-
L. Thurnay, B. Riedl, A. Novak, V. Schmid, and TJ Lampoltshammer, "Solving an Open Legal Data Puzzle With an Interdisciplinary Team," IEEE Software, vol. 39, pp. 55-60, 2021.
@ARTICLE{Thurnay2021,
author = {Lőrinc Thurnay AND Bernhard Riedl AND Anna-Sophie Novak AND Verena Schmid AND Thomas J. Lampoltshammer},
title = {Solving an Open Legal Data Puzzle With an Interdisciplinary Team},
journal = {IEEE Software},
year = {2021},
volume = {39},
issue = {1},
pages = {55--60},
abstract = {To get on a mutual ground as a team of computer scientists and legal experts, mapping open legal data, we had to shift our perspectives, dive into foreign concepts, and collaborate closely.},
doi = {https://doi.org/10.1109/MS.2021.3117728},
url = {https://www.bernhard-riedl.com/publications/2021/solving-an-open-legal-data-puzzle-with-an-interdisciplinary-team/}
}
-
B. Riedl, V. Grascher, and T. Neubauer, "A Secure e-Health Architecture based on the Appliance of Pseudonymization," Journal of Software, vol. 3, pp. 23-32, 2008.
@ARTICLE{Riedl2007d,
author = {Bernhard Riedl AND Veronika Grascher AND Thomas Neubauer},
title = {A Secure e-Health Architecture based on the Appliance of Pseudonymization},
journal = {Journal of Software},
year = {2008},
volume = {3},
pages = {23--32},
abstract = {Due to the cost pressure on the health care system an increase in the need for electronic healthcare records (EHR) could be observed in the last decade, because EHRs promise massive savings by digitizing and centrally providing medical data. As highly sensitive patient information is exchanged and stored within such systems, legitimate concerns about the privacy of the stored data occur, as confidential medical data is a promising goal for attackers. These concerns and the lack of existing approaches that provide a sufficient level of security raise the need for a system that guarantees data privacy and keeps the access to health data under strict control of the patient. This paper introduces the new architecture PIPE (Pseudonymization of Information for Privacy in e-Health) that integrates primary and secondary usage of health data. It provides an innovative concept for data sharing,
authorization and data recovery that allows to restore the access to the health care records if the patients’ security token is lost or stolen. The concept can be used as basis for national EHR initiatives or as an extension to EHR applications.},
keywords = {privacy, security, e-health, pseudonymization, electronic health record,
authorization},
url = {https://www.bernhard-riedl.com/publications/2008/a-secure-e-health-architecture-based-on-the-appliance-of-pseudonymization/}
}
-
T. Neubauer and B. Riedl, "Improving Patients Privacy with Pseudonymization," Studies in Health Technology and Informatics, vol. 136, pp. 691-96, 2008.
@ARTICLE{Neubauer2008,
author = {Thomas Neubauer AND Bernhard Riedl},
title = {Improving Patients Privacy with Pseudonymization},
journal = {Studies in Health Technology and Informatics},
year = {2008},
volume = {136},
pages = {691--696},
abstract = {e-Health requires the sharing of patient related data when and where necessary. Electronic health records promise to improve communication between health care providers, thus leading to better quality of patients' treatment and reduced costs. As highly sensitive patient information provides a promising goal (e.g., for attackers), there is an increasing social and political pressure to guarantee patients privacy. This paper presents the new system PIPE (Pseudonymization of Information for Privacy in e-Health), that differs from existing approaches in its ability to securely integrate primary and secondary usage of health data.},
keywords = {Privacy, e-health, Security, EPR-CPR-EMR, Smart Card},
doi = {https://pubmed.ncbi.nlm.nih.gov/18487812/},
url = {https://www.bernhard-riedl.com/publications/2008/improving-patients-privacy-with-pseudonymization/}
}
-
T. Neubauer, B. Riedl, and T. Mueck, "Pseudonymisierung zur sicheren Umsetzung des elektronischen Gesundheitsakts," OCG Journal, vol. 4, pp. 33-34, 2007.
