Orchestrating differential data access for translational research: a pilot implementation

Table 1 How STRIDE threats are addressed in the pilot (or could be in similar scenario)

STRIDE Threat/ Function	Shibboleth/Id Federation	REMS	Domain Apps (BioSD, BBMRI Hub, more)	Infrastructure (eg, web servers, network)
Spoofing/Authenticity	Authentication HTTPS/TLS/X.509 Limit distributed attributes Proper Software Engineering (PSE)	Limit distributed attributes PSE	PSE	- HTTPS/TLS/ X.509 - PSE
Repudiation/Accountability	Authentication Logging (must be law-compliant, eg max retention time)	Logging PSE	- Logging	- Logging
Info Disclosure/Confidentiality	HTTPS/TLS/X.509	- Subscribed policies (no data out of Id Federation) HTTPS/TLS/X.509	HTTPS/TLS/X.509	HTTPS/TLS/X.509
DoS/ Availability	- PSE	- PSE	- PSE	- Redundancy - Firewalls - PSE
Elevation of Privileges/Authorisation	- Only required attributes distributed - PSE	- Only required attributes distributed - PSE	- PSE	- PSE

PSE refers to software design and testing, best practices, established methodologies, techniques and frameworks. As for the biomedical-specific risks identified by the LINDUN methodology, REMS policies help with facing all those risks, as it does the security and reliability of the pilot software components

ISSN: 1472-6947