publications: - title: "Economic and Security Aspects of Applying a Threshold Scheme in e-Health" author: - name: "Bernhard Riedl" link: "https://www.bernhard-riedl.com/" - name: "Veronika Grascher" link: "https://researchr.org/alias/veronika-grascher" - name: "Mathias Kolb" link: "https://researchr.org/alias/mathias-kolb" - name: "Thomas Neubauer" link: "https://researchr.org/alias/thomas-neubauer" year: "2008" doi: "http://doi.ieeecomputersociety.org/10.1109/ARES.2008.175" abstract: "Today, the healthcare sector is driven by the need to reduce costs while simultaneously increasing the service quality for patients. This goal can be reached by the implementation of an EHR (Electronic Health Record) system. Several architectures have been proposed, but lack appropriate security mechanisms to protect the patients’ privacy. In this publication we outline our approach PIPE (Pseudonymization of Information for Privacy in e-Health), which is applicable for the primary and secondary usage of health data and give insights on the security of our technique. Further we state the economic constraints, by proposing a threshold scheme to secure the tokens needed for accessing the system." links: doi: "http://doi.ieeecomputersociety.org/10.1109/ARES.2008.175" tags: - "security" - "e-science" researchr: "https://researchr.org/publication/RiedlGKN08" cites: 0 citedby: 0 pages: "39-46" booktitle: "IEEEares" kind: "inproceedings" key: "RiedlGKN08" - title: "A Secure e-Health Architecture based on the Appliance of Pseudonymization" author: - name: "Bernhard Riedl" link: "https://www.bernhard-riedl.com/" - name: "Veronika Grascher" link: "https://researchr.org/alias/veronika-grascher" - name: "Thomas Neubauer" link: "https://researchr.org/alias/thomas-neubauer" year: "2008" doi: "http://www.academypublisher.com/jsw/vol03/no02/jsw03022332.html" abstract: "Due to the cost pressure on the health care system an increase in the need for electronic healthcare records (EHR) could be observed in the last decade, because EHRs promise massive savings by digitizing and centrally providing medical data. As highly sensitive patient information is exchanged and stored within such systems, legitimate concerns about the privacy of the stored data occur, as confidential medical data is a promising goal for attackers. These concerns and the lack of existing approaches that provide a sufficient level of security raise the need for a system that guarantees data privacy and keeps the access to health data under strict control of the patient. This paper introduces the new architecture PIPE (Pseudonymization of Information for Privacy in e-Health) that integrates primary and secondary usage of health data. It provides an innovative concept for data sharing, authorization and data recovery that allows to restore the access to the health care records if the patients’ security token is lost or stolen. The concept can be used as basis for national EHR initiatives or as an extension to EHR applications." links: doi: "http://www.academypublisher.com/jsw/vol03/no02/jsw03022332.html" tags: - "rule-based" - "architecture" - "e-science" researchr: "https://researchr.org/publication/RiedlGN08" cites: 0 citedby: 0 journal: "jsw" volume: "3" number: "2" pages: "23-32" kind: "article" key: "RiedlGN08" - title: "Pseudonymization for improving the Privacy in E-Health Applications" author: - name: "Bernhard Riedl" link: "https://www.bernhard-riedl.com/" - name: "Veronika Grascher" link: "https://researchr.org/alias/veronika-grascher" - name: "Stefan Fenz" link: "https://researchr.org/alias/stefan-fenz" - name: "Thomas Neubauer" link: "https://researchr.org/alias/thomas-neubauer" year: "2008" doi: "http://doi.ieeecomputersociety.org/10.1109/HICSS.2008.366" abstract: "Electronic health records (EHR) promise to improve communication between health care providers, thus leading to better quality of patients’ treatment and reduced costs. As highly sensitive patient information provides a promising goal for attackers and is also demanded by insurance companies and employers, there is an increasing social and political pressure regarding the prevention of health data misuse. This paper presents a detailed description of the new system PIPE (Pseudonymization of Information for Privacy in e-Health) which differs from existing approaches in its ability to securely integrate primary and secondary usage of health data. Therefore, PIPE provides a solution to shortcomings of existing approaches. Our approach may be used as a basis for implementing secure EHR architectures or as an extension to existing systems." links: doi: "http://doi.ieeecomputersociety.org/10.1109/HICSS.2008.366" tags: - "e-science" researchr: "https://researchr.org/publication/RiedlGFN08" cites: 0 citedby: 0 pages: "255" booktitle: "hicss" kind: "inproceedings" key: "RiedlGFN08" - title: "Solving an Open Legal Data Puzzle With an Interdisciplinary Team" author: - name: "Lörinc Thurnay" link: "https://researchr.org/alias/l%C3%B6rinc-thurnay" - name: "Bernhard Riedl" link: "https://www.bernhard-riedl.com/" - name: "Anna-Sophie Novak" link: "https://researchr.org/alias/anna-sophie-novak" - name: "Verena Schmid" link: "https://researchr.org/alias/verena-schmid" - name: "Thomas J. Lampoltshammer" link: "https://researchr.org/alias/thomas-j.