usage of health data. First of all, we elaborate on existing methods, principles and techniques in the fields of security and privacy. Afterwards, we work out necessary cornerstones of secure EHR systems. Finally, we show how PIPE provides solutions to shortcomings of existing approaches.
PIPE may be used as a basis for implementing secure EHR architectures or as an extension to existing systems.
masterstheses by Bernhard Riedl
Empirical Investigation of the Effect of V&V and Agile Software Development on Software Quality Improvement using a Pilot Study
Project managers recognize that difficult-to-use processes in software development hamper their t... more Project managers recognize that difficult-to-use processes in software development hamper their teams in fulfilling the needed tasks within the planned time. Often the resulting output does not meet the customers needs. On the other hand the business requirements of customers change rapidly and all involved stake-holders should respond by adapting the project goals.
Thus they are looking for processes which are more light-weight so they are able to react in shorter time for changed needs. Furthermore project managers want to produce high-quality software with the smallest possible effort to obtain the most profit.
In this thesis we introduce a package of verification and validation (V&V) techniques in combination with agile processes and show how they work and which problems could be solved by them. We focus on different methods for defect findings relating on different artifacts in different phases of software development. We introduce a technique that is called Usage-based Implementing (UBI) which is based on PairProgramming. Furthermore we replicate the method Usage-based Testing (UBT) which is conducted as desk-testing (UBT-i). Usage-based Reading (UBR) is a well known technique that we use to set Usage-based Testing and Usage-based Implementing in relation which each other.
The results of our pilot study show that a combination of UBI and UBT-i or UBR in an agile process, which we introduce as the Agile Inspection and Implementation Process (AΠP), is a good approach to produce reliable software and to support project teams with errorless artifacts so costs do not exceed expectation.
inproceedings by Bernhard Riedl
Proceedings of the Third International Conference on Availability, Reliability and Security, 2008
Today, the healthcare sector is driven by the need to reduce costs while simultaneously increasin... more Today, the healthcare sector is driven by the need to reduce costs while simultaneously increasing the service quality for patients. This goal can be reached by the implementation of an EHR (Electronic Health Record) system. Several architectures have been proposed, but lack appropriate security mechanisms to protect the patients’ privacy. In this publication we outline our approach PIPE (Pseudonymization of Information for Privacy in e-Health), which is applicable for the primary and secondary usage of health data and give insights on the security of our technique. Further we state the economic constraints, by proposing a threshold scheme to secure the tokens needed for accessing the system.
patents by Bernhard Riedl
Datenverarbeitungssystem zum Verarbeiten von Objektdaten
Datenverarbeitungssystem zur Verarbeitung von Objektdaten einer Vielzahl von Standard-Instanzen (... more Datenverarbeitungssystem zur Verarbeitung von Objektdaten einer Vielzahl von Standard-Instanzen (101), wobei Objektidentifikationsdaten (100) und Nutzdaten (110) in der Objektdaten-Datenbank (20) voneinander getrennt speicherbar und abrufbar sind, sodaß allein aus den gespeicherten Datensätzen kein Zusammenhang zwischen den Objektidentifikationsdaten (100) und den Nutzdaten (110) ableitbar ist, wobei zumindest eine Eingabevorrichtung vorgesehen ist, welche bei Eingabe eines von für die Standard-Instanzen (101) vergebenen Sicherheitsschlüssel den Zugriff auf die Objektidentifikationsdaten (100) der zugeordneten Standard-Instanz und auf die zugehörigen Nutzdaten (110) ermöglicht, und der Sicherheitsschlüssel oder ein Teil davon bei der Standard-Instanz (101), bei der Wiedergewinnungs-Instanz und gegebenenfalls bei weiteren von der Standard-Instanz bestimmten Instanzen (50, 60) verbleibt.
Uploads
Papers by Bernhard Riedl
articles by Bernhard Riedl
phdtheses by Bernhard Riedl
In this thesis we discuss our approach PIPE (Pseudonymization of Information for Privacy in e-Health), which differs from existing approaches in its ability to securely integrate primary and secondary usage of health data. First of all, we elaborate on existing methods, principles and techniques in the fields of security and privacy. Afterwards, we work out necessary cornerstones of secure EHR systems. Finally, we show how PIPE provides solutions to shortcomings of existing approaches.
PIPE may be used as a basis for implementing secure EHR architectures or as an extension to existing systems.
masterstheses by Bernhard Riedl
Thus they are looking for processes which are more light-weight so they are able to react in shorter time for changed needs. Furthermore project managers want to produce high-quality software with the smallest possible effort to obtain the most profit.
In this thesis we introduce a package of verification and validation (V&V) techniques in combination with agile processes and show how they work and which problems could be solved by them. We focus on different methods for defect findings relating on different artifacts in different phases of software development. We introduce a technique that is called Usage-based Implementing (UBI) which is based on PairProgramming. Furthermore we replicate the method Usage-based Testing (UBT) which is conducted as desk-testing (UBT-i). Usage-based Reading (UBR) is a well known technique that we use to set Usage-based Testing and Usage-based Implementing in relation which each other.
The results of our pilot study show that a combination of UBI and UBT-i or UBR in an agile process, which we introduce as the Agile Inspection and Implementation Process (AΠP), is a good approach to produce reliable software and to support project teams with errorless artifacts so costs do not exceed expectation.
inproceedings by Bernhard Riedl
patents by Bernhard Riedl
In this thesis we discuss our approach PIPE (Pseudonymization of Information for Privacy in e-Health), which differs from existing approaches in its ability to securely integrate primary and secondary usage of health data. First of all, we elaborate on existing methods, principles and techniques in the fields of security and privacy. Afterwards, we work out necessary cornerstones of secure EHR systems. Finally, we show how PIPE provides solutions to shortcomings of existing approaches.
PIPE may be used as a basis for implementing secure EHR architectures or as an extension to existing systems.
Thus they are looking for processes which are more light-weight so they are able to react in shorter time for changed needs. Furthermore project managers want to produce high-quality software with the smallest possible effort to obtain the most profit.
In this thesis we introduce a package of verification and validation (V&V) techniques in combination with agile processes and show how they work and which problems could be solved by them. We focus on different methods for defect findings relating on different artifacts in different phases of software development. We introduce a technique that is called Usage-based Implementing (UBI) which is based on PairProgramming. Furthermore we replicate the method Usage-based Testing (UBT) which is conducted as desk-testing (UBT-i). Usage-based Reading (UBR) is a well known technique that we use to set Usage-based Testing and Usage-based Implementing in relation which each other.
The results of our pilot study show that a combination of UBI and UBT-i or UBR in an agile process, which we introduce as the Agile Inspection and Implementation Process (AΠP), is a good approach to produce reliable software and to support project teams with errorless artifacts so costs do not exceed expectation.