A security framework for mobile health applications on android platform / Muzammil Hussain

Muzammil , Hussain (2017) A security framework for mobile health applications on android platform / Muzammil Hussain. PhD thesis, University of Malaya.

	PDF (The Candidate's Agreement) Restricted to Repository staff only Download (197Kb)
Preview	PDF (Thesis PhD) Download (2311Kb) | Preview

Abstract

The advent of smartphones dramatically changed the way of communication, computation, and the model of many services, including healthcare delivery. The adoption of smartphones in the healthcare system is rapidly growing, and enormous number of apps are being developed to monitor patient health, access patient records, test results, prescribe medications, and for numerous related purposes under the collective term of mobile Health (mHealth). These apps are readily accessible to the average user of mobile devices, and despite the potential of mHealth apps to improve the availability, affordability and effectiveness of delivering healthcare services, they handle sensitive medical data, and as such, have also the potential to carry substantial risks to the security and privacy of their users. Developers of apps are usually unknown, and users are unaware of how their data are being managed and used. This is combined with the emergence of new threats due to the deficiency in mobile apps development or the design ambiguities of the current mobile operating systems. A number of mobile operating systems are available in the market, but the Android platform has gained the topmost popularity. However, Android security model is short of completely ensuring the privacy and security of users’ data, including the data of mHealth apps. Despite the security mechanisms provided by Android such as permissions and sandboxing, mHealth apps are still plagued by serious privacy and security issues. These security issues need to be addressed in order to improve the acceptance of mHealth apps among users and the efficacy of mHealth apps in the healthcare system. The focus of this research is on the security of mHealth apps, and the main objective is to propose a coherent, practical and efficient framework to improve the security of medical data associated with Android mHealth apps, as well as to protect the privacy of their users. The proposed framework provides its intended protection mainly through a set of security checks and policies that ensure protection against traditional as well as recently published threats to mHealth apps. The design of the framework comprises two layers: a Security Module Layer (SML) that implements the security-check modules, and a System Interface Layer (SIL) that interfaces SML to the Android OS. SML enforces security and privacy policies at different levels of Android platform through SIL. The proposed framework is validated via a prototypic implementation on actual Android devices to show its practicality and evaluate its performance. The framework is evaluated in terms of effectiveness and efficiency. Effectiveness is evaluated by demonstrating the performance of the framework against a selected set of attacks, while efficiency is evaluated by comparing the performance overhead in terms of energy consumption, memory and CPU utilization, with the performance of a mainline, stock version of Android. Results of the experimental evaluations showed that the proposed framework can successfully protect mHealth apps against a wide range of attacks with negligible overhead, so it is both effective and practical. Furthermore, this framework is available to other researchers for research purposes as well as for real-world deployments.

Actions (For repository staff only : Login required)