Abstract
The Medical Cyber-Physical System (MCPS) holds the promise of reducing human errors and optimizing healthcare by integrating medical devices, applications and network. MCPS utilizes high-level supervisory and low-level communication middleware to enable medical devices to interoperate efficiently. Despite the benefits provided by MCPS, the integration of clinical information also brings new threats for the clinical data. In this paper, we performed a study on security and safety risks in MCPS’s networks. We systematically analyzed different attack surfaces on MCPS’s networks based on misuse and abuse of clinical data. We successfully performed end-to-end attacks based on OpenICE, a popular MCPS prototype, and demonstrated the clinical risks of these attacks and the design flaws in OpenICE. We further proposed a Topic-based access control model with Break-The-Glass feature to provide fine-grained access control for clinical data. We implemented the model in two MCPS prototypes, and evaluated its effectiveness and efficiency.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Akhuseyinoglu, N.B., Joshi, J.: A constraint and risk-aware approach to attribute-based access control for cyber-physical systems. Comput. Secur. 96(1), 101802 (2020)
ASTM: Astm f2761(09) (2018). https://www.astm.org/Standards/F2761.htm
Casbin: Casbin project (2021). https://casbin.org/
Group, O.M.: DDS specification v1.4 (2015). https://www.omg.org/spec/DDS
Hatcliff, J., et al.: Rationale and architecture principles for medical application platforms. In: Proceedings of the 2012 IEEE/ACM Third International Conference on Cyber-Physical Systems, pp. 3–12. IEEE Computer Society (2012)
Jiang, Y., Song, H., Wang, R., Gu, M., Sun, J., Sha, L.: Data-centered runtime verification of wireless medical cyber-physical system. IEEE Trans. Ind. Inform. 13(4), 1900–1909 (2016)
King, A., Arney, D., Lee, I., Sokolsky, O., Hatcliff, J., Procter, S.: Prototyping closed loop physiologic control with the medical device coordination framework. In: Proceedings of the 2010 ICSE Workshop on Software Engineering in Health Care, pp. 1–11. ACM (2010)
Lee, I., et al.: Challenges and research directions in medical cyber-physical systems. Proc. IEEE 100(1), 75–90 (2012)
Park, J., Sandhu, R.: THE UCON ABC usage control model. ACM Trans. Inf. Syst. Secur. (TISSEC) 7(1), 128–174 (2004)
Plourde, J., Arney, D., Goldman, J.M.: OpenICE: an open, interoperable platform for medical cyber-physical systems. In: Proceedings of the 2014 ACM/IEEE International Conference on Cyber-Physical Systems, p. 221. IEEE (2014)
Raju, M.H., Ahmed, M.U., Atiqur Rahman Ahad, M.: Security analysis and a potential layer to layer security solution of medical cyber-physical systems. In: Balas, V.E., Solanki, V.K., Kumar, R., Ahad, M.A.R. (eds.) A Handbook of Internet of Things in Biomedical and Cyber Physical System. ISRL, vol. 165, pp. 61–86. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-23983-1_3
Salazar, C.: A security architecture for medical application platforms. Ph.D. thesis, Kansas State University (2014)
Tasali, Q., Chowdhury, C., Vasserman, E.Y.: A flexible authorization architecture for systems of interoperable medical devices. In: Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies, pp. 9–20. ACM (2017)
Tasali, Q., Sublett, C., Vasserman, E.Y.: Controlled BTG: toward flexible emergency override in interoperable medical systems. EAI Endorsed Trans. Secur. Saf. 6(22), e2 (2020)
Theverge: Woman dies during a ransomware attack on a German hospital (2020). https://www.theverge.com/2020/9/17/21443851/
Venkatasubramanian, K.K., Vasserman, E.Y., Sokolsky, O., Lee, I.: Security and interoperable-medical-device systems, part 1. IEEE Secur. Priv. 10(5), 61–63 (2012)
Zhang, Y., Zheng, D., Deng, R.H.: Security and privacy in smart health: efficient policy-hiding attribute-based access control. IEEE Internet Things J. 5(3), 2130–2145 (2018)
Acknowledgments
This work was supported by National Key R&D Program of China (Y9YFB26511).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Li, Z., Cheng, L., Zhang, Y., Feng, D. (2021). Understanding and Mitigating Security Risks of Network on Medical Cyber Physical System. In: Liu, Z., Wu, F., Das, S.K. (eds) Wireless Algorithms, Systems, and Applications. WASA 2021. Lecture Notes in Computer Science(), vol 12938. Springer, Cham. https://doi.org/10.1007/978-3-030-86130-8_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-86130-8_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-86129-2
Online ISBN: 978-3-030-86130-8
eBook Packages: Computer ScienceComputer Science (R0)