Composite risk modeling for automated threat mitigation in medical devices

Aakarsh Rao, Jerzy W Rozenblit, Roman L Lysecky, Johannes Sametinger

Research output: Contribution to journalArticle

Abstract

Medical device security is a growing concern with increasing incorporation of complex software and hardware. Security threats exploiting vulnerabilities in medical devices may directly impact patient safety. Standardization and federal organizations are hence, actively involved in setting up new paradigms for guidance and regulation of security throughout the lifecycle. To protect medical devices against threats a risk-based framework that continually manages and assesses security risks along with their proactive addressing is highly recommended. In this paper, we model a multi-modal design approach for risk assessment in medical devices and propose an adaptive remediation scheme to mitigate security threats. Our multi-modal approach is integrated into the hardware-software development with a middleware for interaction between the modes. This provides an effective premarket risk management while the adaptive remediation scheme pro-actively mitigate risk during postmarket deployment. We model our approaches in detail and demonstrate them in a pacemaker design model and deployment scenario.

Original languageEnglish (US)
Pages (from-to)90-99
Number of pages10
JournalSimulation Series
Volume49
Issue number6
StatePublished - 2017

Fingerprint

Remediation
Composite materials
Pacemakers
Risk management
Middleware
Risk assessment
Standardization
Computer hardware
Software engineering
Hardware

Keywords

  • Hardware-software design
  • Medical device security
  • Risk management
  • Security threats

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this

Composite risk modeling for automated threat mitigation in medical devices. / Rao, Aakarsh; Rozenblit, Jerzy W; Lysecky, Roman L; Sametinger, Johannes.

In: Simulation Series, Vol. 49, No. 6, 2017, p. 90-99.

Research output: Contribution to journalArticle

@article{79bae4f2f6c44249bd2aab3fc49c0f8d,
title = "Composite risk modeling for automated threat mitigation in medical devices",
abstract = "Medical device security is a growing concern with increasing incorporation of complex software and hardware. Security threats exploiting vulnerabilities in medical devices may directly impact patient safety. Standardization and federal organizations are hence, actively involved in setting up new paradigms for guidance and regulation of security throughout the lifecycle. To protect medical devices against threats a risk-based framework that continually manages and assesses security risks along with their proactive addressing is highly recommended. In this paper, we model a multi-modal design approach for risk assessment in medical devices and propose an adaptive remediation scheme to mitigate security threats. Our multi-modal approach is integrated into the hardware-software development with a middleware for interaction between the modes. This provides an effective premarket risk management while the adaptive remediation scheme pro-actively mitigate risk during postmarket deployment. We model our approaches in detail and demonstrate them in a pacemaker design model and deployment scenario.",
keywords = "Hardware-software design, Medical device security, Risk management, Security threats",
author = "Aakarsh Rao and Rozenblit, {Jerzy W} and Lysecky, {Roman L} and Johannes Sametinger",
year = "2017",
language = "English (US)",
volume = "49",
pages = "90--99",
journal = "Simulation Series",
issn = "0735-9276",
number = "6",

}

TY - JOUR

T1 - Composite risk modeling for automated threat mitigation in medical devices

AU - Rao, Aakarsh

AU - Rozenblit, Jerzy W

AU - Lysecky, Roman L

AU - Sametinger, Johannes

PY - 2017

Y1 - 2017

N2 - Medical device security is a growing concern with increasing incorporation of complex software and hardware. Security threats exploiting vulnerabilities in medical devices may directly impact patient safety. Standardization and federal organizations are hence, actively involved in setting up new paradigms for guidance and regulation of security throughout the lifecycle. To protect medical devices against threats a risk-based framework that continually manages and assesses security risks along with their proactive addressing is highly recommended. In this paper, we model a multi-modal design approach for risk assessment in medical devices and propose an adaptive remediation scheme to mitigate security threats. Our multi-modal approach is integrated into the hardware-software development with a middleware for interaction between the modes. This provides an effective premarket risk management while the adaptive remediation scheme pro-actively mitigate risk during postmarket deployment. We model our approaches in detail and demonstrate them in a pacemaker design model and deployment scenario.

AB - Medical device security is a growing concern with increasing incorporation of complex software and hardware. Security threats exploiting vulnerabilities in medical devices may directly impact patient safety. Standardization and federal organizations are hence, actively involved in setting up new paradigms for guidance and regulation of security throughout the lifecycle. To protect medical devices against threats a risk-based framework that continually manages and assesses security risks along with their proactive addressing is highly recommended. In this paper, we model a multi-modal design approach for risk assessment in medical devices and propose an adaptive remediation scheme to mitigate security threats. Our multi-modal approach is integrated into the hardware-software development with a middleware for interaction between the modes. This provides an effective premarket risk management while the adaptive remediation scheme pro-actively mitigate risk during postmarket deployment. We model our approaches in detail and demonstrate them in a pacemaker design model and deployment scenario.

KW - Hardware-software design

KW - Medical device security

KW - Risk management

KW - Security threats

UR - http://www.scopus.com/inward/record.url?scp=85020675705&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85020675705&partnerID=8YFLogxK

M3 - Article

VL - 49

SP - 90

EP - 99

JO - Simulation Series

JF - Simulation Series

SN - 0735-9276

IS - 6

ER -