Abstract
Regulatory bodies, industry and academia present a plethora of approaches for risk analysis and engineering for safety and security. However, few standards and approaches discuss the management of both safety and security risks. Fewer yet provide detail on how the two attributes interact within a given system. In this paper, the Safety-Security Assurance Framework (SSAF) is presented as a candidate solution to many of the extant challenges of attribute co-assurance. It is a holistic approach, based on the concept of independent co-assurance, that considers both the technical risk impact and the socio-technical impact on assurance. The Framework’s Technical Risk Model (TRM) is applied and evaluated against a case study of an insulin pump. It is argued that SSAF TRM is not only a plausible and practical approach, but also more effective for co-assurance than many existing approaches alone.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
AlTawy, R., Youssef, A.M.: Security tradeoffs in cyber physical systems: a case study survey on implantable medical devices. IEEE Access 4, 959–979 (2016)
Association for the Advancement of Medical Instrumentation: AAMI TIR57:2016 Principles for medical device security - Risk management. Technical report, June 2016
Bostrom, R.P., Heinen, J.S.: MIS problems and failures: a socio-technical perspective part I: the causes. MIS Q. 1, 17–32 (1977)
Camara, C., Peris-Lopez, P., Tapiador, J.E.: Security and privacy issues in implantable medical devices: a comprehensive survey. J. Biomed. Inform. 55, 272–289 (2015)
Chen, Y., Lawford, M., Wang, H., Wassyng, A.: Insulin pump software certification. In: Gibbons, J., MacCaull, W. (eds.) FHIES 2013. LNCS, vol. 8315, pp. 87–106. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-53956-5_7
Despotou, G., Alexander, R., Kelly, T.: Addressing challenges of hazard analysis in systems of systems. In: 2009 3rd Annual IEEE Systems Conference, pp. 167–172. IEEE (2009)
Firesmith, D.G.: Common concepts underlying safety security and survivability engineering. Software Engineering Institute, Carnegie-Mellon University, Pittsburgh PA, Technical report (2003)
Food and Drug Administration (FDA): Infusion Pumps Total Product Life Cycle: Guidance for Industry and FDA Staff. Technical report, U.S. Department of Health and Human Services, December 2014
Friedberg, I., McLaughlin, K., Smith, P., Laverty, D., Sezer, S.: STPA-SafeSec: safety and security analysis for cyber-physical systems. J. Inf. Secur. Appl. 34, 183–196 (2017)
Glaser, B.G., Strauss, A.L.: Discovery of Grounded Theory: Strategies for Qualitative Research. Routledge, New York (2017)
Hawkins, R., Habli, I., Kelly, T.: Principled construction of software safety cases. In: SAFECOMP 2013-Workshop SASSUR (Next Generation of System Assurance Approaches for Safety-Critical Systems) of the 32nd International Conference on Computer Safety, Reliability and Security (2013)
Hawkins, R., Kelly, T., Knight, J., Graydon, P.: A new approach to creating clear safety arguments. In: Dale, C., Anderson, T. (eds.) Advances in Systems Safety, pp. 3–23. Springer, London (2011). https://doi.org/10.1007/978-0-85729-133-2_1
Hu, R., Li, C.: The design of an intelligent insulin pump. In: 2015 4th International Conference on Computer Science and Network Technology (ICCSNT), vol. 1, pp. 736–739. IEEE (2015)
ISO 14971:2007 Medical devices - Application of risk management to medical devices. Standard, International Organization for Standardization, Geneva, CH, September 2007
ISO/IEC 27001:2013 Information technology - Security techniques - Information security management systems - Requirements. Standard, International Organization for Standardization, Geneva, CH, October 2013
Johnson, N., Kelly, T.: Safety-security assurance framework (SSAF) in practice. In: 37th International Conference on Computer Safety, Reliability, & Security SAFECOMP2018 (Abstract Paper) (2018)
Johnson, N., Kelly, T.: An assurance framework for independent co-assurance of safety and security. In: Muniak, C. (ed.) Journal of System Safety. International System Safety Society (January 2019), presented at: the 36th International System Safety Conference (ISSC), Arizona, USA, August 2018
Jones, L.G., Lattanze, A.J.: Using the architecture tradeoff analysis method to evaluate a wargame simulation system: a case study. Technical report, Carnegie Mellon University; Software Engineering Institute (SEI), Pittsburg, PA, USA (2001)
Kazman, R., Klein, M., Barbacci, M., Longstaff, T., Lipson, H., Carriere, J.: The architecture tradeoff analysis method. In: Proceedings Fourth IEEE International Conference on Engineering of Complex Computer Systems (Cat. No. 98EX193), pp. 68–78. IEEE (1998)
Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Foundations of attack–defense trees. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 80–95. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19751-2_6
Lange, R., Burger, E.W.: Long-term market implications of data breaches, not. J. Inf. Priv. Secur. 13(4), 186–206 (2017)
Lazenbatt, A., Elliott, N., et al.: How to recognise a ‘quality’ grounded theory research study. Aust. J. Adv. Nurs. 22(3), 48 (2005)
Leveson, N.G.: A new approach to hazard analysis for complex systems. In: International Conference of the System Safety Society (2003)
Li, C., Raghunathan, A., Jha, N.K.: Hijacking an insulin pump: security attacks and defenses for a diabetes therapy system. In: 2011 IEEE 13th International Conference on e-Health Networking, Applications and Services, pp. 150–156. IEEE (2011)
Luckett, P., McDonald, J.T., Glisson, W.B.: Attack-graph threat modeling assessment of ambulatory medical devices. In: Proceedings of the 50th Hawaii International Conference on System Sciences (2017)
Macher, G., Sporer, H., Berlach, R., Armengaud, E., Kreiner, C.: SAHARA: a security-aware hazard and risk analysis method. In: Proceedings of the 2015 Design, Automation & Test in Europe Conference & Exhibition, pp. 621–624. EDA Consortium (2015)
OMG Unified Modeling Language. Standard, Object Management Group, December 2017. https://www.omg.org/spec/UML/About-UML/
Piggin, R.: Cybersecurity of medical devices: addressing patient safety and the security of patient health information. Technical report, BSI Group ANZ Pty Ltd. (2017)
Radcliffe, J., Beardsley, T.: R7–2016-07: Multiple vulnerabilities in animas OneTouch ping insulin pump. Technical report, Rapid7, October 2016. https://blog.rapid7.com/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump/
Rathore, H., Mohamed, A., Al-Ali, A., Du, X., Guizani, M.: A review of security challenges, attacks and resolutions for wireless medical devices. In: 2017 13th International Wireless Communications and Mobile Computing Conference (IWCMC), pp. 1495–1501. IEEE (2017)
RTCA: RTCA DO-326: Revision A Airworthiness Security Process Specification. Technical report, Washington, DC, USA, August 2014
SAE International: SAE ARP4754: Rev A Guidelines for Development of Civil Aircraft and Systems. Technical report, December 2010
U.S. Cybersecurity and Infrastructure Security Agency (CISA): Advisory (ICSMA-16-279-01): Animas OneTouch Ping insulin pump vulnerabilities. Technical report, National Cybersecurity and Communications Integration Center (NCCIC) Industrial Control Systems, October 2016
U.S. Cybersecurity and Infrastructure Security Agency (CISA): Advisory (ICSMA-18-219-02): Medtronic MiniMed 508 insulin pump. Technical report, National Cybersecurity and Communications Integration Center (NCCIC) Industrial Control Systems, August 2018. https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02
U.S. Food & Drug Administration (FDA): Postmarket Management of Cybersecurity in Medical Devices: Guidance for Industry and Food and Drug Administration Staff. Technical report, Center for Devices & Radiological Health, December 2016
Wu, F., Eagles, S.: Cybersecurity for medical device manufacturers: ensuring safety and functionality. Biomed. Instrum. Technol. 50(1), 23–34 (2016)
Yin, R.K.: Case Study Research and Applications: Design and Methods. Sage publications, Thousand Oaks (2017)
Young, W., Leveson, N.G.: An integrated approach to safety and security based on systems theory. Commun. ACM 57(2), 31–35 (2014)
Zhang, Y., Jones, P.L., Jetley, R.: A hazard analysis for a generic insulin infusion pump. J. Diabetes Sci. Technol. 4(2), 263–283 (2010)
Acknowledgements
Research and development of SSAF supported by the University of York, the Assuring Autonomy International Programme (AAIP), and BAE Systems. UK Engineering and Physical Sciences Research Council Award Ref EPSRC iCASE 1515047.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Johnson, N., Kelly, T. (2019). Devil’s in the Detail: Through-Life Safety and Security Co-assurance Using SSAF. In: Romanovsky, A., Troubitsyna, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2019. Lecture Notes in Computer Science(), vol 11698. Springer, Cham. https://doi.org/10.1007/978-3-030-26601-1_21
Download citation
DOI: https://doi.org/10.1007/978-3-030-26601-1_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-26600-4
Online ISBN: 978-3-030-26601-1
eBook Packages: Computer ScienceComputer Science (R0)