The Community for Technology Leaders
RSS Icon
Issue No.06 - Nov.-Dec. (2012 vol.10)
pp: 70-73
Eugene Y. Vasserman , Kansas State University
Krishna K. Venkatasubramanian , Worcester Polytechnic Institute
Oleg Sokolsky , University of Pennsylvania
Insup Lee , University of Pennsylvania
Interoperable medical devices (IMDs) face threats due to the increased attack surface presented by interoperability and the corresponding infrastructure. Introducing networking and coordination functionalities fundamentally alters medical systems' security properties. Understanding the threats is an important first step in eventually designing security solutions for such systems. Part 2 of this two-part article defines a failure model, or the specific ways in which IMD environments might fail when attacked. An attack-consequences model expresses the combination of failures experienced by IMD environments for each attack vector. This analysis leads to interesting conclusions about regulatory classes of medical devices in IMD environments subject to attacks. Part 1 can be found here:
Medical services, Biomedical equipment, Failure analysis, Computer security, Interoperability, IMD, interoperable medical devices, medical devices, computer security, interoperability, Integrated Clinical Environment, ICE, attack model, attack vectors
Eugene Y. Vasserman, Krishna K. Venkatasubramanian, Oleg Sokolsky, Insup Lee, "Security and Interoperable-Medical-Device Systems, Part 2: Failures, Consequences, and Classification", IEEE Security & Privacy, vol.10, no. 6, pp. 70-73, Nov.-Dec. 2012, doi:10.1109/MSP.2012.153
1. D. Arney et al., “Biomedical Devices and Systems Security,” Proc. 33rd Ann. Int'l Conf. IEEE Eng. in Medicine and Biology Soc. (EMBC 11), IEEE, 2011, pp. 2376–2379.
2. ASTM F2761 - 09 Medical Devices and Medical Systems—Essential Safety Requirements for Equipment Comprising the Patient-Centric Integrated Clinical Environment (ICE)—Part 1: General Requirements and Conceptual Model, ASTM F29.21, ASTM Int'l, 2009.
3. M. Clarke et al., “Developing a Standard for Personal Health Devices Based on 11073,” Proc. 29th Ann. Int'l Conf. IEEE Eng. in Medicine and Biology Soc. (EMBC 07), IEEE, 2007, pp. 6174–6176.
4. “Introduction to HL7 Standards,” Health Level Seven Int'l, 2012;
5. Integrating the Healthcare Enterprise, IHE Int'l, 2012;
6. K.K. Venkatasubramanian et al., “Security and Interoperable-Medical-Device Systems, Part 1,” IEEE Security & Privacy, vol. 10, no. 5, 2012, pp. 61–63.
7. B.M. O'Halloran, R.B. Stone, and I.Y. Tumer, “A Failure Modes and Mechanisms Naming Taxonomy,” Proc. 2012 Ann. Reliability and Maintainability Symp. (RAMS 12), IEEE, 2012.
8. S.J. Uder, R.B. Stone, and I.Y. Tumer, “Failure Analysis in Subsystem Design for Space Missions,” Proc. 16th Int'l Conf. Design Theory and Methodology, ASME, 2004, pp. 201–217.
9. J.A. Collins, Failure of Materials in Mechanical Design: Analysis, Prediction, Prevention, 2nd ed., Wiley Interscience, 1981.
10. S. Mauw and M. Oostdijk, Foundations of Attack Trees, LNCS 3935, Elsevier, 2005.
11. P. Wu, W. Zhigang, and C. Junhua, “Research on Attack Intention Recognition Based on Graphical Model,” Proc. 2009 5th Int'l Conf. Information Assurance and Security (IAS 09), vol. 1, IEEE CS, 2009, pp. 360–363.
12. S. Song et al., “Capability-Centric Attack Model for Network Security Analysis,” Proc. 2nd Int'l Conf. Signal Processing Systems (ICSPS 10), vol. 2, IEEE, 2010, pp. 372–376.
13. “Device Classification Panels,” US Food and Drug Administration, 2012; Overview/ClassifyYourDevice ucm051530.htm.
14. J. Hatcliff et al., “An Overview of Regulatory and Trust Issues for the Integrated Clinical Environment,” Proc. 2011 High-Confidence Medical Device Systems and Software Workshop, 2011.
17 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool