Probabilistic Security Threat Detection for Risk Management in Cyber-Physical Medical Systems

Aakarsh Rao, Nadir Carreon Rascon, Roman Lysecky, J. W. Rozenblit

Research output: Contribution to journalArticle

Abstract

Medical devices are complex cyber-physical systems incorporating emergent hardware and software components. In addition, interoperability and communication capabilities have been augmented, increasing the convenience and functionality of such devices. However, this complexity leads to a wide attack surface posing security risks and vulnerabilities. Mitigation and management of such risks during premarket design and postmarket deployment are required. Dynamically mitigating threat potential in the presence of unknown vulnerabilities requires an adaptive risk based mitigation scheme to assess the systems state, a secure system architecture that can isolate hardware and software components, and design methods that can adaptively adjust the systems topology based on risk changes. An essential complementary aspect during deployment is detecting, characterizing and quantifying security threats. In this paper, we present a dynamic risk management and mitigation approach based on probabilistic threat estimation. We show a case study of our approach on a smart connected pacemaker.

Original languageEnglish (US)
JournalIEEE Software
DOIs
StateAccepted/In press - Jan 11 2018

Keywords

  • computer systems organization
  • management
  • medical device security
  • Object recognition
  • operating systems
  • Pacemakers
  • Probabilistic logic
  • real-time and embedded systems
  • Risk management
  • risk management
  • Runtime
  • Security
  • security and privacy protection
  • software engineering
  • software/software engineering
  • special-purpose and application-based systems
  • threat estimation
  • Timing

ASJC Scopus subject areas

  • Software

Fingerprint Dive into the research topics of 'Probabilistic Security Threat Detection for Risk Management in Cyber-Physical Medical Systems'. Together they form a unique fingerprint.

  • Cite this