A security architecture for medical application platforms

Salazar, Carlos

January 1900

Master of Science / Department of Computing and Information Sciences / Eugene Vasserman / The Medical Device Coordination Framework (MDCF) is an open source Medical Application Platform (MAP) that facilitates interoperability between heterogeneous medical devices. The MDCF is designed to be an open test bed for the conceptual architecture described by the Integrated Clinical Environment (ICE) interoperability standard. In contrast to existing medical device connectivity features that only provide data logging and display capabilities, a MAP such as the MDCF also allows medical devices to be controlled by apps. MAPs are predicted to enable many improvements to health care, however they also create new risks to patient safety and privacy that need to be addressed. As a result, MAPs such as the MDCF and other ICE-like systems require the integration of security features. This thesis lays the groundwork for a comprehensive security architecture within the MDCF. Specifically, we address the need for access control, device certification, communication security, and device authentication. We begin by describing a system for ensuring the trustworthiness of medical devices connecting to the MDCF. To demonstrate trustworthiness of a device, we use a chain of cryptographic certificates which uniquely identify that device and may also serve as non- forgeable proof of regulatory approval, safety testing, or compliance testing. Next, we cover the creation and integration of a pluggable, flexible authentication system into the MDCF, and evaluate the performance of proof-of-concept device authentication providers. We also discuss the design and implementation of a communication security system in the MDCF, which enables the creation and use of communication security providers which can provide data confidentiality, integrity, and authenticity. We conclude this work by presenting the requirements and a high level design for a Role-Based Access Control (RBAC) system within the MDCF.

Medical device coordination

Computer security

Security architecture

Integrated clinical environment

Medical application platform

Computer Science (0984)

A Study of Business Model on Application Platform for Mobile Devices Built by Telecommunication Carrier

Chang, Chih-Ping

25 August 2011

The launch of Apple iPhone brings the success of App Store application platform, which turns the structure of mobile software industry as well as creating a brand new application business model. It changes not only environment of mobile industry and supply chains, but also the using behaviors of mobile phone users. This research applies wildscale biobligraphy analysis, case study and Delphi method, trying to analyze the market status, business model of application platform. Using 2-phase interviews with smart phone users, developers, and operator, and SWOT and Porter¡¦s Five Force Analysis model to study the business model and strategies for operator¡¦s application platform. The research discovers that telecommunication operator has serveral advantages, such as holding huge user base and payment safety; however, economic scope and service efficiency is the key to the success. Operator should use its strengths and cope with the changing user behavior to create more added value.

Telecommunication Operator

Android Market

Application Platform

App Store

Delphi Method

Business Model

Application Store

Analýza a výběr aplikační platformy pro podporu řízení IT společnosti / Analysis and selection of application platform in support of IT company management

Kortus, Jakub

January 2015

This thesis looks into the selection process of a suitable internal application platform for the needs of specific IT company, which does business in the development and implementation area of SW products supporting a credit risk management. The company currently consists of 100 employees and plans to grow in the following years with 25% rate. This places significant requirements on efficient, but also cost optimal set of internal systems in order to support the process management. The theoretical part describes the process of selecting a general supplier and its specificity when used in a selection process for IT supplier and also the procedure for process analysis of key processes, which is vital part of methodological basis. In the practical part of the work is first made the analysis of key processes itself, on which are then proposed various applications that are integrated with each other and form a comprehensive and integrated platform to support monitoring, evaluation and management of the entire IT company. The main contribution is in a comprehensive application infrastructure proposal, which should replace the current and non compliant one.

Cloud application platform - Virtualization vs Containerization : A comparison between application containers and virtual machines

