Towards integrity protection of software for e-health data

摘要

The Integrity protection (IP) of software which deals with eHealth data, addresses the problem of static or dynamic code modification of the software. An attacker with the ability to modify the execution of software which deals with eHealth data can tamper with eHealth data. The target of IP is to protect the software assets; in this case it is to protect eHealth data. By modifying the binary source of an application, an attacker can produce a modified version of the application which can run in favor of the attacker objectives. Finally, if an attacker distributes the modified version of an application which deals with eHealth data, can harm eHealth environment (e.g., government agency) by disclosing the identity of the stake holders. The existing literatures (very few are disclosed and are available in academia) mainly focus on protection of tampering for static code of a software application. However, in practically, while an instance of software runs on unprotected memory environment, an attacker can launch dynamic modification of the running code and achieves the desired advantages. Therefore, the existing approaches do not tackle the tampering issues during the execution of a software application. The proposed research aims to explore this problem and proposes solutions based on a light-weight cryptographic methodology by generating secure cryptographic signature, which is a scrambled signature of a software application generated using cryptographic function and its security analysis has been investigated.