Skip to main content
SpringerLink
Log in

Understanding and Mitigating Security Risks of Network on Medical Cyber Physical System

  • Conference paper
  • First Online:
Wireless Algorithms, Systems, and Applications (WASA 2021)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 12938))

Abstract

The Medical Cyber-Physical System (MCPS) holds the promise of reducing human errors and optimizing healthcare by integrating medical devices, applications and network. MCPS utilizes high-level supervisory and low-level communication middleware to enable medical devices to interoperate efficiently. Despite the benefits provided by MCPS, the integration of clinical information also brings new threats for the clinical data. In this paper, we performed a study on security and safety risks in MCPS’s networks. We systematically analyzed different attack surfaces on MCPS’s networks based on misuse and abuse of clinical data. We successfully performed end-to-end attacks based on OpenICE, a popular MCPS prototype, and demonstrated the clinical risks of these attacks and the design flaws in OpenICE. We further proposed a Topic-based access control model with Break-The-Glass feature to provide fine-grained access control for clinical data. We implemented the model in two MCPS prototypes, and evaluated its effectiveness and efficiency.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Akhuseyinoglu, N.B., Joshi, J.: A constraint and risk-aware approach to attribute-based access control for cyber-physical systems. Comput. Secur. 96(1), 101802 (2020)

    Article  Google Scholar 

  2. ASTM: Astm f2761(09) (2018). https://www.astm.org/Standards/F2761.htm

  3. Casbin: Casbin project (2021). https://casbin.org/

  4. Group, O.M.: DDS specification v1.4 (2015). https://www.omg.org/spec/DDS

  5. Hatcliff, J., et al.: Rationale and architecture principles for medical application platforms. In: Proceedings of the 2012 IEEE/ACM Third International Conference on Cyber-Physical Systems, pp. 3–12. IEEE Computer Society (2012)

    Google Scholar 

  6. Jiang, Y., Song, H., Wang, R., Gu, M., Sun, J., Sha, L.: Data-centered runtime verification of wireless medical cyber-physical system. IEEE Trans. Ind. Inform. 13(4), 1900–1909 (2016)

    Article  Google Scholar 

  7. King, A., Arney, D., Lee, I., Sokolsky, O., Hatcliff, J., Procter, S.: Prototyping closed loop physiologic control with the medical device coordination framework. In: Proceedings of the 2010 ICSE Workshop on Software Engineering in Health Care, pp. 1–11. ACM (2010)

    Google Scholar 

  8. Lee, I., et al.: Challenges and research directions in medical cyber-physical systems. Proc. IEEE 100(1), 75–90 (2012)

    Article  Google Scholar 

  9. Park, J., Sandhu, R.: THE UCON ABC usage control model. ACM Trans. Inf. Syst. Secur. (TISSEC) 7(1), 128–174 (2004)

    Article  Google Scholar 

  10. Plourde, J., Arney, D., Goldman, J.M.: OpenICE: an open, interoperable platform for medical cyber-physical systems. In: Proceedings of the 2014 ACM/IEEE International Conference on Cyber-Physical Systems, p. 221. IEEE (2014)

    Google Scholar 

  11. Raju, M.H., Ahmed, M.U., Atiqur Rahman Ahad, M.: Security analysis and a potential layer to layer security solution of medical cyber-physical systems. In: Balas, V.E., Solanki, V.K., Kumar, R., Ahad, M.A.R. (eds.) A Handbook of Internet of Things in Biomedical and Cyber Physical System. ISRL, vol. 165, pp. 61–86. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-23983-1_3

    Chapter  Google Scholar 

  12. Salazar, C.: A security architecture for medical application platforms. Ph.D. thesis, Kansas State University (2014)

    Google Scholar 

  13. Tasali, Q., Chowdhury, C., Vasserman, E.Y.: A flexible authorization architecture for systems of interoperable medical devices. In: Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies, pp. 9–20. ACM (2017)

    Google Scholar 

  14. Tasali, Q., Sublett, C., Vasserman, E.Y.: Controlled BTG: toward flexible emergency override in interoperable medical systems. EAI Endorsed Trans. Secur. Saf. 6(22), e2 (2020)

    Google Scholar 

  15. Theverge: Woman dies during a ransomware attack on a German hospital (2020). https://www.theverge.com/2020/9/17/21443851/

  16. Venkatasubramanian, K.K., Vasserman, E.Y., Sokolsky, O., Lee, I.: Security and interoperable-medical-device systems, part 1. IEEE Secur. Priv. 10(5), 61–63 (2012)

    Article  Google Scholar 

  17. Zhang, Y., Zheng, D., Deng, R.H.: Security and privacy in smart health: efficient policy-hiding attribute-based access control. IEEE Internet Things J. 5(3), 2130–2145 (2018)

    Article  Google Scholar 

Download references

Acknowledgments

This work was supported by National Key R&D Program of China (Y9YFB26511).

Author information

Authors and Affiliations

  1. University of Chinese Academy of Sciences, Beijing, China

    Zhangtan Li

  2. TCA Lab, Institute of Software, Chinese Academy of Sciences, Beijing, China

    Zhangtan Li, Liang Cheng, Yang Zhang & Dengguo Feng

Authors
  1. Zhangtan Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Liang Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yang Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dengguo Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zhangtan Li .

Editor information

Editors and Affiliations

  1. Nanjing University of Aeronautics and Astronautics, Nanjing, China

    Zhe Liu

  2. Shanghai Jiao Tong University, Shanghai, China

    Fan Wu

  3. Missouri University of Science and Technology, Rolla, MO, USA

    Sajal K. Das

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Li, Z., Cheng, L., Zhang, Y., Feng, D. (2021). Understanding and Mitigating Security Risks of Network on Medical Cyber Physical System. In: Liu, Z., Wu, F., Das, S.K. (eds) Wireless Algorithms, Systems, and Applications. WASA 2021. Lecture Notes in Computer Science(), vol 12938. Springer, Cham. https://doi.org/10.1007/978-3-030-86130-8_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-86130-8_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-86129-2

  • Online ISBN: 978-3-030-86130-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation