Skip to main content

Table 1 Common threats and countermeasures implemented by our systems

From: A generic solution for web-based management of pseudonymized data

Security principle STRIDE threat Countermeasure (deployed)
Authenticity Spoofing (1) Non-delegated authentication, (2) TLS with server certificates, (3) Username/password policies, (4) Two-factor authentication,(5) IP-based filtering of requests, (6) One-time access tokens to avoid replay attacks, (7) Limit for login attempts, (8) Penetration testing, (9) Automatic logout after inactivity
Integrity Tampering (1) Server hardening, (2) Penetration testing, (3) Intrusion detection system, (4) TLS with server certificates, (5) Software installation policies, (6) Audit trail, (7) Input validation, (8) Penetration testing
Accountability Repudiation (1) Auditing and logging
Confidentiality Information disclosure (1) Input validation, (2) TLS with server certificates, (3) Access restrictions to server hardware, (4) User training, (5) Encrypted backups, (6) Intrusion detection system, (7) Two-tier pseudonymization, (8) Client-side recombination of distributed data, (9) Encrypted tokens for communication between backends, (10) Penetration testing, (11) Site-based view, (12) Database encryption
Availability Denial of service (1) Input validation, (2) IP-based filtering of requests, (3) Virtualization/sandboxing, (4) Redundant server hardware/raid, (5) Backups/disaster recovery plan, (6) Automatic OS updates, (7) Firewalls and virus scanners, (8) Intrusion detection system, (9) Secure server room including UPS and fire extinguisher
Authorization Elevation of privilege (1) Role-based Access Control (roles: physician, study nurse, monitor, researcher, lab personnel), (2) Penetration testing, (3) User account management policies, (4) Distributed authorization