With the digitalization of healthcare, medical systems can be deployed across a wide variety of platforms, including cloud servers and edge computers, such as the Raspberry Pi, among others. Nonetheless, this portability introduces a security paradox: hardening configurations designed to operate in data centers can easily exhaust resources when run on smaller hardware. The primary issue this thesis aims to address is the challenge of enforcing standardized security policies across heterogeneous infrastructure without compromising system performance or availability. To overcome this, a cross-platform security setup was created and tested on a Jakarta EE and MariaDB-based healthcare application. The task was to protect this system on Linux Cloud Server, Windows Workstation, and Raspberry Pi. The study employed a three-stage approach, which includes threat evaluation using the STRIDE model, mitigation measures through a so-called Defense in Depth (e.g., OS isolation and a firewall), and quantification of performance impact through stress testing with Apache JMeter and Sysbench. Experimental results confirm that the framework mitigated all identified infrastructure threats, including identity spoofing and unencrypted traffic. Benchmarking highlighted significant performance variances; while the Cloud node supported 179 concurrent users, the Raspberry Pi saturated at 56 and required an Nginx reverse proxy to offload SSL processing to survive volumetric attacks. Surprisingly, the Raspberry Pi showed improved thermal properties to the Windows workstation, which throttled at full load. This study concludes that secure eHealth implementations can be achieved with low-power hardware provided that overhead security is controlled by platform-specific modifications. The results indicate that although application code can be platform-neutral, the security architecture underlying it must consider the physical and computational constraints of the host device to provide dependable patient care.
Nour Al Dine Hassan (Thu,) studied this question.