Exploring Security Issues in Telehealth Systems

Telehealth systems (TS’s) provide remote health-based services to improve the quality of service of patient treatment. Most healthcare professionals have access to standard telecommunications technology (such as Wireless Body Area Network (WBAN), biosensors, remote medical robots, and others) to offer remote care of elderly and physically less able patients as well as remote surgeries, treatments, and diagnoses. In order to ensure the functionality of TS’s, several systemic properties must be satisfied, including security. Although there are studies that discuss different security approaches in TS’s, it is difficult to have a clear view of existing security issues and solutions for these systems.

We conducted a review to detect, organize and characterize security issues in TS’s in order to discuss challenges (emerged from these issues) from Software Engineering point of view. In summary, we identified 5 attacks, 4 vulnerabilities, 2 threats, and 1 weakness commonly reported in TS’s. Also, we described solutions (reported in academia) to face these security issues plus other qualitative results.

Finally, in the following figure, we illustrate the evolution of security issues according to years and TS’s contexts.

Screen Shot 2019-03-08 at 12.17.27 AM.png

Letters “I” (Integration), “P” (Privacy), “D” (Insecure data transmission), “T” (Trust), “IO” (Interoperability), “M” (Risk Management), and “R” (Requirements) indicates target problems. Composed letters (e.g., I-T) indicate more than one target problem.

Finally, our paper was accepted in the 1st International Workshop on Software Engineering for Healthcare (SEH) (in conjunction with ICSE 2019).

Actual Use of Architectural Patterns in Microservices-based Open Source Projects

In APSEC 2018, we presented our current research related to architectural patterns in microservices. The goal of our research is to capture new knowledge about patterns in microservices. We realized there is a huge number of pattern that came from SOA (Service Oriented Architecture), but there is a little number of “new” patterns arisen from the microservices world. The following figure illustrates the most common architectural patterns found in microservices open projects. These patterns were obtained based on the frameworks used in the projects. These patterns were obtained based on the frameworks used in the projects and were organized by categories (x-axis) and quality attributes (y-axis).

crossCheck

Finally, the next figure describes the “new” architectural patterns which resolve problems for exclusively microservices.

Screen Shot 2019-01-02 at 12.45.12 AM

Architectural Tactics and Patterns in Microservices

There is no doubt that microservices are becoming an essential industrial standard to develop complex systems. But, How developers and architects are building this kind of architecture? In ICSE (International Conference on Software Engineering) 2018, we presented a work-in-process article that shows architectural tactics and pattern in microservices reported in academia and industry. We realized that many architectural patterns are re-used knowledge from SOA.

On the other hand, we find poor evidence of architectural tactics in microservices. Architectural tactics are reusable architectural design-time solutions that satisfy quality attributes stimulus. For example, if a system component fails to respond to a particular input, then a possible architectural tactic to detect this fault is a heartbeat.

We are planning to investigate how these two areas impact the microservices research. We already published results in conferences like CibSE and journal like IEEE Latin America Transactions.

Security Tactics Selection Poker (TaSPeR)

Today, facing security issues in organizations is a crucial task to achieve business success. There are different procedures, techniques, methodologies, and others; proposed by academia and industry that answer the “big” question: how to make my organization less vulnerable to security attacks?

Avoid completely the vulnerabilities is (almost) impossible, especially if the most security leaks come from stakeholders. For this reason, we propose TaSPeR, a card game-based technique and consensus-building technique (based on Planning Poker) that allows development team members to identify, argue for, and choose among architectural security tactics according to objectives and priorities. We presented this technique in ECSA (12th European Conference on Software Architecture) 2018.

This technique involves the participation of all stakeholders in order to provide ideas and feedback about what they think about security. Our research establishes that including stakeholders in the security design of crucial software systems may provide other points of views that experts in security did not consider (at first glance). We tested this technique using subjects with different profiles (students, practitioners, and security experts) getting interesting results in the security decision-making.

Finally, we provided a more “social” technique aiming to help to face one of the most important and critical challenges in the industry, cyber-security.

A pattern​ language for scalable microservices-based systems

In our article presented in ECSA (12th European Conference on Software Architecture) 2018, we show a pattern language for scalable microservices-based systems. This research is focused on organizing the existing design patterns for scalability of microservice-based systems. The following figure represents our pattern language:

Screen Shot 2018-11-04 at 11.41.16 PM

The main idea to create this pattern language is to understand how architectural patterns satisfy the scalability dimensions. We realized that communication and services are the most significant components related to scalability.

We used out pattern language in a Chilean in a real-time vehicle position capturing project, obtaining encouraging results. As future work, we want to expand this pattern language considering specific design-time solutions (aka architectural tactics) as a part of the language.

APSEC 2018

Our recent article (which correspond to intermediate results from my research) called “Actual Use of Architecture Patterns in Microservices-based Open Source Projects” was accepted in the 25th Asia-Pacific Software Engineering Conference (APSEC 2018), held in Nara, Japan. I will present a work related to the impact of technologies (frameworks) in microservices environments. Assisting to this academic event is an excellent opportunity to discuss new issues about this emerging technology and of course, know more about industrial experiences using this new paradigm to develop software systems.