Vestman, Simon

January 2017

Context. As the number of organizations using cloud application platforms to host their applications increases, the priority of distributing physical resources within those platforms is increasing simultaneously. The goal is to host a higher quantity of applications per physical server, while at the same time retain a satisfying rate of performance combined with certain scalability. The modern needs of customers occasionally also imply an assurance of certain privacy for their applications. Objectives. In this study two types of instances for hosting applications in cloud application platforms, virtual machines and application containers, are comparatively analyzed. This investigation has the goal to expose advantages and disadvantages between the instances in order to determine which is more appropriate for being used in cloud application platforms, in terms of performance, scalability and user isolation. Methods. The comparison is done on a server running Linux Ubuntu 16.04. The virtual machine is created using Devstack, a development environment of Openstack, while the application container is hosted by Docker. Each instance is running an apache web server for handling HTTP requests. The comparison is done by using different benchmark tools for different key usage scenarios and simultaneously observing the resource usage in respective instance. Results. The results are produced by investigating the user isolation and resource occupation of respective instance, by examining the file system, active process handling and resource allocation after creation. Benchmark tools are executed locally on respective instance, for a performance comparison of the usage of physical resources. The amount of CPU operations executed within a given time is measured in order determine the processor performance, while the speed of read and write operations to the main memory is measured in order to determine the RAM performance. A file is also transmitted between host server and application in order to compare the network performance between respective instance, by examining the transfer speed of the file. Lastly a set of benchmark tools are executed on the host server to measure the HTTP server request handling performance and scalability of each instance. The amount of requests handled per second is observed, but also the resource usage for the request handling at an increasing rate of served requests and clients. Conclusions. The virtual machine is a better choice for applications where privacy is a higher priority, due to the complete isolation and abstraction from the rest of the physical server. Virtual machines perform better in handling a higher quantity of requests per second, while application containers is faster in transferring files through network. The container requires a significantly lower amount of resources than the virtual machine in order to run and execute tasks, such as responding to HTTP requests. When it comes to scalability the prefered type of instance depends on the priority of key usage scenarios. Virtual machines have quicker response time for HTTP requests but application containers occupy less physical resources, which makes it logically possible to run a higher quantity of containers than virtual machines simultaneously on the same physical server.

Openstack

Docker

Simon Vestman

Malvacom

Malvacom AB

Application container

virtual machine

performance

scalability

comparison

user isolation

abstraction

resource allocation

containerization

virtualization

cloud application platform

platform as a service

CPU

RAM

efficiency

request handling

Computer Systems

Datorsystem

企業整合軟體在電信業應用之研究-以某電信公司案為例

陳麗慧

Unknown Date

近年來，電信業已由寡占走向了完全競爭市場，伴隨著消費者意識的抬頭，有限的市場大餅，更侷限了用戶數的大躍進，因此各家電信營運商無不卯足全力，專注在提供吸引消費者的產品、資費方案、以及ARPU（Average-Revenue-Per-User）的提昇…等議題上。企業要如何面對競爭慘烈的市場？如何保持內部流程的彈性去因應變化？基於上述事項，如何運用資訊科技來達到企業的目標就更加重要了，而EAI 的功能，提供了企業對應用系統的整合，維持流程的彈性應用，更進而協助企業降低整合風險、節省資訊軟體的開發與維護成本、強化供應商的合作關係，進而產生對企業的效益。 本研究使用個案研討的方式，選定幾項關鍵流程進行深度分析，針對電信業在營運系統上整合的議題作探討，並說明企業整合應用軟體導入所帶來的效益。對於電信產業而言，客戶關係管理系統、帳務系統、開通系統、加值服務應用平台系統…等是整合的開端，亦是重點之所在。經由EAI軟體的導入，提供營運應用系統之間資訊的同步，也相對的提供決策人員反應快速的資訊。 電信業者在系統建置中，如何有效運用企業整合軟體之特性來整合各異質性平台應用系統，以達到資訊的整合，並藉由資訊的及時傳遞提供各不同應用系統使用者一致的資訊，進而提高資訊的可用度及客服人員及門市人員對客戶的服務，增加企業的競爭力。 / Telco has already been moving toward perfect competitive market since last decade. Meanwhile, along with the ideology of consumers that dominates the trend and momentum of open market. It also blocked the growth rate of subscribers in domestic market. Under such circumstance, all Operators are fully concentrating on value-added product, tariff, rate plan…and so on, to attract consumers so that Operators are able to increase the ARPU (Average-Revenue-per-User). How to face the severe competitive market? How to maintain the flexibility of internal process to adopt the drastic changing market？ Based upon above mentioned issues, it is very important to use information technology to approach this target. Nevertheless, the functionality of EAI (Enterprise Application Integration) offers an all-in-one solution and integration to application system. Still, it also maintains the flexibility of process flow. Further more, it reduces the risk of enterprise integration and saves cost in terms of implementation and maintenance. On the other hands, EAI is not only to enhance the relationship of suppliers but also generate the synergy of enterprise. The purpose of this theme is to deeply analyze the critical process inside company. Besides, it also points out that how to use EAI in Telco field for the purpose of gaining benefit to Operator. Telco’s IT system includes CRM (Customer relationship management), Billing system, Provision, and the platform of value-added service and application. After installing EAI, it is able to offer the synchronization among all application system and capable to expedite the response time of decision makers. In addition, it is very important to use EAI to integrate the different application platform. After that, EAI is able to consolidation all necessary information and deliver all users with same information just in time. Customer Service Division and Chain Store could transfer this power to secure better services to consumers then enlarge the competition of enterprise.

企業應用整合軟體

客戶關係管理系統

帳務系統

開通系統

加值服務應用平台系統

EAI

CRM

Billing System

Provisioning System

Application Platform