Probabilistic Security Threat Detection for Risk Management in Cyber-Physical Medical Systems

Probabilistic Security Threat Detection for Risk Management in Cyber-Physical Medical Systems

Medical devices are complex cyber-physical systems incorporating emergent hardware and software components. In addition, interoperability and communication capabilities have been augmented, increasing the convenience and functionality of such devices. However, this complexity leads to a wide attack...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE software 2018-01, p.1-1
Hauptverfasser: Rao, Aakarsh, Carreon Rascon, Nadir, Lysecky, Roman, Rozenblit, J.W.
Format: Artikel
Sprache:eng
Schlagworte:
computer systems organization
management
medical device security
Object recognition
operating systems
Pacemakers
Probabilistic logic
real-time and embedded systems
Risk management
Runtime
Security
security and privacy protection
software engineering
software/software engineering
special-purpose and application-based systems
threat estimation
Timing
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 1
container_issue
container_start_page 1
container_title IEEE software
container_volume
creator Rao, Aakarsh
Carreon Rascon, Nadir
Lysecky, Roman
Rozenblit, J.W.
description Medical devices are complex cyber-physical systems incorporating emergent hardware and software components. In addition, interoperability and communication capabilities have been augmented, increasing the convenience and functionality of such devices. However, this complexity leads to a wide attack surface posing security risks and vulnerabilities. Mitigation and management of such risks during premarket design and postmarket deployment are required. Dynamically mitigating threat potential in the presence of unknown vulnerabilities requires an adaptive risk based mitigation scheme to assess the systems state, a secure system architecture that can isolate hardware and software components, and design methods that can adaptively adjust the systems topology based on risk changes. An essential complementary aspect during deployment is detecting, characterizing and quantifying security threats. In this paper, we present a dynamic risk management and mitigation approach based on probabilistic threat estimation. We show a case study of our approach on a smart connected pacemaker.
doi_str_mv 10.1109/MS.2018.110165557
format Article
fullrecord <record><control><sourceid>crossref_RIE</sourceid><recordid>TN_cdi_crossref_primary_10_1109_MS_2018_110165557</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>8254312</ieee_id><sourcerecordid>10_1109_MS_2018_110165557</sourcerecordid><originalsourceid>FETCH-LOGICAL-c132t-243de641aba2befdf922a581fc8e22f5b2d71900cc978b958655b2989be5066a3</originalsourceid><addsrcrecordid>eNo9kN9KwzAYxYMoOKcPIN7kBar50qRtLmX-hRWHnZdSkvSLi26tJPGib-_mZFeHA-ccOD9CLoFdAzB1UzfXnEG1M1BIKcsjMgGVl5kAJY7JhJWCZaWQ6pScxfjJGJOQswl5X4TBaOPXPiZvaYP2J_g00uUqoE70DhPa5IeeuiHQVx-_aK17_YEb7BP1PZ2NBkO2WI3RW72mNXZ_2owx4SaekxOn1xEv_nVK3h7ul7OnbP7y-Dy7nWcWcp4yLvIOCwHaaG7QdU5xrmUFzlbIuZOGdyUoxqxVZWWUrLYPDVeVMihZUeh8SmC_a8MQY0DXfge_0WFsgbU7Pm3dtDs-7YHPtnO173hEPOQrLkUOPP8Fw4diMA</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Probabilistic Security Threat Detection for Risk Management in Cyber-Physical Medical Systems</title><source>IEEE Electronic Library (IEL)</source><creator>Rao, Aakarsh ; Carreon Rascon, Nadir ; Lysecky, Roman ; Rozenblit, J.W.</creator><creatorcontrib>Rao, Aakarsh ; Carreon Rascon, Nadir ; Lysecky, Roman ; Rozenblit, J.W.</creatorcontrib><description>Medical devices are complex cyber-physical systems incorporating emergent hardware and software components. In addition, interoperability and communication capabilities have been augmented, increasing the convenience and functionality of such devices. However, this complexity leads to a wide attack surface posing security risks and vulnerabilities. Mitigation and management of such risks during premarket design and postmarket deployment are required. Dynamically mitigating threat potential in the presence of unknown vulnerabilities requires an adaptive risk based mitigation scheme to assess the systems state, a secure system architecture that can isolate hardware and software components, and design methods that can adaptively adjust the systems topology based on risk changes. An essential complementary aspect during deployment is detecting, characterizing and quantifying security threats. In this paper, we present a dynamic risk management and mitigation approach based on probabilistic threat estimation. We show a case study of our approach on a smart connected pacemaker.