@ARTICLE{Neubauer2007,
author = {Thomas Neubauer AND Bernhard Riedl AND Thomas Mueck},
title = {Pseudonymisierung zur sicheren Umsetzung des elektronischen Gesundheitsakts},
journal = {OCG Journal},
year = {2007},
volume = {4},
pages = {33--34},
abstract = {Der elektronische Gesundheitsakt (ELGA) bietet hohes Potential zur Steigerung der Effizienz im Gesundheitswesen und somit der Behandlungsqualität der Patienten. Es sind jedoch sicherheitstechnische Maßnahmen wie die Pseudonymisierung erforderlich, um zu gewährleisten, dass der Verfügungsberechtigte die absolute Hoheit über seine Daten behält und die Erfordernisse des Datenschutzes mit den gewohnt hohen Standards erfüllt werden.},
url = {https://www.bernhard-riedl.com/publications/2007/pseudonymisierung-zur-sicheren-umsetzung-des-elektronischen-gesundheitsakts/}
}
-
B. Riedl and V. Grascher, "Assuring Integrity and Confidentiality for Pseudonymized Health Data," in Proceedings of 7th International Conference on Electrical Engineering/Electronics Computer Telecommunications and Information Technology, 2010, pp. 473-77.
@INPROCEEDINGS{Riedl2010,
author = {Bernhard Riedl AND Veronika Grascher},
title = {Assuring Integrity and Confidentiality for Pseudonymized Health Data},
booktitle = {Proceedings of 7th International Conference on Electrical Engineering/Electronics Computer Telecommunications and Information Technology},
year = {2010},
pages = {473--477},
publisher = {IEEE Computer Society},
abstract = {Nowadays, the development in our demographics results in increased costs for providing services in health care systems. Recent studies show that the installation of an EHR (Electronic Health Record) could help in lowering expense while improving the treatment quality at the same time. Apart from this, such systems could also pose the threat of a privacy invasion, because patients' sensitive medical datasets are stored within an EHR. Several architectures have been published which can be used to implement an EHR system, but most of them do not provide an appropriate level of security. With our approach PIPE (Pseudonymization of Information for Privacy in e-Health) we focus on addressing the occurring security issues and provide a safe system for medical information.},
doi = {https://ieeexplore.ieee.org/document/5491446},
url = {https://www.bernhard-riedl.com/publications/2010/assuring-integrity-and-confidentiality-for-pseudonymized-health-data/}
}
-
B. Riedl, V. Grascher, M. Kolb, and T. Neubauer, "Economic and Security Aspects of the Appliance of a Threshold Scheme in e-Health," in Proceedings of the Third International Conference on Availability, Reliability and Security, 2008, pp. 39-46.
@INPROCEEDINGS{Riedl2008a,
author = {Bernhard Riedl AND Veronika Grascher AND Mathias Kolb AND Thomas Neubauer},
title = {Economic and Security Aspects of the Appliance of a Threshold Scheme in e-Health},
booktitle = {Proceedings of the Third International Conference on Availability, Reliability and Security},
year = {2008},
pages = {39--46},
publisher = {IEEE Computer Society},
abstract = {Today, the healthcare sector is driven by the need to reduce costs while simultaneously increasing the service quality for patients. This goal can be reached by the implementation of an EHR (Electronic Health Record) system. Several architectures have been proposed, but lack appropriate security mechanisms to protect the patients’ privacy. In this publication we outline our approach PIPE (Pseudonymization of Information for Privacy in e-Health), which is applicable for the primary and secondary usage of health data and give insights on the security of our technique. Further we state the economic constraints, by proposing a threshold scheme to secure the tokens needed for accessing the system.},
doi = {https://doi.ieeecomputersociety.org/10.1109/ARES.2008.175},
url = {https://www.bernhard-riedl.com/publications/2008/economic-and-security-aspects-of-the-appliance-of-a-threshold-scheme-in-e-health/}
}
-
B. Riedl, V. Grascher, S. Fenz, and T. Neubauer, "Pseudonymization for improving the Privacy in e-Health Applications," in Proceedings of the Forty-First Hawai’i International Conference on System Sciences, 2008, p. 255.
@INPROCEEDINGS{Riedl2008,
author = {Bernhard Riedl AND Veronika Grascher AND Stefan Fenz AND Thomas Neubauer},
title = {Pseudonymization for improving the Privacy in e-Health Applications},
booktitle = {Proceedings of the Forty-First Hawai'i International Conference on System Sciences},
year = {2008},
pages = {255},
publisher = {IEEE Computer Society},
abstract = {Electronic health records (EHR) promise to improve communication between health care providers, thus leading to better quality of patients’ treatment and reduced costs. As highly sensitive patient information provides a promising goal for attackers and is also demanded by insurance companies and employers, there is an increasing social and political pressure regarding the prevention of health data misuse. This paper presents a detailed description of the new system PIPE (Pseudonymization of Information for Privacy in e-Health) which differs from existing approaches in its ability to securely integrate primary and secondary usage of health data. Therefore, PIPE provides a solution to shortcomings of existing approaches. Our approach may be used as a basis for implementing secure EHR architectures or as an extension to existing systems.},
doi = {https://doi.ieeecomputersociety.org/10.1109/HICSS.2008.366},
issn = {1530-1605},
url = {https://www.bernhard-riedl.com/publications/2008/pseudonymization-for-improving-the-privacy-in-e-health-applications/}
}
-
B. Riedl, T. Neubauer, G. Goluch, O. Boehm, G. Reinauer, and A. Krumboeck, "A secure architecture for the pseudonymization of medical data," in Proceedings of the Second International Conference on Availability, Reliability and Security, 2007, pp. 318-24.
@INPROCEEDINGS{Riedl2007f,
author = {Bernhard Riedl and Thomas Neubauer and Gernot Goluch and Oswald Boehm and Gert Reinauer and Alexander Krumboeck},
title = {A secure architecture for the pseudonymization of medical data},
booktitle = {Proceedings of the Second International Conference on Availability, Reliability and Security},
year = {2007},
pages = {318--324},
publisher = {IEEE Computer Society},
abstract = {As aging and very expensive programs put more pressure on health and social care systems, an increase in the need for electronic healthcare records can be observed, because they promise massive savings and better clinical quality. However, patients and commissioners for data protection have legitimate concerns about the privacy and confidentiality of the stored data. Although the concept of pseudonymization allows an association with a patient only under specified and controlled circumstances, existing approaches have major vulnerabilities. This paper provides a new architecture for the pseudonymization of medical data that combines primary and secondary use in one system and thus provides a solution to vulnerabilities of existing approaches.},
doi = {https://doi.ieeecomputersociety.org/10.1109/ARES.2007.22},
isbn = {0-7695-2775-2},
url = {https://www.bernhard-riedl.com/publications/2007/a-secure-architecture-for-the-pseudonymization-of-medical-data/}
}
-
B. Riedl and O. Jorns, "Secure Access to Emergency Data in an e-Health Architecture," in Proceedings of the 9th International Conference on Information Integration and Web-based Application \& Services, 2007, pp. 297-306.
@INPROCEEDINGS{Riedl2007b,
author = {Bernhard Riedl AND Oliver Jorns},
title = {Secure Access to Emergency Data in an e-Health Architecture},
booktitle = {Proceedings of the 9th International Conference on Information Integration and Web-based Application \& Services},
year = {2007},
pages = {297--306},
abstract = {The electronic health record (EHR) promises a decrease of costs as well as better service quality for patients. Unfortunatly, with this planned centralized storage arise security issues, exemplarily privacy related-problems. As the special subset of medical data, the emergency data, has to be available just-in-time, complex authentication purposes occur. Our approach PIPE (Pseudonymization of Information for Privacy in e-Health) guarantees security for the sensible patient’s medical data by applying authentication soley based on encryption. Furthermore, we provide a novel ad-hoc authentication mechanism for emergency data, which is based on the notion of pseudonyms.},
url = {https://www.bernhard-riedl.com/publications/2007/secure-access-to-emergency-data-in-an-e-health-architecture/}
}
-
B. Riedl, V. Grascher, and T. Neubauer, "Applying a Threshold Scheme to the Pseudonymization of Health Data," in Proceedings of the 13th IEEE Pacific Rim International Symposium on Dependable Computing, 2007, pp. 397-400.
