Artículos (Ingeniería Telemática)

URI permanente para esta colecciónhttps://hdl.handle.net/11441/11387

Examinar

Envíos recientes

Mostrando 1 - 20 de 52
  • Miniatura
    Acceso abiertoArtículo
    A Scalable Microservices Architecture for Condition Monitoring and State-of-Health Tracking in Power Conversion Systems
    (Multidisciplinary Digital Publishing Institute (MDPI), 2026-02) García-Campos, José Manuel; Márquez Alcaide, Abraham; Letrado Castellanos, Alejandro; Portillo Guisado, Ramón Carlos; León Galván, José Ignacio; Ingeniería Telemática; Ingeniería Electrónica; Ministerio de Ciencia e Innovación (MICIN). España; European Union (UE); Shanghai Partner Research Program
    The role of power converters in modern electrical infrastructure (such as electric vehicle charging stations, battery energy storage systems and photovoltaic energy systems) has become critical. Given the high reliability required by these converters, continuous condition monitoring for predictive maintenance is mandatory. Traditional SCADA and HMI systems often face scalability bottlenecks and lack the flexibility in data aggregation and storage scalability required for long-term predictive maintenance. This paper proposes a scalable, containerized microservices-based architecture for degradation tracking and State-of-Health (SoH) monitoring in power conversion systems. The architecture features a decoupled four-layer structure, utilizing dedicated UDP servers for low-latency data ingestion, RabbitMQ (AMQP) for robust message routing, and a NoSQL (MongoDB) storage layer with a FastAPI interface. The proposed system was validated using a Hardware-in-the-Loop (HiL) setup with a Typhoon HIL606 simulator monitoring an Active Neutral Point Clamped (ANPC) power converter. Experimental stress tests demonstrated a Packet Delivery Ratio (PDR) of 1.0 at ingestion rates up to 100 messages per second (msgs/s) per node. The system exhibits transmission and processing overheads consistently below 5 ms, ensuring timely data availability for tracking thermal dynamics and parametric aging trends. This operational performance significantly exceeds the nominal requirement of 2 msgs/s for condition monitoring, ensuring robust data integrity. Finally, this modular approach provides the horizontal scalability necessary for Industry 4.0 integration, offering a high-performance framework for long-term health monitoring in modern power electronics.
  • Miniatura
    Acceso abiertoArtículo
    Experiences applying RM-ODP principles and techniques to intelligent transportation system architectures
    (Elsevier, 2013-03) Román Martínez, Isabel; Madinabeitia Luque, Germán; Jiménez, L.; Molina, G.A.; Ternero Muñiz, Juan Antonio; Ingeniería Telemática
    This paper shows the early experiences transferring architectural knowledge from Academic to Industry within an R + D + I project. This is done through the design and development of an Intelligent Transportation System (ITS) Architecture following SOA and RM-ODP principles, to facilitate openness, reusability, scalability and interoperability. Rationale selection of standards, technologies and platforms, considering system's requirements (real time, cost ellipsis) has been done. An iterative agile development process, with incremental stages from design to final prototype, has been used. Early outcomes are centered in two services; multimedia flow management and notification. They have been developed using CORBA and are embedded in system's devices.
  • Miniatura
    Acceso abiertoArtículo
    Development and Validation in Porcine and Human Models of a Bioimpedance Spectroscopy System for the Objective Assessment of Kidney Graft Viability
    (Multidisciplinary Digital Publishing Institute (MDPI), 2025) Naranjo Hernández, David; Reina Tosina, Luis Javier; Roa Romero, Laura María; Barbarov-Rostán, Gerardo; Calvillo Arbizu, Jorge; Talaminos Barroso, Alejandro; Pérez Valdivia, Miguel Ángel; Medina López, Rafael; Teoría de la Señal y Comunicaciones; Ingeniería Telemática; Medicina; Cirugía; Fundación Mutua Madrileña; Junta de Andalucía
    This work presents an innovative bioimpedance spectroscopy device, developed as a support tool for decision-making during the evaluation of kidney viability for renal transplantation. Given the increasing demand for organs and the need to optimize donation criteria, the precise and objective assessment of renal graft functionality has become crucial. The device, based on a modular design and adapted to the surgical environment, uses a novel Cole model with a frequency-dependent membrane capacitance, which improves measurement accuracy and repeatability compared to conventional models. Adapting the device for operating room usege involved overcoming significant challenges, such as the need for sterilization and a visual, tactile and acoustic user interface that facilitates device usability. Optimizing the sensing stage has minimized the influence of measurement artifacts, which is crucial for obtaining accurate and representative measurements of renal tissue bioelectrical properties. In addition, a rigorous electrode sterilization protocol was designed, ensuring asepsis during the procedure. The results of tests on porcine renal models demonstrated the device’s ability to monitor pathophysiological changes associated with renal ischemia, with a notable improvement against measurement repeatability.