</description><identifier>ISSN: 0740-7459</identifier><identifier>EISSN: 1937-4194</identifier><identifier>DOI: 10.1109/MS.2018.110165557</identifier><identifier>CODEN: IESOEG</identifier><language>eng</language><publisher>IEEE</publisher><subject>computer systems organization ; management ; medical device security ; Object recognition ; operating systems ; Pacemakers ; Probabilistic logic ; real-time and embedded systems ; Risk management ; Runtime ; Security ; security and privacy protection ; software engineering ; software/software engineering ; special-purpose and application-based systems ; threat estimation ; Timing</subject><ispartof>IEEE software, 2018-01, p.1-1</ispartof><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/8254312$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,776,780,792,27903,27904,54736</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/8254312$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Rao, Aakarsh</creatorcontrib><creatorcontrib>Carreon Rascon, Nadir</creatorcontrib><creatorcontrib>Lysecky, Roman</creatorcontrib><creatorcontrib>Rozenblit, J.W.</creatorcontrib><title>Probabilistic Security Threat Detection for Risk Management in Cyber-Physical Medical Systems</title><title>IEEE software</title><addtitle>S-M</addtitle><description>Medical devices are complex cyber-physical systems incorporating emergent hardware and software components. In addition, interoperability and communication capabilities have been augmented, increasing the convenience and functionality of such devices. However, this complexity leads to a wide attack surface posing security risks and vulnerabilities. Mitigation and management of such risks during premarket design and postmarket deployment are required. Dynamically mitigating threat potential in the presence of unknown vulnerabilities requires an adaptive risk based mitigation scheme to assess the systems state, a secure system architecture that can isolate hardware and software components, and design methods that can adaptively adjust the systems topology based on risk changes. An essential complementary aspect during deployment is detecting, characterizing and quantifying security threats. In this paper, we present a dynamic risk management and mitigation approach based on probabilistic threat estimation. We show a case study of our approach on a smart connected pacemaker.</description><subject>computer systems organization</subject><subject>management</subject><subject>medical device security</subject><subject>Object recognition</subject><subject>operating systems</subject><subject>Pacemakers</subject><subject>Probabilistic logic</subject><subject>real-time and embedded systems</subject><subject>Risk management</subject><subject>Runtime</subject><subject>Security</subject><subject>security and privacy protection</subject><subject>software engineering</subject><subject>software/software engineering</subject><subject>special-purpose and application-based systems</subject><subject>threat estimation</subject><subject>Timing</subject><issn>0740-7459</issn><issn>1937-4194</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2018</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNo9kN9KwzAYxYMoOKcPIN7kBar50qRtLmX-hRWHnZdSkvSLi26tJPGib-_mZFeHA-ccOD9CLoFdAzB1UzfXnEG1M1BIKcsjMgGVl5kAJY7JhJWCZaWQ6pScxfjJGJOQswl5X4TBaOPXPiZvaYP2J_g00uUqoE70DhPa5IeeuiHQVx-_aK17_YEb7BP1PZ2NBkO2WI3RW72mNXZ_2owx4SaekxOn1xEv_nVK3h7ul7OnbP7y-Dy7nWcWcp4yLvIOCwHaaG7QdU5xrmUFzlbIuZOGdyUoxqxVZWWUrLYPDVeVMihZUeh8SmC_a8MQY0DXfge_0WFsgbU7Pm3dtDs-7YHPtnO173hEPOQrLkUOPP8Fw4diMA</recordid><startdate>20180111</startdate><enddate>20180111</enddate><creator>Rao, Aakarsh</creator><creator>Carreon Rascon, Nadir</creator><creator>Lysecky, Roman</creator><creator>Rozenblit, J.W.