Requirements Federated Learning and mUlti-party computation Techniques for prostatE cancer
0.1.0 - ci-build
Requirements Federated Learning and mUlti-party computation Techniques for prostatE cancer
0.1.0 - ci-build
Requirements Federated Learning and mUlti-party computation Techniques for prostatE cancer, published by HL7 Europe. This guide is not an authorized publication; it is the continuous build for version 0.1.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/hl7-eu/flute-requirements/ and changes regularly. See the Directory of published versions
This section aims to identify the requirements that can be derived from the threat models and attacks identified in FLUTE, and therefore form the security and privacy requirements of the users and stakeholders of FLUTE platform.
Similarly to the TRUMPET platform, for accessing the FLUTE platform nodes (either data hubs or researchers) should authenticate securely. The individual users should use a secure login to obtain permissions which their affiliation/node can grant them. As nodes will communicate over the internet, there is a need for a secure communication channel between nodes so information is protected from external actors. All the devices used in the FLUTE platform must be secure and up to date with security patches so they are not vulnerable to malware or other attacks from malicious external users. The FLUTE platform should provide a logging system for the federated learning process so it can be audited as needed.
Regarding privacy requirements we have focused on the data that is going to be used in FLUTE and how it should be processed. Data should never leave data owner infrastructure in an accessible way (i.e., as in the TRUMPET project, encrypted data may leave the data owner as long as the data owner has control over decryption, e.g., by having a share of the decryption key or by having verified the TEE enclave the data is sent to), only fully privatized information (according to a privacy metric provided by the TRUMPET platform) can be shared. The aggregation of local models, gradients or values should not leak any information on the sensitive data. User privacy should be protected by the FLUTE platform so that it is not possible to recover user information with attacks such as data reconstruction, membership or property inference attacks. Data hubs should be able to provide or deny consent to use their data in the training of a model and the data used to train the model should be minimized to that necessary to train the models. Moreover, the FLUTE platform should be compliant with regulation.
Table 2: User requirements
| ID | Description | Priority | Category |
|---|---|---|---|
| URS-1 | Data should never leave data owner infrastructure | High | Privacy |
| URS-2 | Central aggregation of models should not leak any information of the data used to train local models | High | Privacy |
| URS-3 | Access to the platform should be protected by a secure login with multi-factor authentication. | Medium | Security |
| URS-4 | Communication between system nodes should be encrypted | High | Security and Privacy |
| URS-5 | Personal and sensitive data should not be used in the model training. In case it is required it should be properly protected, for example, with anonymization | Medium | Privacy |
| URS-6 | Users whose data is part in the training of a model should be protected to data reconstruction attacks. | High | Privacy |
| URS-7 | Users whose data is part if the training of a model should be protected to membership inference attacks. | High | Privacy |
| URS-8 | Users whose data is part if the training of a model should be protected to property inference attacks. | High | Privacy |
| URS-9 | Devices used in the Federated Learning process must be secure, regularly patched and protected against malware and other vulnerabilities | Medium | Security |
| URS-10 | All the federated learning processes should be logged to be able to conduct an audit in case of a security incident | Medium | Security |
| URS-11 | The system should provide consent management mechanisms | High | Privacy |
| URS-12 | The exchange of data between data owner nodes and central aggregator should follow the principle of data minimization. Only sharing the necessary data to be able to train models effectively. | High | Privacy |
| URS-13 | FLUTE platform should be compliant with regulations | High | Privacy |
| URS-14 | FLUTE platform should provide privacy in a semi-honest threat model (honest but curious parties). | High | Privacy |
| URS-15 | FLUTE platform should provide privacy in a threat model with malicious parties | High | Privacy |