Skip to main content
SpringerLink
Log in

Architecture forĀ Self-protective Medical Cyber-Physical Systems

  • Conference paper
  • First Online:
Database and Expert Systems Applications - DEXA 2023 Workshops (DEXA 2023)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1872))

Included in the following conference series:

  • 176 Accesses

Abstract

The Internet of Medical Things (IoMT) promises to improve patient care and the efficiency of Medical Cyber-Physical Systems (MCPSs). At the same time, the connectivity increases the security risk. We aim to model Self-protective MCPSs to reduce the attack surface during runtime. Even under attack, these systems require to provide clinical function for the patients. Monitoring vulnerabilities and suspicious behavior and sharing attacker information contributes to improved security and can be the foundation for automated actions for healthcare delivery organizations. Switching between context-aware security modes provides a flexible way to protect online and offline IoMT and increase patient safety. This paper presents our ongoing work to make healthcare systems more secure. We show current security and privacy challenges, discuss how self-protective systems can overcome them, and what role IoMT devices play in that context.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 49.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 64.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ajagbe, S.A., Awotunde, J.B., Adesina, A.O., Achimugu, P., Kumar, T.A.: Internet of Medical Things (IoMT): applications, challenges, and prospects in a data-driven technology. In: Chakraborty, C., Khosravi, M.R. (eds.) Intelligent Healthcare. Springer, Singapore (2022). https://doi.org/10.1007/978-981-16-8150-9_14

  2. Barrett, M.: Framework for Improving Critical Infrastructure Cybersecurity Version 1.1. No. NIST CSWP 04162018, U.S. National Institute of Standards and Technology (NIST), Gaithersburg, MD (2018). https://doi.org/10.6028/NIST.CSWP.04162018

  3. Boughton, C.K., Hovorka, R.: New closed-loop insulin systems. Diabetologia 64(5), 1007ā€“1015 (2021). https://doi.org/10.1007/s00125-021-05391-w

    ArticleĀ  Google ScholarĀ 

  4. BSI: Cyber Security Requirements for Network-Connected Medical Devices. German Federal Office for Information Security (BSI) (2018). https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/ICS/Medical_Devices_CS-E_132.html. Accessed 28 Dec 2022

  5. Carreon-Rascon, A.S., Rozenblit, J.W.: Towards requirements for self-healing as a means of mitigating cyber-intrusions in medical devices. In: 2022 IEEE International Conference on Systems, Man, and Cybernetics (SMC), pp. 1500ā€“1505 (2022). https://doi.org/10.1109/SMC53654.2022.9945507

  6. Chen, T.M., Abu-Nimeh, S.: Lessons from Stuxnet. Computer 44(4), 91ā€“93 (2011). https://doi.org/10.1109/MC.2011.115

    ArticleĀ  Google ScholarĀ 

  7. Claroty: State of XIoT Security Report (2022). https://claroty.com/press-releases/iot-vulnerability-disclosures-grew-57-percent-from-2h21-to-1h22. Accessed 28 Dec 2022

  8. Lewis, D., The OpenAPS Community: OpenAPS Outcomes (2022). https://openaps.org/outcomes/. Accessed 10 Jan 2023

  9. Elhoseny, M., et al.: Security and privacy issues in medical internet of things: overview, countermeasures, challenges and future directions. Sustainability 13(2121), 11645 (2021). https://doi.org/10.3390/su132111645

    ArticleĀ  Google ScholarĀ 

  10. Fagan, M., Megas, K.N., Scarfone, K., Smith, M.: Foundational cybersecurity activities for IoT device manufacturers. No. NIST IR 8259, U.S. National Institute of Standards and Technology (NIST), Gaithersburg, MD (2020). https://doi.org/10.6028/NIST.IR.8259

  11. Fagan, M., Megas, K.N., Scarfone, K., Smith, M.: IoT device cybersecurity capability core baseline. No. NIST IR 8259A, U.S. National Institute of Standards and Technology (NIST), Gaithersburg, MD (2020). https://doi.org/10.6028/NIST.IR.8259a

  12. FBI: Industry Alert: Unpatched and Outdated Medical Devices Provide Cyber Attack Opportunities. U.S. Federal Bureau of Investigation (FBI) (2022). https://www.ic3.gov/Media/News/2022/220912.pdf. Accessed 28 Dec 2022

  13. FDA: FDA approves first automated insulin delivery device for type 1 diabetes. U.S. Food and Drug Administration (FDA) (2016). https://www.fda.gov/news-events/press-announcements/fda-approves-first-automated-insulin-delivery-device-type-1-diabetes. Accessed 10 Jan 2023

  14. FDA: Postmarket Management of Cybersecurity in Medical Devices. U.S. Food and Drug Administration (FDA) (2016). https://www.fda.gov/media/95862/download. Accessed 28 Dec 2022