  • Miniatura
    Acceso abiertoArtículo
    Building a large, realistic and labeled HTTP URI dataset for anomaly-based intrusion detection systems: Biblio-US17
    (Springer, 2025) Díaz Verdejo, Jesús; Estepa Alonso, Rafael María; Estepa Alonso, Antonio José; Muñoz Calle, Francisco Javier; Madinabeitia Luque, Germán; Ingeniería Telemática; Ministerio de Ciencia e Innovación (MICIN). España; TIC154: Departamento de Ingeniería Telemática
    This paper introduces Biblio-US17, a labeled dataset collected over 6 months from the log fles of a popular public website at the University of Seville. It contains 47 million records, each including the method, uniform resource identifer (URI) and associated response code and size of every request received by the web server. Records have been classifed as either normal or attack using a comprehensive semi-automated process, which involved signature-based detection, assisted inspection of URIs vocabulary, and substantial expert manual supervision. Unlike comparable datasets, this one ofers a genuine real-world perspective on the normal operation of an active website, along with an unbiased proportion of actual attacks (i.e., non-synthetic). This makes it ideal for evaluating and comparing anomalybased approaches in a realistic environment. Its extensive size and duration also make it valuable for addressing challenges like data shift and insufcient training. This paper describes the collection and labeling processes, dataset structure, and most relevant properties. We also include an example of an application for assessing the performance of a simple anomaly detector. Biblio-US17, now available to the scientifc community, can also be used to model the URIs used by current web servers.
  • Miniatura
    Acceso abiertoArtículo
    A Flexible Multilevel System for Mitre ATT&CK Model-driven Alerts and Events Correlation in Cyberattacks Detection
    (Journal of Universal Computer Science, 2024) Muñoz Calle, Francisco Javier; Estepa Alonso, Rafael María; Estepa Alonso, Antonio José; Díaz Verdejo, Jesús; Castillo Fernández, Elvira; Madinabeitia Luque, Germán; Ingeniería Telemática; Ministerio de Ciencia e Innovación (MICIN). España; Agencia Estatal de Investigación. España; TIC154: Departamento de Ingeniería Telemática
    Network monitoring systems can struggle to detect the full sequence of actions in a multi-step cyber attack, frequently resulting in multiple alerts (some of which are false positive (FP)) and missed actions. The challenge of easing the job of security analysts by triggering a single and accurate alert per attack requires developing and evaluating advanced event correlation techniques and models that have the potential to devise relationships between the different observed events/alerts. This work introduces a flexible architecture designed for hierarchical and iterative correlation of alerts and events. Its key feature is the sequential correlation of operations targeting specific attack episodes or aspects. This architecture utilizes IDS alerts or similar cybersecurity sensors, storing events and alerts in a non-relational database. Modules designed for knowledge creation then query these stored items to generate meta-alerts, also stored in the database. This approach facilitates creating a more refined knowledge that can be built on top of existing one by creating specialized modules. For illustrative purposes, we make a case study where we use this architectural approach to explore the feasibility of monitoring the progress of attacks of increased complexity by increasing the levels of the hyperalerts defined, including a case of a multi-step attack that adheres to the ATT&CK model. Although the mapping between the observations and the model components (i.e., techniques and tactics) is challenging, we could fully monitor the progress of two attacks and up to 5 out of 6 steps of the most complex attack by building up to three specialized modules. Despite some limitations due to the sensors and attack scenarios tested, the results indicate the architecture’s potential for enhancing the detection of complex cyber attacks, offering a promising direction for future cybersecurity research.
  • Miniatura
    Acceso abiertoArtículo
    A methodology for conducting efficient sanitization of HTTP training datasets
    (Elsevier, 2020-08) Díaz Verdejo, Jesús; Estepa Alonso, Antonio José; Estepa Alonso, Rafael María; Madinabeitia Luque, Germán; Muñoz Calle, Francisco Javier; Ingeniería Telemática; Cooperación Tecnológica de Andalucía; Universidad de Sevilla; TIC154: Departamento de Ingeniería Telemática
    The performance of anomaly-based intrusion detection systems depends on the quality of the datasets used to form normal activity profiles. Suitable datasets should include high volumes of real-life data free from attack instances. On account of this requirement, obtaining quality datasets from collected data requires a process of data sanitization that may be prohibitive if done manually, or uncertain if fully automated. In this work, we propose a sanitization approach for obtaining datasets from HTTP traces suited for training, testing, or validating anomaly-based attack detectors. Our methodology has two sequential phases. In the first phase, we clean known attacks from data using a pattern-based approach that relies on tools that detect URI-based known attacks. In the second phase, we complement the result of the first phase by conducting assisted manual labeling systematically and efficiently, setting the focus of expert examination not on the raw data (which would be millions of URIs), but on the set of words that compose the URIs. This dramatically downsizes the volume of data that requires expert discernment, making manual sanitization of large datasets feasible. We have applied our method to sanitize a trace that includes 45 million requests received by the library web server of the University of Seville. We were able to generate clean datasets in less than 84 h with only 33 h of manual supervision. We have also applied our method to some public benchmark datasets, confirming that attacks unnoticed by signature-based detectors can be discovered in a reduced time span.
  • Miniatura
    Acceso abiertoArtículo
    Use of TDM pseudo-wires for an efficient NGN emulation of ISDN multi-channel circuit-mode bearer services
    (River Publishers ; Rinton Press, 2014-03) Muñoz Calle, Francisco Javier; Sierra Collado, Antonio Jesús; Vozmediano Torres, Juan Manuel; Ingeniería Telemática
    The specifications of the Next Generation Networks (NGN) agree on the need for migration mechanisms that enable the replacement of traditional networks, highlighting the ISDN networks. This requirement has a notable impact on NGN in terms of network design. Recent solutions proposed by ITU-T and ETSI for ISDN migration only include support for a subset of current ISDN services, not covering in detail the multi-channel circuit-mode bearer services. This paper examines the use of TDM pseudowires for NGN emulation of ISDN multi-channel calls between ISDN terminals, proposing new payload types.
  • Miniatura
    Acceso abiertoArtículo
    Computing Labs on Virtual Environments: A Flexible, Portable, and Multidisciplinary Model
    (IEEE, 2016-11) Muñoz Calle, Francisco Javier; Fernández Jiménez, Francisco José; Ariza Gómez, María Teresa; Sierra Collado, Antonio Jesús; Vozmediano Torres, Juan Manuel; Ingeniería Telemática
    Computer-aided teaching of practical subjects in engineering education poses new challenges. Computers have to be configured to support the particular requirements of each subject. Virtual environments allow the building of a virtual machine (VM) tailored to the requirements of each subject, allowing flexible, versatile, and low-cost laboratory configurations. However, the use of multiple VM at a shared computing facility poses new problems on the lab sessions, both technical and performance related. To solve these challenges, we have developed the VM on-demand tool. This tool automates the adaptation of each VM to the environment in which it is deployed. As a result, the creation of computer-aided engineering laboratories on a shared computing facility using VM is possible and profitable.
  • Miniatura
    Acceso abiertoContribución de Congreso
    Emulation of ISDN Multi-channel Circuit-mode Bearer Services in Next Generation Networks by TDM Pseudo-Wires
    (Institute of Electrical and Electronics Engineers (IEEE), 2012-12) Muñoz Calle, Francisco Javier; Sierra Collado, Antonio Jesús; Vozmediano Torres, Juan Manuel; Ingeniería Telemática
    The specifications of the Next Generation Networks (NGN) agree on the need for migration mechanisms that enable the replacement of traditional networks, highlighting the ISDN networks. This requirement has a notable impact on NGN in terms of network design. Recent solutions proposed by ITU-T and ETSI for ISDN migration only include support for a subset of current ISDN services, not covering in detail the multi-channel circuit-mode bearer services. This paper examines the use of TDM pseudowires for NGN emulation of ISDN multi-channel calls between ISDN terminals, proposing new payload types.
  • Miniatura
    Acceso abiertoArtículo
    A survey on unmanned aerial and aquatic vehicle multi-hop networks: Wireless communications, evaluation tools and applications
    (Elsevier, 2018-04) Sánchez García, Jesús; García-Campos, José Manuel; Arzamendia, Mario; Gutiérrez Reina, Daniel; Toral, S. L.; Gregor, Derlis O.; Ingeniería Telemática; Ingeniería Electrónica
    Unmanned aerial and aquatic vehicle networks have attracted the attention of the wireless communication research community in the last decade. The low manufacturing costs for developing small unmanned vehicles and the notable developments on wireless communication technologies have made possible the design of cooperative applications involving multiple unmanned aerial and aquatic vehicles. However, the design of wireless networks, which include very dynamic and complex entities like unmanned vehicles, poses many challenges. Fortunately, unmanned aerial vehicle networks applications usually resemble those of unmanned aquatic vehicle networks such as military missions, or environmental monitoring among others. With the exception of the obvious differences in the lower layers of the wireless communications protocols, valid approaches used in the aerial medium could be easily adapted to the aquatic medium. This survey presents together the main features to take into account for designing unmanned aerial and aquatic vehicle networks with the aim to help the reader to transfer valid approaches and techniques between aerial and aquatic applications. We survey the results of more than 100 references on this topic published in international conferences and journals, and we also include the results of several bibliometric analyses in order to better present the status of the art and research directions on this scientific area.
  • Miniatura
    Acceso abiertoArtículo
    Minimizing energy consumption in 802.15.4 IoT devices with multilevel xRPL (MxRPL)
    (Elsevier, 2023-12) Ternero Muñiz, Juan Antonio; Mayor Gallego, Vicente Jesús; Estepa Alonso, Rafael María; Estepa Alonso, Antonio José; Madinabeitia Luque, Germán; Ingeniería Telemática; TIC154: Departamento de Ingeniería Telemática
    IoT devices using IEEE 802.15.4 radio links may offer adaptable transmit power. But, since transmit power determines coverage, the problem of choosing the optimal tx power for each node is intertwined with the routing problem. We present a new cross-layer routing approach for reducing energy consumption in IEEE 802.15.4 IoT devices with adjustable radio power level termed multilevel cross-layer RPL (MxRPL). In our scheme, each node sets its tx power level according to the RPL parent chosen in the path with the lowest additive product of ETX and nodes’ tx power. We also propose a new probing mechanism that maintains fresh link statistics for each neighbor and power level restraining the associated control messages. We have implemented our approach in Cooja’s Z1 mote and simulated a network with 15 nodes in areas of different size. The results show that MxRPL achieves energy savings in the radio of up to 34% in reception and 20% in transmission compared to a simpler cross-layer binary approach previously published by the authors (i.e., each node chooses either its maximum or minimum tx power level). Energy savings are even greater compared to default RPL (up to 40% in reception and 26% in transmission). This is mostly attributable to the generation of less control messages and a more efficient use of tx power. Our scheme exhibits better results in medium and large size scenarios (e.g., 25 m 25 m, 42 m2 /node), whereas a simpler binary approach is slightly more advantageous in small and dense scenarios.
  • Miniatura
    Acceso abiertoArtículo
    Supporting VoIP communication in IEEE 802.11ax networks: A new admission control and scheduling resource allocation scheme
    (Elsevier, 2024-08) Estepa Alonso, Rafael María; Davis, Mark; Mayor Gallego, Vicente Jesús; Estepa Alonso, Antonio José; Ingeniería Telemática; Universidad de Sevilla; TIC154: Departamento de Ingeniería Telemática
    The current IEEE 802.11ax standard enhances Wi-Fi networks with a series of new features, such as multi-user (MU) transmission, an Orthogonal Frequency Division Multiple Access (OFDMA) scheme and the ability to multiplex traffic from different access categories (ACs). These features can be utilized to enhance the QoS support for VoIP traffic and optimize the usage of IEEE 802.11ax network resources. This work proposes a new scheme to multiplex VoIP calls in IEEE 802.11ax MU frames and a new scheduler and resource allocation algorithm specifically designed for VoIP data traffic. Our scheduler allocates VoIP packets requiring longer transmission times into the same frame(s), minimizing the channel air-time assigned to VoIP transmission. In addition, unused radio resources in the MU frame are leveraged to transmit best-effort packets along with VoIP packets. For completeness, we also define a call admission control (CAC) algorithm that anticipates channel saturation conditions to ensure VoIP users can maintain a guaranteed level of QoS. Based on simulation results, our scheme is more efficient in reducing channel utilization than other schedulers such as multi-user roundrobin (RR) (implemented by ns-3) or single-user FIFO. For example, for 30 VoIP stations using the G.711 codec under mixed channel conditions, our scheme reduces by 30% the air-time required to transmit VoIP packets. When coupled with the ability to also send best-effort packets along with VoIP packets, this translates into a higher throughput (i.e. 10 Mbit/s vs 4 Mbit/s) and more simultaneous VoIP users with guaranteed QoS (up to 46 VoIP users vs 26 and 28 users for the multi-user RR and single-user FIFO scheduling algorithms, respectively).
  • Miniatura
    Acceso abiertoArtículo
    Smart home anomaly-based IDS: architecture proposal and case study
    (Elsevier, 2023) Lara Romero, Agustín Walabonso; Mayor Gallego, Vicente Jesús; Estepa Alonso, Rafael María; Estepa Alonso, Antonio José; Díaz Verdejo, Jesús; Ingeniería Telemática; Ministerio de Ciencia e Innovación (MICIN). España; Agencia Estatal de Investigación. España; Fondo Europeo de Desarrollo Regional (FEDER); Consejería de Transformación Económica, Industria, Conocimiento y Universidades. Junta de Andalucía; TIC154: Departamento de Ingeniería Telemática
    The complexity and diversity of the technologies involved in the Internet of Things (IoT) challenge the generalization of security solutions based on anomaly detection, which should fit the particularities of each context and deployment and allow for performance comparison. In this work, we provide a flexible architecture based on building blocks suited for detecting anomalies in the network traffic and the application-layer data exchanged by IoT devices in the context of Smart Home. Following this architecture, we have defined a particular Intrusion Detector System (IDS) for a case study that uses a public dataset with the electrical consumption of 21 home devices over one year. In particular, we have defined ten Indicators of Compromise (IoC) to detect network attacks and two anomaly detectors to detect false command or data injection attacks. We have also included a signature-based IDS (Snort) to extend the detection range to known attacks. We have reproduced eight network attacks (e.g., DoS, scanning) and four False Command or Data Injection attacks to test our IDS performance. The results show that all attacks were successfully detected by our IoCs and anomaly detectors with a false positive rate lower than 0.3%. Signature detection was able to detect only 4 out of 12 attacks. Our architecture and the IDS developed can be a reference for developing future IDS suited to different contexts or use cases. Given that we use a public dataset, our contribution can also serve as a baseline for comparison with new techniques that improve detection performance.
  • Miniatura
    Acceso abiertoArtículo
    Blockchain-Based Service-Oriented Architecture for Consent Management, Access Control, and Auditing
    (Institute of Electrical and Electronics Engineers Inc., 2023) Román Martínez, Isabel; Calvillo Arbizu, Jorge; Mayor Gallego, Vicente Jesús; Madinabeitia Luque, Germán; Estepa Alonso, Antonio José; Estepa Alonso, Rafael María; Ingeniería Telemática; Ministerio de Ciencia e Innovación; TIC154: Departamento de Ingeniería Telemática
    Continuity of care requires the exchange of health information among organizations and care teams. The EU General Data Protection Regulation (GDPR) establishes that subject of care should give explicit consent to the treatment of her personal data, and organizations must obey the individual’s will. Nevertheless, few solutions focus on guaranteeing the proper execution of consents. We propose a serviceoriented architecture, backed by blockchain technology, that enables: (1) tamper-proof and immutable storage of subject of care consents; (2) a fine-grained access control for protecting health data according to consents; and (3) auditing tasks for supervisory authorities (or subjects of care themselves) to assess that healthcare organizations comply with GDPR and granted consents. Standards for health information exchange and access control are adopted to guarantee interoperability. Access control events and the subject of care consents are maintained on a blockchain, providing a trusted collaboration between organizations, supervisory authorities, and individuals. A prototype of the architecture has been implemented as a proof of concept to evaluate the performance of critical components. The application of subject of care consent to control the treatment of personal health data in federated and distributed environments is a pressing concern. The experimental results show that blockchain can effectively support sharing consent and audit events among healthcare organizations, supervisory authorities, and individuals.
  • Miniatura
    Acceso abiertoArtículo
    CO-CAC: A new approach to Call Admission Control for VoIP in 5G/WiFi UAV-based relay networks
    (Elsevier, 2023-01) Mayor Gallego, Vicente Jesús; Estepa Alonso, Rafael María; Estepa Alonso, Antonio José; Ingeniería Telemática; TIC154: Ingeniería Telemática
    Voice over IP (VoIP) requires a Call Admission Control (CAC) mechanism in WiFi networks to preserve VoIP packet flows from excessive network delay or packet loss. Ideally, this mechanism should be integrated with the operational scenario, guarantee the quality of service of active calls, and maximize the number of concurrent calls. This paper presents a novel CAC scheme for VoIP in the context of a WiFi access network deployed with Unmanned Aerial Vehicles (UAVs) that relay to a backhaul 5G network. Our system, named Codec-Optimization CAC (CO-CAC), is integrated into each drone. It intercepts VoIP call control messages and decides on the admission of every new call based on a prediction of the WiFi network’s congestion level and the minimum quality of service desired for VoIP calls. To maximize the number of concurrent calls, CO-CAC proactively optimizes the codec settings of active calls by exchanging signaling with VoIP users. We have simulated CO-CAC in a 50 m 50 m scenario with four UAVs providing VoIP service to up to 200 ground users with IEEE 802.11ac WiFi terminals. Our results show that without CAC, the number of calls that did not meet a minimum quality level during the simulation was 10% and 90%, for 50 and 200 users, respectively. However, when CO-CAC was in place, all calls achieved minimum quality for up to 90 users without rejecting any call. For 200 users, only 25% of call attempts were rejected by the admission control scheme. These results were narrowly worse when the ground users moved randomly in the scenario.
  • Miniatura
    Acceso abiertoArtículo
    Aproximación metodológica al diseño de un sistema de teleasistencia para pacientes en prediálisis y diálisis peritoneal
    (Elsevier, 2014-03) Calvillo Arbizu, Jorge; Roa Romero, Laura María; Milán Martín, Jose Antonio; Aresté Fosalba, Nuria; Tornero Molina, Fernando; Macía Heras, Manuel; Vega Díaz, Nicanor; Ingeniería de Sistemas y Automática; Ingeniería Telemática; Instituto de Salud Carlos III; CIBER-BBN; TIC203: Ingeniería Biomédica
    Antecedentes: Un importante obstáculo que dificulta el despliegue de soluciones tecnológicas en sanidad es el rechazo que encuentran los sistemas desarrollados por los usuarios que tienen que utilizarlos (ya sean profesionales sanitarios o pacientes), que consideran que no se adaptan a sus necesidades reales. Objetivos: (1) Diseñar una arquitectura tecnológica para la asistencia remota de pacientes nefrológicos aplicando una metodología que prime la implicación de los usuarios (profesionales y pacientes) en todo el diseño y desarrollo; (2) ilustrar cómo las necesidades de los usuarios pueden ser recogidas y respondidas mediante la tecnología, aumentando el nivel de aceptación de los sistemas finales. Métodos: Para obtener las principales necesidades que existen actualmente en Nefrología se implicó a un conjunto de servicios españoles de la especialidad. Se realizó una recogida de necesidades mediante entrevistas semiestructuradas al equipo médico y cuestionarios a profesionales y pacientes. Resultados: Se extrajeron un conjunto de requisitos tanto de profesionales como de pacientes y, paralelamente, el grupo de ingenieros biomédicos identificó requisitos de la asistencia remota de pacientes desde un punto de vista tecnológico. Todos estos requisitos han dado pie al diseño de una arquitectura modular para la asistencia remota de pacientes en diálisis peritoneal y prediálisis. Conclusiones: Este trabajo ilustra cómo es posible implicar a los usuarios en todo el proceso de diseño y desarrollo de un sistema. Fruto de este trabajo es el diseño de una arquitectura modular adaptable para asistencia remota de pacientes nefrológicos respondiendo a las preferencias y necesidades de los usuarios pacientes y profesionales consultados.