@INPROCEEDINGS{Riedl2007a,
author = {Bernhard Riedl AND Veronika Grascher AND Thomas Neubauer},
title = {Applying a Threshold Scheme to the Pseudonymization of Health Data},
booktitle = {Proceedings of the 13th IEEE Pacific Rim International Symposium on Dependable Computing},
year = {2007},
pages = {397--400},
publisher = {IEEE Computer Society},
abstract = {Due to the cost pressure on the health care system an increase in the need for electronic healthcare records (EHR) could be observed in the last decade because EHRs promise massive savings by digitizing and centrally providing medical data. As highly sensitive patient information is exchanged and stored within such a system, legitimate concerns about the privacy of the stored data occur, as the life-long storage of medical data is a promising target for attackers. These concerns and the lack of existing approaches that provide a sufficient level of security raise the need for a system that guarantees data privacy and keeps the access to health data under strict control of the patient. This paper introduces PIPE (Pseudonymization of Information for Privacy in e-Health), a new EHR architecture for primary and secondary usage of health data. PIPE’s security model is based on pseudonymization instead of encryption.},
doi = {https://doi.ieeecomputersociety.org/10.1109/PRDC.2007.24},
isbn = {0-7695-3054-0},
url = {https://www.bernhard-riedl.com/publications/2007/applying-a-threshold-scheme-to-the-pseudonymization-of-health-data/}
}
-
B. Riedl, G. Goluch, S. Poechlinger, and E. Weippl, "A Comparative Literature Review on RFID Security and Privacy," in Proceedings of the 9th International Conference on Information Integration and Web-based Application \& Services, 2007, pp. 213-22.
@INPROCEEDINGS{Riedl2007c,
author = {Bernhard Riedl AND Gernot Goluch AND Stefan Poechlinger AND Edgar Weippl},
title = {A Comparative Literature Review on RFID Security and Privacy},
booktitle = {Proceedings of the 9th International Conference on Information Integration and Web-based Application \& Services},
year = {2007},
pages = {213--222},
abstract = {RFID provides the basis for the development of ubiquitous computing. This ever present computing environment creates new exploitable channels for adversaries. Therefore, numerous publications on RFID security appear every year, adding to the topic’s diversity. Nevertheless, there are only few state-of-the-art overviews that clarify common opinions on the topic. Hence, we examined the existing literature and present our observations on privacy and security in RFID.},
url = {https://www.bernhard-riedl.com/publications/2007/comparative-literature-review-on-rfid-security-and-privacy/}
}
-
T. Neubauer, G. Goluch, and B. Riedl, "A research agenda for Autonomous Business Process Management," in Proceedings of the Second International Conference on Availability, Reliability and Security, 2007, pp. 670-80.
@INPROCEEDINGS{Neubauer2007a,
author = {Thomas Neubauer and Gernot Goluch and Bernhard Riedl},
title = {A research agenda for Autonomous Business Process Management},
booktitle = {Proceedings of the Second International Conference on Availability, Reliability and Security},
year = {2007},
pages = {670--680},
publisher = {IEEE Computer Society},
abstract = {Fast changing requirements, regarding different types of resources such as personnel or IT-systems, require companies to adapt their business processes in a very agile but yet sophisticated way. Most of today’s companies fail in accomplishing this goal because of too static business process analysis and management approaches. The Autonomous Business Process Management methodology presented in this paper enables companies to self-adapt to changing requirements as they happen using emerging technologies and concepts, such as RFID, nanotechnology or Autonomous Computing.},
doi = {https://doi.ieeecomputersociety.org/10.1109/ARES.2007.21},
isbn = {0-7695-2775-2},
url = {https://www.bernhard-riedl.com/publications/2007/a-research-agenda-for-autonomous-business-process-management/}
}
-
G. Goluch, A. Ekelhart, S. Fenz, S. Jakoubi, B. Riedl, and S. Tjoa, "CASSIS – Computer-based Academy for Security and Safety in Information Systems," in Proceedings of the Second International Conference on Availability, Reliability and Security, 2007, pp. 730-40.
