Yang Liu
Security in Ubiquitous Healthcare Systems
MSc thesis, University of York, 2005

Summary Introduction:

A typical view of a current computing system is a collection of computers sitting on office desks or in dedicated rooms. The components of such systems are fairly obviously ‘computers’ – they look like computers and they behave like computers and communicate largely over obvious conduits like cables. In pervasive computing systems the computation capabilities are embedded in everyday objects themselves, e.g. pots, pans, and pens. They are hidden from view, communicate largely via wireless and exhibit considerable autonomy. Such technology enters the physical world and bridges the gap between the virtual world of the computer and physical worlds we actually inhabit.

Important application areas for this technology are healthcare, wellness and disease management, and support for independent living. Developments in sensor technology make it possible to obtain health-related information from wearable or embedded sensors. Ubiquitous communication based on mobile telephone networks, wireless local area networks or other wireless technologies provide ever-present communication services as agents roam around to fulfil their everyday tasks.

Pervasive computing technologies can improve healthcare services, increase their efficiency, and improve the quality of relationships with patients. However, the use of pervasive computing for delivery of healthcare raises numerous challenges. Dealing effectively with sensitive, health-related matters requires systems that are reliable, scalable, privacy enhancing, usable, configurable and many other things. In this thesis, we focus on security issues in ubiquitous healthcare systems.

Pervasive healthcare systems have revealed that conventional computer technology designed for office use is inadequate for use in a hospital setting. Characteristics of medical work are fundamentally different from those of typical office work: extreme mobility, ad hoc collaboration, interruptions, high degree of communication, etc. In a hospital setting, our pervasive computing elements will be embedded in things such as scalpels, tablet blister packs, badges, bandages, bottles, wheelchairs and staff uniforms. Traditional security models are very hard to apply to these sorts of systems. What is more, it is not yet clear what the security requirements are for such pervasive healthcare systems.

What should the security requirements be for such systems? We do not know. How should a healthcare system designer go about determining such requirements? This too remains unclear. There would appear to be a pressing need for guidance here. This is the topic of this thesis.

We investigate the use of patterns for higher-level security issues. Although our initial motivation was simply to provide a ‘security requirements patterns catalogue’ for pervasive healthcare systems, the research reported addresses significantly the issue of how this should be done. Thus, as well as providing some specific patterns for use by designers we also provide patterns that can be used to generate new requirements. Thus, we provide templates for actual requirements for a system, and patterns for the eventual generation of further requirements.

Full thesis : PDF 1890K