  • Miniatura
    Acceso abiertoArtículo
    Privilege Management Infrastructure for Virtual Organizations in Healthcare Grids
    (Institute of Electrical and Electronics Engineers Inc., 2011-03) Calvillo Arbizu, Jorge; Román Martínez, Isabel; Rivas Rivas, Sergio; Roa Romero, Laura María; Ingeniería de Sistemas y Automática; Ingeniería Telemática; CIBER-BBN; Instituto de Salud Carlos III; TIC203: Ingeniería Biomédica
    This paper is focused on the management of virtual organizations (VO) inside healthcare environments where grid technology is used as middleware for a healthcare services-oriented architecture (HSOA). Some of the main tasks considered for the provision of an efficient VOmanagement aremanagement of users, assignation of roles to users, assignation of privileges to roles, and definition of resources access policies. These tasks are extremely close to privilege management infrastructures (PMI), so we face VOmanagement services as part of the PMI supporting access control to healthcare resources inside the HSOA. In order to achieve a completely open and interoperable PMI, we review and apply standards of security and architectural design. Moreover, semantic technologies are introduced in decision points for access control allowing the management of a high degree of descriptors by means of ontologies and infer the decision making through rules and reasoners.
  • Miniatura
    Acceso abiertoArtículo
    Easing the development of healthcare architectures following RM-ODP principles and healthcare standards
    (Elsevier, 2013-03) Calvillo Arbizu, Jorge; Román Martínez, Isabel; Rivas Rivas, Sergio; Roa Romero, Laura María; Ingeniería de Sistemas y Automática; Ingeniería Telemática; CIBER-BBN; Instituto de Salud Carlos III; European Commission (EC). Fondo Europeo de Desarrollo Regional (FEDER); TIC203: Ingeniería Biomédica
    RM-ODP has been widely accepted and used in the field of system and software model engineering and of enterprise computing within different environments. One of these specific domains is healthcare, in which the international standard Health Information Services Architecture (HISA) is applied under the directives of RM-ODP. HISA presents a flexible architecture identifying common use cases, actors, information, and services and easing its extension with specific services, systems and information. The HISA standard follows system specification through the RM-ODP viewpoints but it does not consider other features of the reference model, such as the Enterprise language or the UML4ODP specification. In this paper, we introduce the rationale and specification of the three technology-independent viewpoints of an HISA-based architecture conforming to RM-ODP and UML4ODP. Moreover, we evaluate how easy it is to extend this architecture to introduce specific services and elements. As proof of concept we explore security and privacy issues (i.e., requirements, actors, information objects, etc.) and enrich the architecture with suitable objects and services, mainly from access control standardization efforts. In addition, a detailed discussion about the divergences between RM-ODP and HISA is presented. The main contribution of our work is to develop (guided by RM-ODP, HISA, and other standards) a methodology and tools allowing healthcare service developers and designers to build solutions conforming to standards and leveraging the benefits of distribution and interoperability. These tools consist of the specification of three technology-independent viewpoints according to the guidelines of HISA, RM-ODP and UML4ODP for the healthcare domain, and they will be freely available. In parallel, these viewpoints are extended with access control issues, and the adequacy of the HISA extension mechanism is evaluated.
