Pemodelan Ancaman Sistem Keamanan E-Health menggunakan Metode STRIDE dan DREAD

Authors

DOI:

https://doi.org/10.29408/edumatic.v5i2.3652

Keywords:

DREAD, E-Health, Security Identification, SIMRS, STRIDE, Threat Modelling

Abstract

The Hospital Management Information System (SIMRS) functions as a medium for hospital information and hospital management. There are patient medical record data, which is the result of interactions between doctors and sufferer. Medical records are sensitive data so that the security of the hospital management information system needs to be improved to convince users or patients that the data stored on SIMRS is safe at attackers. There are several ways to improve system security, one of which is by threat modeling. Threat modeling aims to identify vulnerabilities and threats that exist in SIMRS. In this paper, threat modeling will use the STRIDE-model. The recognition with the STRIDE-model will then be analyzed and sorted according to the modeling with the STRIDE method. After the analysis is complete, it will be calculated and given a rating based on the DREAD method's assessment. The STRIDE method's results show that there are several threats identified, such as there is one threat on the user side, the webserver is five threats, and the database is three threats. The level of the threat varies from the lowest-level (LowL) to the highest-level (HiL). Based on the threat level, it can be a guide and sequence in improving and improving the security system at SIMRS, starting from the LowL to the HiL.

References

Abomhara, M., Køien, G. M., & Gerdes, M. (2015). A STRIDE-Based Threat Model for Telehealth Systems. NISK Journal, 82–96.

Cagnazzo, M., Hertlein, M., Holz, T., & Pohlmann, N. (2018). Threat modeling for mobile health systems. IEEE Wireless Communications and Networking Conference Workshops, WCNCW 2018, 314–319. IEEE.

Chung, T., Liu, Y., Choffnes, D., Levin, D., Maggs, B. M., Mislove, A., & Wilson, C. (2016). Measuring and applying invalid SSL Certificates: The silent majority. Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC, 14-16-Nove, 527–541.

Cilliers, L., & Flowerday, S. V. (2013). Health information systems to improve health care: A telemedicine case study. SA Journal of Information Management, 15(1), 1–5.

Destian Wijaya, B., E.M.A, F., & Fiade, A. (2015). Implementasi JSON Parsing Pada Aplikasi Mobile E-commerce Studi Kasus : CV V3 Tekno Indonesia. Jurnal Pseudocode,2(1),1-9.

Hussain, S., Kamal, A., Ahmad, S., Rasool, G., & Iqbal, S. (2014). Threat Modelling Methodologies: a Survey. Sci.Int.(Lahore), 26(4), 1607–1609.

Ikhwan, S., & Elfitri, I. (2014). Analisa Delay Yang Terjadi Pada Penerapan Demilitarized Zone (DMZ) Terhadap Server Universitas Andalas. Jurnal Nasional Teknik Elektro, 3(2), 118.

Jaliyanti, D. (2018). Analisis Penerapan E-Health Sebagai Perwujudan Pelayanan Prima di Puskesmas Peneleh Kecamatan Genteng Kota Surabaya. Jurnal Administrasi Perkantoran, 6(2), 26–34.

Khan, R., McLaughlin, K., Laverty, D., & Sezer, S. (2017). STRIDE-based Threat Modeling for Cyber-Physical Systems. IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT-Europe), 1–6.

Mikail, O. O., Alhassan, J., Abba, E., & Waziri, V. O. (2016). Threat Modeling of Electronic Health Systems and Mitigating Countermeasures Big Data & Cyber-Physical Systems in Water, Energy and Food Nexus View project Online System for Vehicle Ownership Tracking and Theft Alert With Community Participation View proje. Conference: International Conference on Information and Communication Technology and Its Applications, 82–89.

Omotosho, A., Ayemlo Haruna, B., & Mikail Olaniyi, O. (2019). Threat modeling of Internet of Things health devices. Journal of Applied Security Research, 14(1), 106–121.

Sion, L., Yskout, K., Van Landuyt, Di., Van Den Berghe, A., & Joosen, W. (2020). Security Threat Modeling: Are Data Flow Diagrams Enough?. International Conference on Software Engineering Workshops, ICSEW 2020, 254–257. IEEE.

Sivula, A. (2015). Security Risk and Threat Models for Health Care Product Development Processes. Master Thesis. JAMK Unviersity of Applied Sciences.

Suradi, A., & Prasetyo, H. J. (2015). Contingency Planning pada Website Universitas Widya Dharma. Jurnal Teknologi Informasi, 10(29), 1–12.

Vernotte, A., Botea, C., Legeard, B., Molnar, A., & Peureux, F. (2015). Risk-Driven Vulnerability Testing: Results from eHealth Experiments Using Patterns and Model-Based Approach. International Workshop on Risk Assessment and Risk-Driven Testing, 3, 93–109.

Downloads

Published

2021-12-20