</creator><general>IEEE</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope></search><sort><creationdate>20180111</creationdate><title>Probabilistic Security Threat Detection for Risk Management in Cyber-Physical Medical Systems</title><author>Rao, Aakarsh ; Carreon Rascon, Nadir ; Lysecky, Roman ; Rozenblit, J.W.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c132t-243de641aba2befdf922a581fc8e22f5b2d71900cc978b958655b2989be5066a3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2018</creationdate><topic>computer systems organization</topic><topic>management</topic><topic>medical device security</topic><topic>Object recognition</topic><topic>operating systems</topic><topic>Pacemakers</topic><topic>Probabilistic logic</topic><topic>real-time and embedded systems</topic><topic>Risk management</topic><topic>Runtime</topic><topic>Security</topic><topic>security and privacy protection</topic><topic>software engineering</topic><topic>software/software engineering</topic><topic>special-purpose and application-based systems</topic><topic>threat estimation</topic><topic>Timing</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Rao, Aakarsh</creatorcontrib><creatorcontrib>Carreon Rascon, Nadir</creatorcontrib><creatorcontrib>Lysecky, Roman</creatorcontrib><creatorcontrib>Rozenblit, J.W.</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><jtitle>IEEE software</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Rao, Aakarsh</au><au>Carreon Rascon, Nadir</au><au>Lysecky, Roman</au><au>Rozenblit, J.W.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Probabilistic Security Threat Detection for Risk Management in Cyber-Physical Medical Systems</atitle><jtitle>IEEE software</jtitle><stitle>S-M</stitle><date>2018-01-11</date><risdate>2018</risdate><spage>1</spage><epage>1</epage><pages>1-1</pages><issn>0740-7459</issn><eissn>1937-4194</eissn><coden>IESOEG</coden><abstract>Medical devices are complex cyber-physical systems incorporating emergent hardware and software components. In addition, interoperability and communication capabilities have been augmented, increasing the convenience and functionality of such devices. However, this complexity leads to a wide attack surface posing security risks and vulnerabilities. Mitigation and management of such risks during premarket design and postmarket deployment are required. Dynamically mitigating threat potential in the presence of unknown vulnerabilities requires an adaptive risk based mitigation scheme to assess the systems state, a secure system architecture that can isolate hardware and software components, and design methods that can adaptively adjust the systems topology based on risk changes. An essential complementary aspect during deployment is detecting, characterizing and quantifying security threats. In this paper, we present a dynamic risk management and mitigation approach based on probabilistic threat estimation. We show a case study of our approach on a smart connected pacemaker.</abstract><pub>IEEE</pub><doi>10.1109/MS.2018.110165557</doi><tpages>1</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 0740-7459
ispartof IEEE software, 2018-01, p.1-1
issn 0740-7459
1937-4194
language eng
recordid cdi_crossref_primary_10_1109_MS_2018_110165557
source IEEE Electronic Library (IEL)
subjects computer systems organization
management
medical device security
Object recognition
operating systems
Pacemakers
Probabilistic logic
real-time and embedded systems
Risk management
Runtime
Security
security and privacy protection
software engineering
software/software engineering
special-purpose and application-based systems
threat estimation
Timing
title Probabilistic Security Threat Detection for Risk Management in Cyber-Physical Medical Systems
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-27T03%3A56%3A08IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-crossref_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Probabilistic%20Security%20Threat%20Detection%20for%20Risk%20Management%20in%20Cyber-Physical%20Medical%20Systems&rft.jtitle=IEEE%20software&rft.au=Rao,%20Aakarsh&rft.date=2018-01-11&rft.spage=1&rft.epage=1&rft.pages=1-1&rft.issn=0740-7459&rft.eissn=1937-4194&rft.coden=IESOEG&rft_id=info:doi/10.1109/MS.2018.110165557&rft_dat=%3Ccrossref_RIE%3E10_1109_MS_2018_110165557%3C/crossref_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=8254312&rfr_iscdi=true