Understanding the security of interoperable medical devices using attack graphs

Proceedings of the 3rd international conference on High confidence networked systems Pub Date : 2014-04-15 DOI:10.1145/2566468.2566482

Curtis R. Taylor, K. Venkatasubramanian, Craig A. Shue

{"title":"Understanding the security of interoperable medical devices using attack graphs","authors":"Curtis R. Taylor, K. Venkatasubramanian, Craig A. Shue","doi":"10.1145/2566468.2566482","DOIUrl":null,"url":null,"abstract":"Medical device interoperability is an increasingly prevalent example of how computing and information technology will revolutionize and streamline medical care. The overarching goal of interoperable medical devices (IMDs) is increased safety, usability, decision support, and a decrease in false alarms and clinician cognitive workload. One aspect that has not been considered thus far is ensuring IMDs do not inadvertently harm patients in the presence of malicious adversaries. Security for medical devices has gained some traction in the recent years following some well-publicized attacks on individual devices, such as pacemakers and insulin pumps. This has resulted in solutions being proposed for securing these devices, usually in stand-alone mode. However, the introduction of interoperability makes medical devices increasingly connected and dependent on each other. Therefore, security attacks on IMDs becomes easier to mount in a stealthy manner with potentially devastating consequences. This work outlines our effort in understanding the threats faced by IMDs, an important first step in eventually designing secure interoperability architectures. In this regard, we present: (1) a detailed attack graph-based analysis of threats on a specific interoperability environment based on providing a patient pain medication (PCA), under various levels of interoperability from simple data aggregation to fully closed-loop control; (2) a description of the mitigation approaches possible for each of class of attack vectors identified; and (3) lessons learned from this experience which can be leveraged for improving existing IMD architectures from a security point-of-view. Our analysis demonstrates that em even if we use provably safe medical systems in an interoperable setting with a safe interoperability engine, the presence of malicious behavior may render the entire setup unsafe for the patients, unless security is explicitly considered}","PeriodicalId":339979,"journal":{"name":"Proceedings of the 3rd international conference on High confidence networked systems","volume":"33 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"23","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 3rd international conference on High confidence networked systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2566468.2566482","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 23

Abstract

Medical device interoperability is an increasingly prevalent example of how computing and information technology will revolutionize and streamline medical care. The overarching goal of interoperable medical devices (IMDs) is increased safety, usability, decision support, and a decrease in false alarms and clinician cognitive workload. One aspect that has not been considered thus far is ensuring IMDs do not inadvertently harm patients in the presence of malicious adversaries. Security for medical devices has gained some traction in the recent years following some well-publicized attacks on individual devices, such as pacemakers and insulin pumps. This has resulted in solutions being proposed for securing these devices, usually in stand-alone mode. However, the introduction of interoperability makes medical devices increasingly connected and dependent on each other. Therefore, security attacks on IMDs becomes easier to mount in a stealthy manner with potentially devastating consequences. This work outlines our effort in understanding the threats faced by IMDs, an important first step in eventually designing secure interoperability architectures. In this regard, we present: (1) a detailed attack graph-based analysis of threats on a specific interoperability environment based on providing a patient pain medication (PCA), under various levels of interoperability from simple data aggregation to fully closed-loop control; (2) a description of the mitigation approaches possible for each of class of attack vectors identified; and (3) lessons learned from this experience which can be leveraged for improving existing IMD architectures from a security point-of-view. Our analysis demonstrates that em even if we use provably safe medical systems in an interoperable setting with a safe interoperability engine, the presence of malicious behavior may render the entire setup unsafe for the patients, unless security is explicitly considered}

查看原文本刊更多论文

使用攻击图了解可互操作医疗设备的安全性

医疗设备互操作性是计算和信息技术将如何革新和简化医疗保健的一个日益普遍的例子。可互操作医疗设备(imd)的首要目标是提高安全性、可用性、决策支持，并减少误报和临床医生的认知工作量。到目前为止，还没有考虑到的一个方面是确保imd不会在恶意对手存在的情况下无意中伤害患者。近年来，在一些广为人知的针对起搏器和胰岛素泵等个人设备的攻击之后，医疗设备的安全性得到了一些关注。这导致提出了保护这些设备的解决方案，通常是在独立模式下。然而，互操作性的引入使医疗设备越来越相互连接和依赖。因此，对imd的安全攻击变得更容易以隐蔽的方式进行，并可能造成毁灭性的后果。这项工作概述了我们在理解imd面临的威胁方面所做的努力，这是最终设计安全互操作性体系结构的重要的第一步。在这方面，我们提出:(1)在从简单数据聚合到全闭环控制的各种互操作性水平下，基于提供患者止痛药(PCA)的特定互操作性环境中基于攻击图的详细威胁分析;(2)对已确定的每一类攻击媒介可能采取的缓解方法的描述;(3)从这一经验中吸取的教训，可以从安全的角度来改进现有的IMD架构。我们的分析表明，即使我们在具有安全互操作性引擎的可互操作设置中使用可证明安全的医疗系统，除非明确考虑安全性，否则恶意行为的存在可能会使整个设置对患者不安全。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 3rd international conference on High confidence networked systems

自引率

0.00%

发文量