Fabrizio Baiardi, Dario Maggiari, Daniele Sgandurra


Confidentiality and integrity of information are among the critical problems to face when managing health information through ICT systems. Virtual Interacting Network CommunIty (Vinci) is a software architecture that exploits virtualization to share a healthcare ICT infrastructure among users with different security levels and reliability requirements. Vinci introduces several communities , each consisting of users, some applications, a set of services and of shared resources. Users and applications with distinct privileges and trust levels belong to distinct communities. Each community is supported by a virtual network built by interconnecting virtual machines (VMs). The adoption of VMs increases the overall security level because we can use VMs not only to run user applications, but also to protect shared resources, control traffic among communities or discover malware. Further VMs manage the overall infrastructure and configure the VMs at start-up. Vinci supports the definition of security policies to protect information within and across communities. As an example, discretionary access control policies may protect files shared within a community, whereas mandatory, multilevel security policies may rule access to files shared among communities. After describing Vinci architecture, we present the VM templates and preliminary performance results.


  1. Bryant, E., Early, J., Gopalakrishna, R., Roth, G., Spafford, E., Watson, K., William, P., and Yost, S. (2003). Poly2 Paradigm: A Secure Network Service Architecture. Computer Security Applications Conference, 2003. Proceedings. 19th Annual, pages 342-351.
  2. Chaudhry, B., Wang, J., Wu, S., Maglione, M., Mojica, W., Roth, E., Morton, S., and Shekelle, P. (2006). Systematic Review: Impact of Health Information Technology on Quality, Efficiency, and Costs of Medical Care. Annals of Internal Medicine, 144(10):742.
  3. Chun, B., Culler, D., Roscoe, T., Bavier, A., Peterson, L., Wawrzoniak, M., and Bowman, M. (2003). Planetlab: an overlay testbed for broad-coverage services. SIGCOMM Comput. Commun. Rev., 33(3):3-12.
  4. Dunlap, G. W., King, S. T., Cinar, S., Basrai, M. A., and Chen, P. M. (2002). Revirt: enabling intrusion analysis through virtual-machine logging and replay. SIGOPS Oper. Syst. Rev., 36(SI):211-224.
  5. Garfinkel, T. and Rosenblum, M. (2003). A Virtual Machine Introspection Based Architecture for Intrusion Detection. Proceedings of the 2003 Network and Distributed System Security Symposium (NDSS).
  6. Goldberg, R. P. (1974). Survey of virtual machine research. IEEE Computer, 7(6):34-45.
  7. Griffin, J., Jaeger, T., Perez, R., Sailer, R., van Doorn, L., and Caceres, R. (2005). Trusted Virtual Domains: Toward secure distributed services. 1st IEEE Workshop on Hot Topics in System Dependability.
  8. Huang, W., Abali, B., and Panda, D. (2006). A case for high performance computing with virtual machines. Proc. of the 20th annual international conference on Supercomputing, pages 125-134.
  9. King, S. T. and Chen, P. M. (2005). Backtracking intrusions. ACM Trans. Comput. Syst., 23(1):51-76.
  10. L öhr, H., Ramasamy, H. V., Sadeghi, A.-R., Schulz, S., Schunter, M., and Stüble, C. (2007). Enhancing Grid Security Using Trusted Virtualization. In ATC, pages 372-384.
  11. Pearson, S. (2002). Trusted Computing Platforms, the Next Security Solution. Beaverton, USA: Trusted Computing Group Administration.
  12. Sailer, R., Jaeger, T., Zhang, X., and van Doorn, L. (2004). Attestation-based policy enforcement for remote access. In CCS 7804: Proceedings of the 11th ACM conference on Computer and communications security, pages 308-317, New York, NY, USA. ACM Press.
  13. Uhlig, R., Neiger, G., Rodgers, D., Santoni, A., Marting, F., Anderson, A., Bennett, S., Kagi, A., Leung, F., and Smith, L. (2005). Intel Virtualization Technology. Computer, 38(5):48-56.
  14. Wolinsky, D. I. and et al. (2006). On the Design of Virtual Machine Sandboxes for Distributed Computing in Wide Area Overlays of Virtual Workstations. In First Workshop on Virtualization Tech. in Distributed Computing (VTDC).

Paper Citation

in Harvard Style

Baiardi F., Maggiari D. and Sgandurra D. (2009). SECURING HEALTH INFORMATION INFRASTRUCTURES THROUGH OVERLAYS . In Proceedings of the International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2009) ISBN 978-989-8111-63-0, pages 123-128. DOI: 10.5220/0001430801230128

in Bibtex Style

author={Fabrizio Baiardi and Dario Maggiari and Daniele Sgandurra},
booktitle={Proceedings of the International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2009)},

in EndNote Style

JO - Proceedings of the International Conference on Health Informatics - Volume 1: HEALTHINF, (BIOSTEC 2009)
SN - 978-989-8111-63-0
AU - Baiardi F.
AU - Maggiari D.
AU - Sgandurra D.
PY - 2009
SP - 123
EP - 128
DO - 10.5220/0001430801230128