Abstract
The Medical Device Coordination Framework (MDCF) is an open source middleware package for interoperable medical devices, designed to support the emerging Integrated Clinical Environment (ICE) interoperability standard. As in any open system, medical devices connected to the MDCF or other ICE-like network should be authenticated to defend the system against malicious, dangerous, or otherwise unauthorized devices. In this paper, we describe the creation and integration of a pluggable, flexible authentication system into the almost 18,000 lines of MDCF codebase, and evaluate the performance of proof-of-concept device authentication providers. The framework is sufficiently expressive to support arbitrary modules implementing arbitrary authentication protocols using arbitrarily many rounds of communication. In contrast with the expected costs in securing nontrivial systems, often involving major architectural changes and significant degradation of system performance, our solution requires the addition of just over 1,000 lines of code (\(\sim {}\)5.56%), and incurs performance overhead only from the authentication protocols themselves, rather than from the framework.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Multiple methods may be supported both by the device and the MDCF, but currently negotiation is not implemented.
References
Hatcliff, J., Vasserman, E., Weininger, S., Goldman, J.: An overview of regulatory and trust issues for the integrated clinical environment. In: Joint Workshop On High Confidence Medical Devices, Software, and Systems and Medical Device Plug-and-Play Interoperability (HCMDSS/MD PnP) (2011)
Hatcliff, J., King, A., Lee, I., MacDonald, A., Fernando, A., Robkin, M., Vasserman, E.Y., Weininger, S., Goldman, J.M.: Rationale and architecture principles for medical application platforms. In: International Conference on Cyber-Physical Systems (ICCPS) (2012)
Conmy, P., Nicholson, M., McDermid, J.: Safety assurance contracts for integrated modular avionics. In: Australian Workshop on Safety Critical Systems and Software (SCS), vol. 33 (2003)
ASTM Committee F-29, Anaesthetic and Respiratory Equipment, Subcommittee 21, Devices in the integrated clinical environment: Medical devices and medical systems – essential safety requirements for equipment comprising the patient-centric integrated clinical environment (ICE) (2009)
King, A., Procter, S., Andresen, D., Hatcliff, J., Warren, S., Spees, W., Jetley, R., Jones, P., Weininger, S.: An open test bed for medical device integration and coordination. In: International Conference on Software Engineering (ICSE) (2009)
Arney, D., Weininger, S., Whitehead, S.F., Goldman, J.M.: Supporting medical device adverse event analysis in an interoperable clinical environment: design of a data logging and playback system. In: International Conference on Biomedical Ontology (ICBO) (2011)
Gong, L., Ellison, G.: Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation, 2nd edn. Pearson Education, Upper Saddle River (2003)
OpenSSL: OpenSSL: Documents, ssl(3) (2012). https://www.openssl.org/docs/ssl/ssl.html
McCarty, B.: SELinux: NSA’s Open Source Security Enhanced Linux. O’Reilly, Sebastopol (2005)
Glenn, R., Kent, S.: The NULL encryption algorithm and its use with IPsec (1998)
Schuba, C.L., Krsul, I.V., Kuhn, M.G., Spafford, E.H., Sundaram, A., Zamboni, D.: Analysis of a denial of service attack on TCP. In: IEEE Symposium on Security and Privacy (1997)
Snyder, B., Bosanac, D., Davies, R.: ActiveMQ in Action. Manning Publications, Manning Pubs Co Series, Manning (2011)
Millen, J.K.: A resource allocation model for denial of service. In: IEEE Symposium on Security and Privacy (1992)
Acknowledgments
The authors would like to thank Daniel Andresen for his input and help in testing the prototype. The computing for this project was performed on the Beocat Research Cluster at Kansas State University, which is funded in part by NSF grants CNS 1006860, EPS 1006860, and EPS 0919443. This research was supported in part by the NIH grant 1U01EB012470-01 and NSF awards CNS 1126709, CNS 1224007, and CNS 1253930.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Salazar, C., Vasserman, E.Y. (2017). Retrofitting Communication Security into a Publish/Subscribe Middleware Platform. In: Huhn, M., Williams, L. (eds) Software Engineering in Health Care. SEHC FHIES 2014 2014. Lecture Notes in Computer Science(), vol 9062. Springer, Cham. https://doi.org/10.1007/978-3-319-63194-3_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-63194-3_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-63193-6
Online ISBN: 978-3-319-63194-3
eBook Packages: Computer ScienceComputer Science (R0)