Requirements Federated Learning and mUlti-party computation Techniques for prostatE cancer
0.1.0 - ci-build
Requirements Federated Learning and mUlti-party computation Techniques for prostatE cancer
0.1.0 - ci-build
Requirements Federated Learning and mUlti-party computation Techniques for prostatE cancer, published by HL7 Europe. This guide is not an authorized publication; it is the continuous build for version 0.1.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/hl7-eu/flute-requirements/ and changes regularly. See the Directory of published versions
This sub-section contains system security and privacy requirements that will serve as input to D1.2 and provide a technical description of FLUTE components needed to achieve these requirements. These requirements separate the ones identified in the previous sub-section into functional and non-functional.
Table 3: Software Specification for security and privacy - functional requirements
| ID | Description | Category | KPI | URS ID |
|---|---|---|---|---|
| F-SRS-1 | Platform should provide secure methods to access the system like multi-factor authentication | Security | URS-3 | |
| F-SRS-2 | Access to different platform features should be role-based. | Security | URS-3 | |
| F-SRS-3 | User sessions should time out after a period of inactivity | Security | URS-3 | |
| F-SRS-4 | FLUTE platform should allow to select which protection techniques are using in a training | Privacy | URS-2 | |
| F-SRS-5 | Local training algorithms should be run in the data owner infrastructure | Privacy | URS-1 | |
| F-SRS-6 | Local trained models should be sent to aggregator using TLS | Security | URS-4 | |
| F-SRS-7 | Data owners should be able to select which fields of their data sets can be used for model training | Privacy | URS-5 | |
| F-SRS-8 | FLUTE platform should log every use of the data. | Privacy | URS-10 | |
| F-SRS-9 | FLUTE platform should initiate a local training when the data owner provides consent to use the data to that study | Privacy | URS-11 | |
| F-SRS-10 | FLUTE platform should allow the user to select whether the central aggregator has clear access to the local models. | Privacy | URS-14 |
Table 4: Software Specification for security and privacy – non-functional requirements
| ID | Description | Category | KPI | URS ID |
|---|---|---|---|---|
| NF-SRS-1 | FLUTE platform should have password policies | Security | URS-3 | |
| NF-SRS-2 | FLUTE platform should implement several PETs to protect data privacy | Privacy | URS-6, URS-7, URS-8 | |
| NF-SRS-3 | Administrators of FLUTE platform should keep the systems up-to-date and patched. | Security | URS-9 | |
| NF-SRS-4 | There should be security policies to avoid the use of potentially vulnerable software | Security | URS-9 | |
| NF-SRS-5 | FLUTE platform should guarantee data is not tampered with in training processes | Privacy | URS-15 |