@INPROCEEDINGS{Goluch2007,
author = {Gernot Goluch and Andreas Ekelhart and Stefan Fenz and Stefan Jakoubi and Bernhard Riedl and Simon Tjoa},
title = {CASSIS - Computer-based Academy for Security and Safety in Information Systems},
booktitle = {Proceedings of the Second International Conference on Availability, Reliability and Security},
year = {2007},
pages = {730--740},
publisher = {IEEE Computer Society},
abstract = {Information technologies and society are highly interwoven nowadays, but in both, the private and business sector, users are often not aware of security issues or lack proper security skills. The branch of information technology security is growing constantly but attacks against the vocational sector as well as the personal sector still cause great losses each day. Considering that the end-user is the weakest link of the security chain we aim to raise awareness, regarding IT security, and train and educate IT security skills by establishing a European-wide initiative and framework.},
doi = {https://doi.ieeecomputersociety.org/10.1109/ARES.2007.56},
isbn = {0-7695-2775-2},
url = {https://www.bernhard-riedl.com/publications/2007/cassis-computer-based-academy-for-security-and-safety-in-information/}
}
-
S. Fenz, G. Goluch, A. Ekelhart, B. Riedl, and E. Weippl, "Information Security Fortification by Ontological Mapping of the ISO/IEC 27001 Standard," in Proceedings of the 13th IEEE Pacific Rim International Symposium on Dependable Computing, 2007, pp. 381-88.
@INPROCEEDINGS{Fenz2007,
author = {Stefan Fenz AND Gernot Goluch AND Andreas Ekelhart AND Bernhard Riedl AND Edgar Weippl},
title = {Information Security Fortification by Ontological Mapping of the ISO/IEC 27001 Standard},
booktitle = {Proceedings of the 13th IEEE Pacific Rim International Symposium on Dependable Computing},
year = {2007},
pages = {381--388},
publisher = {IEEE Computer Society},
abstract = {This paper introduces an ontology-based framework to improve the preparation of ISO/IEC 27001 audits, and to strengthen the security state of the company respectively. Building on extensive previous work on security ontologies, we elaborate on how ISO/IEC 27001 artifacts can be integrated into this ontology. A basic introduction to security ontologies is given first. Specific examples show how certain ISO/IEC 27001 requirements are to be integrated into the ontology; moreover, our rule-based engine is used to query the knowledge base to check whether specific security requirements are fulfilled. The aim of this paper is to explain how security ontologies can be used for a tool to support the ISO/IEC 27001 certification, providing pivotal information for the preparation of audits and the creation and maintenance of security guidelines and policies.},
doi = {https://dx.doi.org/10.1109/PRDC.2007.29},
isbn = {0-7695-3054-0},
url = {https://www.bernhard-riedl.com/publications/2007/information-security-fortification-by-ontological-mapping-of-the-isoiec/}
}
-
D. Winkler, B. Riedl, and S. Biffl, "Improvement of Design Specifications with Inspection and Testing," in Proceedings of the 31st EUROMICRO Conference on Software Engineering and Advanced Applications, 2005, pp. 222-31.
@INPROCEEDINGS{Winkler2005,
author = {Dietmar Winkler and Bernhard Riedl and Stefan Biffl},
title = {Improvement of Design Specifications with Inspection and Testing},
booktitle = {Proceedings of the 31st EUROMICRO Conference on Software Engineering and Advanced Applications},
year = {2005},
pages = {222--231},
publisher = {IEEE Computer Society},
abstract = {Inspection and testing are common verification and validation (V&V) approaches for defect detection and removal in the software development processes. Testing approaches require executable code, typically available in later life-cycle phases. Software Inspection is a defect detection technique applicable to early life-cycle documents, e.g., during design. The Usage- Based Reading (UBR) technique approach is a structured method for inspection support. In this paper we introduce a testing variant, usagebased testing (UBT-i) that integrates testing scenarios and inspection techniques. UBT-i is a paper based testing approach (i.e. a desk test without the need for executable software) applicable to design specifications. We present an initial empirical study on defect detection effectiveness and efficiency with respect to several defect severity classes and defect locations (code or design). Main results of the study are (a) UBR and UBT-i perform similarly regarding both effectiveness and efficiency and (b) the approaches focus on different defect classes regarding defect severity and defect location.},
doi = {https://doi.ieeecomputersociety.org/10.1109/EURMIC.2005.31},
isbn = {0-7695-2431-1},
keywords = {Verification and Validation, Software Inspection, Usage-Based Testing, Software Product Improvement},
url = {https://www.bernhard-riedl.com/publications/2005/improvement-of-design-specifications-with-inspection-and-testing/}
}
-
E. Weippl and B. Riedl, "Handbook of Research on Mobile Multimedia, Second Edition," , Ibrahim, IK, Ed., Information Science Reference, 2008, p. IX.
@INBOOK{Weippl2007a, chapter = {Security, Trust and Privacy on Mobile Devices and Multimedia Applications},
pages = {Chapter IX},
title = {Handbook of Research on Mobile Multimedia, Second Edition},
publisher = {Information Science Reference},
year = {2008},
editor = {Ismail Khalil Ibrahim},
author = {Edgar Weippl AND Bernhard Riedl},
note = {ISBN: 978-1-60566-046-2},
abstract = {While security in general is increasingly well addressed, both mobile security and multimedia security are still areas of research undergoing major changes. Mobile security is characterized by small devices that, for instance, make it difficult to enter long passwords and that cannot perform complex cryptographic operations due to power constraints. Multimedia security has focused on watermarks and the creation of digital evidences; as we all know, there are yet no good solutions to prevent illegal copying of audio and video files. In this chapter we focus on addressing the attributes of security, trust and privacy on mobile devices and multimedia applications.},
url = {https://www.bernhard-riedl.com/publications/2008/security-trust-and-privacy-on-mobile-devices-and-multimedia-applications/}
}
-
E. Weippl, B. Riedl, and V. Grascher, "Wikis im Social Web, Wikiposium 2005/2006," , Stockinger, HL(, Ed., Oesterreichische Computergesellschaft, 2007, pp. 190-98.
@INBOOK{Weippl2007, chapter = {Einsatz von Audits in Wikis an Stelle von Zugriffskontrollen},
pages = {190--198},
title = {Wikis im Social Web, Wikiposium 2005/2006},
publisher = {Oesterreichische Computergesellschaft},
year = {2007},
editor = {Johann Stockinger, Helmut Leitner (Hg.)},
author = {Edgar Weippl AND Bernhard Riedl AND Veronika Grascher},
note = {ISBN 978-3-902580-03-0},
abstract = {Sicherheit gewinnt in E-Learning Umgebungen immer mehr an Bedeutung und wird oft mittels Zugriffkontrollmechanismen realisiert. Da die Etablierung eines Sicherheitskonzepts meistens mit hohen Kosten verbunden ist, wird in diesem Beitrag gezeigt, dass es auch andere Möglichkeiten gibt, die Integrität von Daten zu schützen. Wir verwenden das in Wiki-Systemen üblicherweise verfügbare Auditing gemeinsam mit dem zugrunde liegenden gruppendynamischen Prozess zur Umsetzung von gesellschaftlich akzeptablem Verhalten anstatt strenger Zugriffskontrollmechanismen. Die Privatsphäre der Benutzer kann in manchen Anwendungen durch den Einsatz von Pseudonymen unterstützt werden, dies verändert das Benutzerverhalten aber nicht einschlägig. Der Vorteil dabei ist, dass die Identität im Normalfall nicht bekannt wird, diese aber bei groben Verstößen dennoch feststellbar ist.},
url = {https://www.bernhard-riedl.com/publications/2007/einsatz-von-audits-in-wikis-an-stelle-von-zugriffskontrollen/}
}