Abstract
Incorporating network connectivity in cyber-physical systems (CPSs) leads to advances yielding better healthcare and quality of life for patients. However, such advances come with the risk of increased exposure to security vulnerabilities, threats, and attacks. Numerous vulnerabilities and potential attacks on these systems have been demonstrated. We posit that cyber-physical system software has to be designed and developed with security as a key consideration by enforcing fail-safe modes, ensuring critical functionality and risk management. In this paper, we propose operating modes, risk models, and runtime threat estimation for automatic switching to fail-safe modes when a security threat or vulnerability has been detected.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Biro, M., Mashkoor, A., Sametinger, J., Seker, R. (eds.) Software safety and security risk mitigation in cyber-physical systems. IEEE Softw. 35(1), 24–29 (2018)
Blyth, A., Thomas, P.: Performing real-time threat assessment of security incidents using data fusion of IDS logs. J. Comput. Secur. 14(6), 513–534 (2006)
Krishnamurthy, R., Sastry, A., Balakrishnan, B.: How the internet of things is transforming medical devices. Cognizant 20–20 Insights, Cognizant (2016)
Li, C., Raghunathan, A., Jha, N.K.: Improving the trustworthiness of medical device software with formal verification methods. IEEE Embed. Syst. Lett. 5, 50–53 (2013)
Lu, S., Seo, M., Lysecky, R.: Timing-based anomaly detection in embedded systems. In: Proceedings of the 20th Asia and South Pacific Design Automation Conference, pp. 809–814 (2015)
Lu, S., Lysecky, R.: Time and sequence integrated runtime anomaly detection for embedded systems. ACM Trans. Embed. Comput. Syst. 17(2), 38:1–38:27 (2018)
National Institute of Standards and Technology: Guide for Conducting Risk Assessments. NIST Special Publication 800–30 Revision 1, September 2012
Phan, L.T.X., Lee, I.: Towards a compositional multi-modal framework for adaptive cyber-physical systems. In: IEEE International Conference on Embedded and Real-Time Computing Systems and Applications, pp. 67–73 (2011)
Phan, L.T.X., Chakraborty, S., Lee, I.: Timing analysis of mixed time/event-triggered multi-mode systems. In: IEEE Real-Time Systems Symposium (RTSS), pp. 271–280 (2009)
Rao, A., Rozenblit, J., Lysecky, R., Sametinger, J.: Composite risk modeling for automated threat mitigation in medical devices. In: Proceedings of the Modeling and Simulation in Medicine Symposium, Virginia Beach, VA, USA, pp. 899–908 (2017)
Rao, A., Carreon Rascon, N., Lysecky, R., Rozenblit, J.W.: Probabilistic security threat detection for risk management in cyber-physical medical systems. IEEE Softw. 35(1), 38–43 (2018)
Rao, A., Rozenblit, J., Lysecky, R., Sametinger, J.: Trustworthy multi-modal framework for life-critical systems security. In: Annual Simulation Symposium, article no. 17, pp. 1–9 (2018)
Roberts, P.: Intel: New Approach Needed to Secure Connected Health Devices (2015). https://www.securityledger.com/2015/03/intel-new-approach-needed-to-secure-connected-health-devices/
Rose, K., Eldridge, S., Chapin, L.: The Internet of Things (IoT): An Overview-Understanding the Issues and Challenges of a More Connected World. Internet Society (2015)
Rostami, M., Juels, A., Koushanfar, F.: Heart-to-Heart (H2H): authentication for implanted medical devices. In: ACM SIGSAC Conference on Computer & Communications Security, pp. 1099–1112 (2013)
Sametinger, J., Steinwender, C.: Resilient context-aware medical device security. In: International Conference on Computational Science and Computational Intelligence, Symposium on Health Informatics and Medical Systems (CSCI-ISHI), Las Vegas, NV, USA, pp. 1775–1778 (2017)
Sametinger, J., Rozenblit, J., Lysecky, R., Ott, P.: Security challenges for medical devices. Commun. ACM 58(4), 74–82 (2015)
Sametinger, J., Rozenblit, J.W.: Security scores for medical devices. In: Proceedings of the 9th International Joint Conference on Biomedical Engineering Systems and Technologies (BIOSTEC 2016) - Volume 5: HEALTHINF, pp. 533–541 (2016)
Xu, F., Qin, Z., Tan, C.C., Wang, B., Li, Q.: IMDGuard: securing implantable medical devices with the external wearable guardian. In: IEEE INFOCOM (2011)
Acknowledgement
This work has partially been supported by the LIT Secure and Correct Systems Lab funded by the State of Upper Austria.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Rao, A., Carreón, N., Lysecky, R., Rozenblit, J., Sametinger, J. (2019). Resilient Security of Medical Cyber-Physical Systems. In: Anderst-Kotsis, G., et al. Database and Expert Systems Applications. DEXA 2019. Communications in Computer and Information Science, vol 1062. Springer, Cham. https://doi.org/10.1007/978-3-030-27684-3_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-27684-3_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-27683-6
Online ISBN: 978-3-030-27684-3
eBook Packages: Computer ScienceComputer Science (R0)