  • Miniatura
    Acceso abiertoArtículo
    Empowering citizens with access control mechanisms to their personal health resources
    (Elsevier, 2013-01) Calvillo Arbizu, Jorge; Román Martínez, Isabel; Roa Romero, Laura María; Ingeniería de Sistemas y Automática; Ingeniería Telemática; CIBER-BBN; Instituto de Salud Carlos III; European Commission (EC). Fondo Europeo de Desarrollo Regional (FEDER); TIC203: Ingeniería Biomédica
    Background: Advancements in information and communication technologies have allowed the development of new approaches to the management and use of healthcare resources. Nowadays it is possible to address complex issues such as meaningful access to distributed data or communication and understanding among heterogeneous systems. As a consequence, the discussion focuses on the administration of the whole set of resources providing knowledge about a single subject of care (SoC). New trends make the SoC administrator and responsible for all these elements (related to his/her demographic data, health, well-being, social conditions, etc.) and s/he is granted the ability of controlling access to them by third parties. The subject of care exchanges his/her passive role without any decision capacity for an active one allowing to control who accesses what. Purpose: We study the necessary access control infrastructure to support this approach and develop mechanisms based on semantic tools to assist the subject of care with the specification of access control policies. This infrastructure is a building block of a wider scenario, the Person-Oriented Virtual Organization (POVO), aiming at integrating all the resources related to each citizen’s health-related data. The POVO covers the wide range and heterogeneity of available healthcare resources (e.g., information sources, monitoring devices, or software simulation tools) and grants each SoC the access control to them. Methods: Several methodological issues are crucial for the design of the targeted infrastructure. The distributed system concept and focus are reviewed from the service oriented architecture (SOA) perspective. The main frameworks for the formalization of distributed system architectures (Reference Model-Open Distributed Processing, RM-ODP; and Model Driven Architecture, MDA) are introduced, as well as how the use of the Unified Modelling Language (UML) is standardized. The specification of access control policies and decision making mechanisms are essential keys for this approach and they are accomplished by using semantic technologies (i.e., ontologies, rule languages, and inference engines). Results: The results are mainly focused on the security and access control of the proposed scenario. An ontology has been designed and developed for the POVO covering the terminology of the scenario and easing the automation of administration tasks. Over that ontology, an access control mechanism based on rule languages allows specifying access control policies, and an inference engine performs the decision making process automatically. The usability of solutions to ease administration tasks to the SoC is improved by the Me-As-An-Admin (M3A) application. This guides the SoC through the specification of personal access control policies to his/her distributed resources by using semantic technologies (e.g., metamodeling, model-to-text transformations, etc.). All results are developed as services and included in an architecture in accordance with standards and principles of openness and interoperability. Conclusions: Current technology can bring health, social and well-being care actually centered on citizens, and granting each person the management of his/her health information. However, the application of technology without adopting methodologies or normalized guidelines will reduce the interoperability of solutions developed, failing in the development of advanced services and improved scenarios for health delivery. Standards and reference architectures can be cornerstones for future-proof and powerful developments. Finally, not only technology must follow citizen-centric approaches, but also the gaps needing legislative efforts that support these new paradigms of healthcare delivery must be identified and addressed.
  • Miniatura
    Acceso abiertoArtículo
    Does the Kidney Donor Profile Index (KDPI) predict graft and patient survival in a Spanish population?
    (Elsevier, 2018) Calvillo Arbizu, Jorge; Pérez Valdivia, Miguel Ángel; Gentil Govantes, Miguel Ángel; Castro de la Nuez, Pablo; Mazuecos Blanca, Auxiliadora; Rodríguez Benot, Alberto; Gracia Guindo, María; Borrego Utiel, Francisco; Cabello Díaz, Mercedes; Bedoya Pérez, Rafael; Alonso Gil, Manuel; Salgueira Lazo, Mercedes; Roa Romero, Laura María; Ingeniería de Sistemas y Automática; Ingeniería Telemática; Fondo de Investigación Sanitaria; TIC203: Ingenieria Biomedica
    Background and objective: The Kidney Donor Profile Index (KDPI), together with other donor and recipient variables, can optimise the organ allocation process. This study aims to check the feasibility of the KDPI for a Spanish population and its predictive ability of graft and patient survival. Materials and methods: Data from 2734 kidney transplants carried out in Andalusia between January 2006 and December 2015 were studied. Cases were grouped by recipient age, categorised by KDPI quartile and both graft and patient survival were compared among groups. Results: The KDPI accurately discriminated optimal organs from suboptimal or marginal ones. For adult recipients (aged: 18–59 years) it presents a hazard ratio of 1.013 (P < 0.001) for death-censored graft survival and of 1.013 (P = 0.007) for patient survival. For elderly recipients (aged: 60+ years), KDPI presented a hazard ratio of 1.016 (P = 0.001) for death-censored graft survival and of 1.011 (P = 0.0007) for patient survival. A multivariate analysis identified the KDPI, donor age, donation after circulatory death, recipient age and gender as predictive factors of graft survival. Conclusions: The results obtained show that the KDPI makes it possible to relate the donor’s characteristics with the greater or lesser survival of the graft and the patient in the Spanish population. However, due to certain limitations, a new index for Spain based on Spanish or European data should be created. In this study, some predictive factors of graft survival are identified that may serve as a first step in this path.