Security Analysis and Threat Modeling of Research Management Applications [Extended Version]
Boniface M. Sindala, Ragib Hasan
TL;DR
The paper addresses security risks in RMAs handling sensitive clinical data, using REDCap as a representative system. It combines threat modeling with MITRE ATT&CK, STRIDE, DFDs, and the Dolev-Yao formal model to identify weaknesses across data flows and protocols. Key contributions include a comprehensive RMA threat model, mapping threats to concrete mitigations such as MFA, Zero Trust Architecture, and formal protocol verification. The findings support stronger data confidentiality, integrity, and availability in multi-site research environments while aligning with HIPAA/GDPR requirements.
Abstract
Research management applications (RMA) are widely used in clinical research environments to collect, transmit, analyze, and store sensitive data. This data is so valuable making RMAs susceptible to security threats. This analysis, analyzes RMAs' security, focusing on Research Electronic Data Capture (REDCap) as an example. We explore the strengths and vulnerabilities within RMAs by evaluating the architecture, data flow, and security features. We identify and assess potential risks using the MITRE ATT\&CK framework and STRIDE model. We assess REDCap's defenses against common attack vectors focusing on security to provide confidentiality, integrity, availability, non-repudiation, and authentication. We conclude by proposing recommendations for enhancing the security of RMAs, ensuring that critical research data remains protected without compromising usability. This research aims to contribute towards a more secure framework for managing sensitive information in research-intensive environments.