-lampoltshammer" year: "2022" doi: "https://doi.org/10.1109/MS.2021.3117728" abstract: "To get on a mutual ground as a team of computer scientists and legal experts, mapping open legal data, we had to shift our perspectives, dive into foreign concepts, and collaborate closely." links: doi: "https://doi.org/10.1109/MS.2021.3117728" dblp: "http://dblp.uni-trier.de/rec/bibtex/journals/software/ThurnayRNSL22" researchr: "https://researchr.org/publication/ThurnayRNSL22" cites: 0 citedby: 0 journal: "IEEE Software" volume: "39" number: "1" pages: "55-60" kind: "article" key: "ThurnayRNSL22" - title: "Applying a Threshold Scheme to the Pseudonymization of Health Data" author: - name: "Bernhard Riedl" link: "https://www.bernhard-riedl.com/" - name: "Veronika Grascher" link: "https://researchr.org/alias/veronika-grascher" - name: "Thomas Neubauer" link: "https://researchr.org/alias/thomas-neubauer" year: "2007" doi: "http://doi.ieeecomputersociety.org/10.1109/PRDC.2007.24" abstract: "Due to the cost pressure on the health care system an increase in the need for electronic healthcare records (EHR) could be observed in the last decade because EHRs promise massive savings by digitizing and centrally providing medical data. As highly sensitive patient information is exchanged and stored within such a system, legitimate concerns about the privacy of the stored data occur, as the life-long storage of medical data is a promising target for attackers. These concerns and the lack of existing approaches that provide a sufficient level of security raise the need for a system that guarantees data privacy and keeps the access to health data under strict control of the patient. This paper introduces PIPE (Pseudonymization of Information for Privacy in e-Health), a new EHR architecture for primary and secondary usage of health data. PIPE’s security model is based on pseudonymization instead of encryption." links: doi: "http://doi.ieeecomputersociety.org/10.1109/PRDC.2007.24" tags: - "data-flow" researchr: "https://researchr.org/publication/RiedlGN07" cites: 0 citedby: 0 pages: "397-400" booktitle: "prdc" kind: "inproceedings" key: "RiedlGN07" - title: "Secure Access to Emergency Data in an e-Health Architecture" author: - name: "Bernhard Riedl" link: "https://www.bernhard-riedl.com/" - name: "Oliver Jorns" link: "https://researchr.org/alias/oliver-jorns" year: "2007" abstract: "The electronic health record (EHR) promises a decrease of costs as well as better service quality for patients. Unfortunatly, with this planned centralized storage arise security issues, exemplarily privacy related-problems. As the special subset of medical data, the emergency data, has to be available just-in-time, complex authentication purposes occur. Our approach PIPE (Pseudonymization of Information for Privacy in e-Health) guarantees security for the sensible patient’s medical data by applying authentication soley based on encryption. Furthermore, we provide a novel ad-hoc authentication mechanism for emergency data, which is based on the notion of pseudonyms." tags: - "architecture" - "data-flow" - "e-science" researchr: "https://researchr.org/publication/RiedlJ07" cites: 0 citedby: 0 pages: "297-306" booktitle: "iiwas" kind: "inproceedings" key: "RiedlJ07" - title: "Improving Patients Privacy with Pseudonymization" author: - name: "Thomas Neubauer" link: "https://researchr.org/alias/thomas-neubauer" - name: "Bernhard Riedl" link: "https://www.bernhard-riedl.com/" year: "2008" doi: "http://dx.doi.org/10.3233/978-1-58603-864-9-691" abstract: "e-Health requires the sharing of patient related data when and where necessary. Electronic health records promise to improve communication between health care providers, thus leading to better quality of patients’ treatment and reduced costs. As highly sensitive patient information provides a promising goal (e.g., for attackers), there is an increasing social and political pressure to guarantee patients privacy. This paper presents the new system PIPE (Pseudonymization of Information for Privacy in e-Health), that differs from existing approaches in its ability to securely integrate primary and secondary usage of health data." links: doi: "http://dx.doi.org/10.3233/978-1-58603-864-9-691" researchr: "https://researchr.org/publication/NeubauerR08" cites: 0 citedby: 0 pages: "691-696" booktitle: "mie" kind: "inproceedings" key: "NeubauerR08" - title: "A Comparative Literature Review on RFID Security and Privacy" author: - name: "Bernhard Riedl" link: "https://www.bernhard-riedl.com/" - name: "Gernot Goluch" link: "https://researchr.org/alias/gernot-goluch" - name: "Stefan Pöchlinger" link: "https://researchr.org/alias/stefan-p%C3%B6chlinger" - name: "Edgar R. Weippl" link: "https://researchr.org/alias/edgar-r.-weippl" year: "2007" abstract: "RFID provides the basis for the development of ubiquitous computing. This ever present computing environment creates new exploitable channels for adversaries. Therefore, numerous publications on RFID security appear every year, adding to the topic’s diversity. Nevertheless, there are only few state-of-the-art overviews that clarify common opinions on the topic. Hence, we examined the existing literature and present our observations on privacy and security in RFID." tags: - "literature review" - "security" - "reviewing" researchr: "https://researchr.org/publication/RiedlGPW07" cites: 0 citedby: 0 pages: "213-222" booktitle: "iiwas" kind: "inproceedings" key: "RiedlGPW07" - title: "A secure architecture for the pseudonymization of medical data" author: - name: "Bernhard Riedl" link: "https://www.bernhard-riedl.com/" - name: "Thomas Neubauer" link: "https://researchr.org/alias/thomas-neubauer" - name: "Gernot Goluch" link: "https://researchr.org/alias/gernot-goluch" - name: "Oswald Boehm" link: "https://researchr.org/alias/oswald-boehm" - name: "Gert Reinauer" link: "https://researchr.org/alias/gert-reinauer" - name: "Alexander Krumboeck" link: "https://researchr.org/alias/alexander-krumboeck" year: "2007" doi: "http://doi.ieeecomputersociety.org/10.1109/ARES.2007.22" abstract: "As aging and very expensive programs put more pressure on health and social care systems, an increase in the need for electronic healthcare records can be observed, because they promise massive savings and better clinical quality. However, patients and commissioners for data protection have legitimate concerns about the privacy and confidentiality of the stored data. Although the concept of pseudonymization allows an association with a patient only under specified and controlled circumstances, existing approaches have major vulnerabilities. This paper provides a new architecture for the pseudonymization of medical data that combines primary and secondary use in one system and thus provides a solution to vulnerabilities of existing approaches." links: doi: "http://doi.ieeecomputersociety.org/10.1109/ARES.2007.22" tags: - "architecture" - "data-flow" researchr: "https://researchr.org/publication/RiedlNGBRK07" cites: 0 citedby: 0 pages: "318-324" booktitle: "IEEEares" kind: "inproceedings" key: "RiedlNGBRK07" - title: "Improvement of Design Specifications with Inspection and Testing" author: - name: "Dietmar Winkler" link: "https://researchr.org/alias/dietmar-winkler" - name: "Bernhard Riedl" link: "https://www.bernhard-riedl.com/" - name: "Stefan Biffl" link: "https://researchr.org/alias/stefan-biffl" year: "2005" doi: "http://doi.ieeecomputersociety.org/10.1109/EURMIC.2005.31" abstract: "Inspection and testing are common verification and validation (V&V) approaches for defect detection and removal in the software development processes. Testing approaches require executable code, typically available in later life-cycle phases. Software Inspection is a defect detection technique applicable to early life-cycle documents, e.g., during design. The Usage- Based Reading (UBR) technique approach is a structured method for inspection support. In this paper we introduce a testing variant, usagebased testing (UBT-i) that integrates testing scenarios and inspection techniques. UBT-i is a paper based testing approach (i.e. a desk test without the need for executable software) applicable to design specifications. We present an initial empirical study on defect detection effectiveness and efficiency with respect to several defect severity classes and defect locations (code or design). Main results of the study are (a) UBR and UBT-i perform similarly regarding both effectiveness and efficiency and (b) the approaches focus on different defect classes regarding defect