  15. FDA: Class 2 Device Recall Medtronic MiniMed 600 Series Insulin Pump Systems. U.S. Food and Drug Administration (FDA) (2022). https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfRES/res.cfm?id=196205. Accessed 10 Jan 2023

  16. FDA: Class 2 Device Recall Medtronic MiniMed 600 Series Insulin Pump Systems. U.S. Food and Drug Administration (FDA) (2022). https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfRES/res.cfm?id=196183. Accessed 10 Jan 2023

  17. FDA: Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions - Draft Guidance. U.S. Food and Drug Administration (FDA) (2022). https://www.fda.gov/media/119933/download. Accessed 28 Dec 2022

  18. FDA: Cybersecurity Modernization Action Plan. U.S. Food and Drug Administration (FDA) (2022). https://www.fda.gov/media/163086/download. Accessed 28 Dec 2022

  19. Hellerstein, J., Diao, Y., Parekh, S., Tilbury, D.: Feedback Control of Computing Systems. Wiley (2004). https://doi.org/10.1002/047166880X

  20. IMDRF: Principles and Practices for Medical Device Cybersecurity. International Medical Device Regulators Forum (IMDRF) (2020). http://www.imdrf.org/docs/imdrf/final/technical/imdrf-tech-200318-pp-mdc-n60.pdf. Accessed 28 Dec 2022

  21. Kagita, M.K., Thilakarathne, N., Gadekallu, T.R., Maddikunta, P.K.R.: A review on security and privacy of internet of medical things. In: Ghosh, U., Chakraborty, C., Garg, L., Srivastava, G. (eds.) Intelligent Internet of Things for Healthcare and Industry. Internet of Things. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-81473-1_8

  22. Kephart, J., Chess, D.: The vision of autonomic computing. Computer 36(1), 41ā€“50 (2003). https://doi.org/10.1109/MC.2003.1160055

    ArticleĀ  MathSciNetĀ  Google ScholarĀ 

  23. MDCG: Guidance on Cybersecurity for medical devices. Medical Device Coordination Group (MDCG) (2019). https://ec.europa.eu/docsroom/documents/41863/attachments/1/translations/en/renditions/native. Accessed 28 Dec 2022

  24. Medtronic: Urgent Medical Device Correction: MiniMed\(^{{\rm TM}}\) 600 Series Pump System Communication Issue (2022). https://www.medtronicdiabetes.com/customer-support/product-and-service-updates/notice19-letter. Accessed 10 Jan 2023

  25. Medtronic: MiniMed 670G System Discontinuation of New Sales (2023). https://www.medtronicdiabetes.com/products/minimed-670g-insulin-pump-system. Accessed 10 Jan 2023

  26. Medtronic: The MiniMed 630G and 770G Insulin Pumps (2023). https://www.medtronic.com/us-en/healthcare-professionals/therapies-procedures/diabetes/education/diabetes-digest/minimed-insulin-pumps.html. Accessed 10 Jan 2023

  27. Rao, A., CarreĆ³n, N.A., Lysecky, R., Rozenblit, J.: FIRE: a finely integrated risk evaluation methodology for life-critical embedded systems. Information 13(1010), 487 (2022). https://doi.org/10.3390/info13100487

    ArticleĀ  Google ScholarĀ 

  28. Rao, A., Rozenblit, J., Lysecky, R., Sametinger, J.: Trustworthy multi-modal framework for life-critical systems security. In: Proceedings of the Annual Simulation Symposium, ANSS 2018, San Diego, CA, USA, pp. 1ā€“9. Society for Computer Simulation International (2018). https://doi.org/10.5555/3213032.3213049

  29. Reports And Data: Market value of the internet of medical things worldwide in 2019 and 2027 (in billion U.S. dollars). Statista (2021). https://www.statista.com/statistics/1264333/global-iot-in-healthcare-market-size/. Accessed 28 Dec 2022

  30. Rezvy, S., Petridis, M., Lasebae, A., Zebin, T.: Intrusion detection and classification with autoencoded deep neural network. In: Lanet, J.-L., Toma, C. (eds.) SECITC 2018. LNCS, vol. 11359, pp. 142ā€“156. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12942-2_12

    ChapterĀ  Google ScholarĀ 

  31. Riegler, M., Sametinger, J., Rozenblit, J.W.: Context-aware security modes for medical devices. In: 2022 Annual Modeling and Simulation Conference (ANNSIM), pp. 372ā€“382 (2022). https://doi.org/10.23919/ANNSIM55834.2022.9859283

  32. Riegler, M., Sametinger, J., Vierhauser, M.: A distributed MAPE-K framework for self-protective IoT devices. In: 2023 IEEE/ACM 18th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (2023). https://doi.org/10.1109/SEAMS59076.2023.00034

