{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,7]],"date-time":"2026-03-07T18:42:23Z","timestamp":1772908943613,"version":"3.50.1"},"reference-count":43,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2021,10,26]],"date-time":"2021-10-26T00:00:00Z","timestamp":1635206400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2021,10,26]],"date-time":"2021-10-26T00:00:00Z","timestamp":1635206400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"name":"Universit\u00e0 Parthenope di Napoli"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["SN COMPUT. SCI."],"published-print":{"date-parts":[[2022,1]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>The approach presented in this paper provides effective protection of critical business processes by applying advanced SIEM technology in a rigorous fashion, based on the results of accurate risk assessment. The proposed SIEM tool advances the State of The Art of the technology along two axes, specifically: privacy and integrity. The advancements are achieved via combined use of two of the most promising technologies for trusted computing, namely: Trusted Execution Environment (TTE) and Homomorphic Encryption (HE). The approach is validated with respect to a real use case of a Smart Hospital (i.e., one where IT is massively used), with challenging security requirements. The use case is contributed by one of the major public hospitals in Italy. Experiments demonstrate that, by relying on continuous monitoring of security relevant events and advanced correlation techniques, the SIEM solution proposed in this work effectively protects the critical workflows of the hospital business processes from cyber-attacks with high impact (specifically: serious harm to or even death of the patient).<\/jats:p>","DOI":"10.1007\/s42979-021-00858-4","type":"journal-article","created":{"date-parts":[[2021,10,26]],"date-time":"2021-10-26T13:05:40Z","timestamp":1635253540000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":11,"title":["Risk Assessment Driven Use of Advanced SIEM Technology for Cyber Protection of Critical e-Health Processes"],"prefix":"10.1007","volume":"3","author":[{"given":"Luigi","family":"Coppolino","sequence":"first","affiliation":[]},{"given":"Luigi","family":"Sgaglione","sequence":"additional","affiliation":[]},{"given":"Salvatore","family":"D\u2019Antonio","sequence":"additional","affiliation":[]},{"given":"Mario","family":"Magliulo","sequence":"additional","affiliation":[]},{"given":"Luigi","family":"Romano","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2048-7675","authenticated-orcid":false,"given":"Roberto","family":"Pacelli","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,10,26]]},"reference":[{"key":"858_CR1","unstructured":"Ponemon study on the Challenging state of vulnerability management. Balbix. (2020). Retrieved September 21, 2021, from https:\/\/www.balbix.com\/press-releases\/ponemon-report-on-vulnerability-management-challenges\/."},{"key":"858_CR2","unstructured":"Bindu Sundaresan. OSSIM. AT&T Cybersecurity. (n.d). Retrieved September 21, 2021, from https:\/\/www.alienvault.com\/products\/ossim."},{"key":"858_CR3","unstructured":"Gartner I. Security information and event MANAGEMENT (SIEM Tools) Reviews 2021: Gartner peer insights. Gartner (n.d.). Retrieved September 21, 2021, from https:\/\/www.gartner.com\/reviews\/market\/security-information-event-management."},{"key":"858_CR4","unstructured":"IBM QRadar SIEM - Overview. IBM. (n.d.). Retrieved September 21, 2021, from https:\/\/www.ibm.com\/products\/qradar-siem."},{"key":"858_CR5","unstructured":"Cyber security and resilience for SMART HOSPITALS. ENISA. (2021). Retrieved September 21, 2021, from https:\/\/www.enisa.europa.eu\/publications\/cyber-security-and-resilience-for-smart-hospitals."},{"key":"858_CR6","unstructured":"Mayra Rosario Fuentes, Numaan Huq. Challenges in SECURING CONNECTED HOSPITALS. (2018). Retrieved September 21, 2021, from https:\/\/www.trendmicro.com\/en_us\/research\/18\/d\/challenges-in-securing-connected-hospitals.html."},{"key":"858_CR7","doi-asserted-by":"publisher","DOI":"10.1109\/SITIS.2019.00065","author":"L Coppolino","year":"2019","unstructured":"Coppolino L, Dantonio S, Romano L, Sgaglione L, Magliulo M, Pacelli R. Protecting critical business processes of Smart Hospitals from cyber attacks. Proc 2019 15th Int Conf Signal-Image Technol Internet-Based Syst SITIS. 2019. https:\/\/doi.org\/10.1109\/SITIS.2019.00065.","journal-title":"Proc 2019 15th Int Conf Signal-Image Technol Internet-Based Syst SITIS"},{"key":"858_CR8","unstructured":"Report on Improving Cybersecurity in the Health Care Industry - Health Care Industry Cybersecurity Task Force. U.S. Department of Health and Human Services (2017). Retrieved September 21, 2021, from http:\/\/www.phe.gov\/Preparedness\/planning\/CyberTF\/Documents\/report2017.pdf."},{"key":"858_CR9","doi-asserted-by":"crossref","unstructured":"Staffa M, Coppolino L, Sgaglione L, Gelenbe E, Komnios I, Grivas E, Stan O, Castaldo L. KONFIDO: an OpenNCP-based secure eHealth data exchange system. In: Proceeding of Euro-CYBERSEC (2018).","DOI":"10.1007\/978-3-319-95189-8_2"},{"key":"858_CR10","doi-asserted-by":"crossref","unstructured":"Gentry C. Fully homomorphic encryption using ideal lattices. In: Proceedings of the forty-first annual ACM symposium on theory of computing ser. STOC\u201809, pp\u00a0169\u201378. 2009.","DOI":"10.1145\/1536414.1536440"},{"key":"858_CR11","doi-asserted-by":"publisher","DOI":"10.1145\/2046660.2046682","author":"M Naehrig","year":"2011","unstructured":"Naehrig M, Lauter K, Vaikuntanathan V. Can homomorphic encryption be practical? Proc 3rd ACM Workshop Cloud Comput Security Workshop CCSW\u201911 ACM NY USA. 2011. https:\/\/doi.org\/10.1145\/2046660.2046682.","journal-title":"Proc 3rd ACM Workshop Cloud Comput Security Workshop CCSW\u201911 ACM NY USA"},{"issue":"4","key":"858_CR12","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1186\/s12920-018-0397-z","volume":"11","author":"H Chen","year":"2018","unstructured":"Chen H, Gilad-Bachrach R, Han K, Huang Z, Jalali A, Laine K, et al. Logistic regression over encrypted data from fully homomorphic encryption. BMC Med Genom. 2018;11(4):81.","journal-title":"BMC Med Genom"},{"key":"858_CR13","unstructured":"Microsoft. Microsoft\/SEAL: Microsoft seal is an easy-to-use and powerful homomorphic encryption library. GitHub. (n.d). Retrieved September 21, 2021, from https:\/\/github.com\/Microsoft\/SEAL."},{"key":"858_CR14","first-page":"111","volume":"18","author":"Z Brakerski","year":"2011","unstructured":"Brakerski Z, Gentry C, Vaikuntanathan V. Fully homomorphic encryption without bootstrapping. Electron Colloquium Comput Complex. 2011;18:111.","journal-title":"Electron Colloquium Comput Complex"},{"key":"858_CR15","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1007\/s00145-019-09319-x","volume":"33","author":"I Chillotti","year":"2019","unstructured":"Chillotti I, Gama N, Georgieva M, Izabach\u00e8ne M. TFHE: fast fully homomorphic encryption over the torus. J Cryptology 2019;33:34\u201391.","journal-title":"J Cryptology"},{"key":"858_CR16","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2020.2995638","author":"L Coppolino","year":"2020","unstructured":"Coppolino L, D\u2019Antonio S, Formicola V, Mazzeo G, Romano L. VISE: combining intel SGX and homomorphic encryption for cloud industrial control systems. IEEE Trans Comput. 2020. https:\/\/doi.org\/10.1109\/TC.2020.2995638.","journal-title":"IEEE Trans Comput"},{"key":"858_CR17","doi-asserted-by":"publisher","DOI":"10.1145\/2487726.2488368","author":"F McKeen","year":"2013","unstructured":"McKeen F, Alexandrovich I, Berenzon A, Rozas CV, Shafi H, Shanbhogue V, Savagaonkar UR. Innovative instructions and software model for isolated execution. Proc 2nd Int Workshop Hardw Arch Support Security Privacy HASP\u201913 ACM NY USA. 2013. https:\/\/doi.org\/10.1145\/2487726.2488368.","journal-title":"Proc 2nd Int Workshop Hardw Arch Support Security Privacy HASP\u201913 ACM NY USA"},{"key":"858_CR18","unstructured":"Costan V, Devadas S. Intel sgx explained. Cryptology ePrint Archive, Report 2016\/086. (2016). http:\/\/eprint.iacr.org\/2016\/086."},{"issue":"3","key":"858_CR19","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1109\/TC.2017.2647955","volume":"67","author":"P Maene","year":"2018","unstructured":"Maene P, Gtzfried J, de Clercq R, Mller T, Freiling F, Verbauwhede I. Hardware-based trusted computing architectures for isolation and attestation. IEEE Trans Comput. 2018;67(3):361\u201374. https:\/\/doi.org\/10.1109\/TC.2017.2647955.","journal-title":"IEEE Trans Comput"},{"key":"858_CR20","doi-asserted-by":"publisher","DOI":"10.1109\/WISA.2016.45","author":"C Zhao","year":"2016","unstructured":"Zhao C, Saifuding D, Tian H, Zhang Y, Xing C. On the performance of intel sgx. 2016 13th Web Inf Syst Appl Conf WISA. 2016. https:\/\/doi.org\/10.1109\/WISA.2016.45.","journal-title":"2016 13th Web Inf Syst Appl Conf WISA"},{"key":"858_CR21","unstructured":"Stateful computations over data streams. Apache Flink. (n.d.). Retrieved September 21, 2021, from https:\/\/flink.apache.org\/."},{"key":"858_CR22","unstructured":"Apache storm. Apache Storm. (n.d.). Retrieved September 21, 2021, from https:\/\/storm.apache.org\/."},{"key":"858_CR23","unstructured":"Esper. EsperTech. (2020). Retrieved September 21, 2021, from https:\/\/www.espertech.com\/esper\/."},{"key":"858_CR24","unstructured":"Elastic stack: Elasticsearch, KIBANA, Beats & logstash. Elastic. (n.d.). Retrieved September 21, 2021, from https:\/\/www.elastic.co\/elastic-stack."},{"key":"858_CR25","unstructured":"Java native interface. JNI APIs and Developer Guides. (n.d.). Retrieved September 21, 2021, from https:\/\/docs.oracle.com\/javase\/8\/docs\/technotes\/guides\/jni\/."},{"key":"858_CR26","unstructured":"We enable secure execution of containers and programs using Intel SGX. SCONE - A Secure Container Environment. (n.d.). Retrieved September 21, 2021, from https:\/\/scontain.com\/index.html?lang=en."},{"key":"858_CR27","unstructured":"Graphene. (n.d.). Retrieved September 21, 2021, from https:\/\/grapheneproject.io\/."},{"key":"858_CR28","unstructured":"Apache Kafka. (n.d.). Retrieved September 21, 2021, from https:\/\/kafka.apache.org\/."},{"key":"858_CR29","unstructured":"Activemq. ActiveMQ. (n.d.). Retrieved September 21, 2021, from http:\/\/activemq.apache.org\/."},{"key":"858_CR30","doi-asserted-by":"crossref","unstructured":"Naehrig M, Lauter K, Vaikuntanathan V. Can homomorphic encryption be practical? In: Proceedings of the 3rd ACM workshop on cloud computing security workshop, ser. CCSW\u201911. New York, NY, USA, ACM, pp\u00a0113\u201324. 2011.","DOI":"10.1145\/2046660.2046682"},{"key":"858_CR31","unstructured":"RSA cybersecurity and Digital risk management solutions. RSA.com. (2021). Retrieved September 21, 2021, from https:\/\/www.rsa.com\/."},{"key":"858_CR32","unstructured":"GRC software for Risk, compliance, and audit. Galvanize. (n.d.). Retrieved September 21, 2021, from https:\/\/www.rsam.com\/."},{"key":"858_CR33","unstructured":"Governance, risk and COMPLIANCE (GRC), CyberSecurity Solutions. Metricstream. (n.d.). Retrieved September 21, 2021, from https:\/\/www.metricstream.com\/."},{"key":"858_CR34","unstructured":"IBM openpages with Watson - Overview. IBM. (n.d.). Retrieved September 21, 2021, from https:\/\/www.ibm.com\/us-en\/marketplace\/openpages-operational-risk-managemen."},{"key":"858_CR35","unstructured":"Riskiq. RiskIQ. (n.d.). Retrieved September 21, 2021, from https:\/\/www.riskiq.com\/."},{"key":"858_CR36","unstructured":"FireCompass. (2021). Retrieved September 21, 2021, from https:\/\/www.firecompass.com\/."},{"key":"858_CR37","unstructured":"Threat sketch. Threat Sketch. (2020). Retrieved September 21, 2021, from https:\/\/threatsketch.com\/solutions\/."},{"key":"858_CR38","unstructured":"GCA Cyber Toolkit. You are being redirected. (n.d.). Retrieved September 21, 2021, from https:\/\/gcatoolkit.org\/smallbusiness\/."},{"key":"858_CR39","unstructured":"Gartner_Inc. Magic quadrant for security information and event management. Gartner. (n.d.). Retrieved September 21, 2021, from https:\/\/www.gartner.com\/en\/documents\/3894573\/magic-quadrant-for-security-information-and-event-manage."},{"key":"858_CR40","unstructured":"TIBCO\u00ae BPM ENTERPRISE. TIBCO Software Inc. (n.d.). Retrieved September 21, 2021, from https:\/\/www.tibco.com\/products\/business-process-management."},{"key":"858_CR41","unstructured":"Pega platform. Pega. (2020). Retrieved September 21, 2021, from https:\/\/www.pega.com\/it\/products\/pega-platform."},{"key":"858_CR42","unstructured":"Oracle Business Activity Monitoring. Oracle business activity monitoring. (n.d.). Retrieved September 21, 2021, from https:\/\/www.oracle.com\/technetwork\/middleware\/bam\/overview\/index.html."},{"key":"858_CR43","unstructured":"Gartner_Inc. Magic quadrant for intelligent business process management suites. Gartner. (n.d.). Retrieved September 21, 2021, from https:\/\/www.gartner.com\/en\/documents\/3899484\/magic-quadrant-for-intelligent-business-process-manageme."}],"container-title":["SN Computer Science"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s42979-021-00858-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s42979-021-00858-4\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s42979-021-00858-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,1,10]],"date-time":"2022-01-10T18:33:37Z","timestamp":1641839617000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s42979-021-00858-4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,10,26]]},"references-count":43,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2022,1]]}},"alternative-id":["858"],"URL":"https:\/\/doi.org\/10.1007\/s42979-021-00858-4","relation":{},"ISSN":["2662-995X","2661-8907"],"issn-type":[{"value":"2662-995X","type":"print"},{"value":"2661-8907","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,10,26]]},"assertion":[{"value":"14 December 2020","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"6 September 2021","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"26 October 2021","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of Interest"}}],"article-number":"16"}}