severity and defect location." links: doi: "http://doi.ieeecomputersociety.org/10.1109/EURMIC.2005.31" tags: - "testing" - "design" researchr: "https://researchr.org/publication/WinklerRB05" cites: 0 citedby: 0 pages: "222-231" booktitle: "euromicro" kind: "inproceedings" key: "WinklerRB05" - title: "Information Security Fortification by Ontological Mapping of the ISO/IEC 27001 Standard" author: - name: "Stefan Fenz" link: "https://researchr.org/alias/stefan-fenz" - name: "Gernot Goluch" link: "https://researchr.org/alias/gernot-goluch" - name: "Andreas Ekelhart" link: "https://researchr.org/alias/andreas-ekelhart" - name: "Bernhard Riedl" link: "https://www.bernhard-riedl.com/" - name: "Edgar R. Weippl" link: "https://researchr.org/alias/edgar-r.-weippl" year: "2007" doi: "http://doi.ieeecomputersociety.org/10.1109/PRDC.2007.29" abstract: "This paper introduces an ontology-based framework to improve the preparation of ISO/IEC 27001 audits, and to strengthen the security state of the company respectively. Building on extensive previous work on security ontologies, we elaborate on how ISO/IEC 27001 artifacts can be integrated into this ontology. A basic introduction to security ontologies is given first. Specific examples show how certain ISO/IEC 27001 requirements are to be integrated into the ontology; moreover, our rule-based engine is used to query the knowledge base to check whether specific security requirements are fulfilled. The aim of this paper is to explain how security ontologies can be used for a tool to support the ISO/IEC 27001 certification, providing pivotal information for the preparation of audits and the creation and maintenance of security guidelines and policies." links: doi: "http://doi.ieeecomputersociety.org/10.1109/PRDC.2007.29" tags: - "ontologies" - "ontology" - "security" researchr: "https://researchr.org/publication/FenzGERW07" cites: 0 citedby: 0 pages: "381-388" booktitle: "prdc" kind: "inproceedings" key: "FenzGERW07" - title: "CASSIS - Computer-based Academy for Security and Safety in Information Systems" author: - name: "Gernot Goluch" link: "https://researchr.org/alias/gernot-goluch" - name: "Andreas Ekelhart" link: "https://researchr.org/alias/andreas-ekelhart" - name: "Stefan Fenz" link: "https://researchr.org/alias/stefan-fenz" - name: "Stefan Jakoubi" link: "https://researchr.org/alias/stefan-jakoubi" - name: "Bernhard Riedl" link: "https://www.bernhard-riedl.com/" - name: "Simon Tjoa" link: "https://researchr.org/alias/simon-tjoa" year: "2007" doi: "http://doi.ieeecomputersociety.org/10.1109/ARES.2007.56" abstract: "Information technologies and society are highly interwoven nowadays, but in both, the private and business sector, users are often not aware of security issues or lack proper security skills. The branch of information technology security is growing constantly but attacks against the vocational sector as well as the personal sector still cause great losses each day. Considering that the end-user is the weakest link of the security chain we aim to raise awareness, regarding IT security, and train and educate IT security skills by establishing a European-wide initiative and framework." links: doi: "http://doi.ieeecomputersociety.org/10.1109/ARES.2007.56" tags: - "rule-based" - "security" researchr: "https://researchr.org/publication/GoluchEFJRT07" cites: 0 citedby: 0 pages: "730-740" booktitle: "IEEEares" kind: "inproceedings" key: "GoluchEFJRT07" - title: "A research agenda for Autonomous Business Process Management" author: - name: "Thomas Neubauer" link: "https://researchr.org/alias/thomas-neubauer" - name: "Gernot Goluch" link: "https://researchr.org/alias/gernot-goluch" - name: "Bernhard Riedl" link: "https://www.bernhard-riedl.com/" year: "2007" doi: "http://doi.ieeecomputersociety.org/10.1109/ARES.2007.21" abstract: "Fast changing requirements, regarding different types of resources such as personnel or IT-systems, require companies to adapt their business processes in a very agile but yet sophisticated way. Most of today’s companies fail in accomplishing this goal because of too static business process analysis and management approaches. The Autonomous Business Process Management methodology presented in this paper enables companies to self-adapt to changing requirements as they happen using emerging technologies and concepts, such as RFID, nanotechnology or Autonomous Computing." links: doi: "http://doi.ieeecomputersociety.org/10.1109/ARES.2007.21" researchr: "https://researchr.org/publication/NeubauerGR07" cites: 0 citedby: 0 pages: "670-680" booktitle: "IEEEares" kind: "inproceedings" key: "NeubauerGR07"