Model-based security assessment on the design of a patient-centric data sharing platform

M. Banton, T. Webber, A. Silvina, Juliana Bowles*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution


The architectural design of a healthcare data sharing system must cope with security requirements especially when the system integrates different data sources and patient-centric features. The design choices come with different risks, where vulnerabilities and threats highly depend on how the system components interact and depend on each other to operate as well as how it handles the external connections. This paper focuses on security aspects arising early in the design phase of a patient-centric system. The system presents a blend of emergent technologies such as novel authentication methods, blockchain for access control, and a data lake for patient metadata storage and retrieval based on access rules. We exploit a model-based approach to tackle security assessment using attack-defense trees (ADtrees) formalism and other support diagrams altogether as a way to model and analyse potential attack paths to the system and its countermeasures. The modelling approach helps creating a framework to support the attack vectors analysis and the proposal of appropriate defense mechanisms within the system architecture.
Original languageEnglish
Title of host publicationFrom data to models and back
Subtitle of host publication10th international symposium, DataMod 2021 virtual event, December 6–7, 2021 revised selected papers
EditorsJuliana Bowles, Giovanna Broccia, Roberto Pellungrini
Place of PublicationCham
PublisherSpringer Science and Business Media
Number of pages17
ISBN (Electronic)9783031160110
ISBN (Print)9783031160103
Publication statusPublished - 7 Dec 2022
EventInternational Symposium: From Data to Models and Back - Virtual
Duration: 6 Dec 20217 Dec 2021
Conference number: 10

Publication series

NameLecture notes in computer science
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


ConferenceInternational Symposium: From Data to Models and Back
Abbreviated titleDataMod 2021


  • Attack-defense trees
  • Data sharing
  • Healthcare systems
  • Patient-centric system
  • Security assessment


Dive into the research topics of 'Model-based security assessment on the design of a patient-centric data sharing platform'. Together they form a unique fingerprint.

Cite this