  33. Riegler, M., Sametinger, J., Vierhauser, M., Wimmer, M.: A model-based mode-switching framework based on security vulnerability scores. J. Syst. Softw. 200, 111633 (2023). https://doi.org/10.1016/j.jss.2023.111633

    ArticleĀ  Google ScholarĀ 

  34. Ross, R., McEvilley, M., Carrier Oren, J.: Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems. No. NIST SP 800-160, U.S. National Institute of Standards and Technology (NIST) (2016). https://doi.org/10.6028/NIST.SP.800-160

  35. Sametinger, J., Rozenblit, J., Lysecky, R., Ott, P.: Security challenges for medical devices. Commun. ACM 58(4), 74ā€“82 (2015). https://doi.org/10.1145/2667218

    ArticleĀ  Google ScholarĀ 

  36. Stajano, F., Anderson, R.: The grenade timer: fortifying the watchdog timer against malicious mobile code. In: Proceedings of 7th International Workshop on Mobile Multimedia Communications, MoMuC 2000, Waseda, Tokyo, Japan (2000). https://www.cl.cam.ac.uk/~fms27/papers/2000-StajanoAnd-grenade.pdf. Accessed 28 Dec 2022

  37. Sun, Y., Lo, F.P.W., Lo, B.: Security and privacy for the internet of medical things enabled healthcare systems: a survey. IEEE Access 7, 183339ā€“183355 (2019). https://doi.org/10.1109/ACCESS.2019.2960617

    ArticleĀ  Google ScholarĀ 

  38. The White House: Executive Order 14028: Improving the Nationā€™s Cybersecurity (2021). https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/. Accessed 27 Dec 2022

  39. Thomasian, N.M., Adashi, E.Y.: Cybersecurity in the Internet of Medical Things. Health Policy Technol. 10(3), 100549 (2021). https://doi.org/10.1016/j.hlpt.2021.100549

    ArticleĀ  Google ScholarĀ 

  40. Zeadally, S., Das, A.K., Sklavos, N.: Cryptographic technologies and protocol standards for Internet of Things. IoT 14, 100075 (2021). https://doi.org/10.1016/j.iot.2019.100075

    ArticleĀ  Google ScholarĀ 

Download references

Acknowledgement

This work has partially been supported by the LIT Secure and Correct Systems Lab funded by the State of Upper Austria, the Austrian Marshall Plan Foundation, and the National Science Foundation under Grant Number 1622589 ā€œTime-Centric Modeling of Correct Behaviors for Efficient Non-intrusive Runtime Detection of Unauthorized System Actions.ā€ Any opinions, findings, conclusions, or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the supporting organizations.

Author information

Authors and Affiliations

  1. LIT Secure and Correct Systems Lab and Institute of Business Informatics, Johannes Kepler University Linz, Linz, Austria

    Michael RieglerĀ &Ā Johannes Sametinger

  2. Department of Electrical and Computer Engineering and Department of Surgery, University of Arizona, Tucson, USA

    Jerzy W. Rozenblit

Authors
  1. Michael Riegler
    View author publications

    You can also search for this author in PubMedĀ Google Scholar

  2. Johannes Sametinger
    View author publications

    You can also search for this author in PubMedĀ Google Scholar

  3. Jerzy W. Rozenblit
    View author publications

    You can also search for this author in PubMedĀ Google Scholar

Corresponding author

Correspondence to Michael Riegler .

Editor information

Editors and Affiliations

  1. Johannes Kepler University Linz, Linz, Austria

    Gabriele Kotsis

  2. Vienna University of Technology, Vienna, Austria

    A Min Tjoa

  3. Johannes Kepler University Linz, Linz, Austria

    Ismail Khalil

  4. Software Competence Center Hagenberg GmbH, Hagenberg, Austria

    Bernhard Moser

  5. Johannes Kepler University Linz, Linz, Austria

    Atif Mashkoor

  6. Johannes Kepler University Linz, Linz, Austria

    Johannes Sametinger

  7. Pak-Austria Fachhochschule - Institute of Applied Sciences and Technology (PAF-IAST), Haripur, Pakistan

    Maqbool Khan

Rights and permissions

Reprints and permissions

Copyright information

Ā© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Riegler, M., Sametinger, J., Rozenblit, J.W. (2023). Architecture forĀ Self-protective Medical Cyber-Physical Systems. In: Kotsis, G., et al. Database and Expert Systems Applications - DEXA 2023 Workshops. DEXA 2023. Communications in Computer and Information Science, vol 1872. Springer, Cham. https://doi.org/10.1007/978-3-031-39689-2_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-39689-2_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-39688-5

  • Online ISBN: 978-3-031-39689-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation