A statistical analysis of disclosed storage security breaches
Proceedings of the second ACM workshop on Storage security and survivability
BINDER: an extrusion-based break-in detector for personal computers
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Making information flow explicit in HiStar
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Information-Knowledge-Systems Management - Enterprise Mobility: Applications, Technologes and Strategies
Not-a-Bot: improving service availability in the face of botnet attacks
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
On lightweight mobile phone application certification
Proceedings of the 16th ACM conference on Computer and communications security
A privacy framework for mobile health and home-care systems
Proceedings of the first ACM workshop on Security and privacy in medical and home-care systems
Securing medical records on smart phones
Proceedings of the first ACM workshop on Security and privacy in medical and home-care systems
Semantically Rich Application-Centric Security in Android
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Apex: extending Android permission model and enforcement with user-defined runtime constraints
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Securing Android-Powered Mobile Devices Using SELinux
IEEE Security and Privacy
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Keypad: an auditing file system for theft-prone devices
Proceedings of the sixth conference on Computer systems
| Hi-index | 0.00 |
Mobile applications running on devices such as smart phones and tablets will be increasingly used to provide convenient access to health information to health professionals and patients. Also, patients will use these devices to transmit health information captured by sensing devices in settings like the home to remote repositories. As mobile devices become targets of security threats, we must address the problem of protecting sensitive health information on them. We explore key threats to data on mobile devices and develop a security framework that can help protect it against such threats. We implemented this framework in the Android operating system and augmented it with user consent detection to enhance user awareness and control over the use of health information. Our framework can be used to enforce security policies that govern access to sensitive health data on mobile devices. Physicians and patients using our framework can install third-party healthcare applications with the guarantee that sensitive medical information will not be sent without their knowledge even when these applications are compromised. We describe the key mechanisms implemented by our framework and how they can enforce a security policy. We also discuss our early experience with the framework.