Title :
Security Assurance Cases for Medical Cyber–Physical Systems
Author :
Ray, Arnab ; Cleaveland, Rance
Author_Institution :
Fraunhofer Center for Exp. Software Eng., USA
Abstract :
With cybersecurity increasingly becoming a focus of regulatory concern, both medical device manufacturers and regulators are facing another challenge: how to establish, and also demonstrate, that the devices are also secure. This paper outlines an approach to constructing assurance cases to capture assumptions about the attacker by 1) identifying the hazards of interest to attacker; 2) identifying attack surfaces; 3) enumerating vulnerabilities and attack scenarios; and 4) ranking attack scenarios on the basis of a risk model. Introducing the security considerations early in the design cycle, we can better integrate security with existing engineering processes to yield documents that both improve the engineering processes and are acceptable for regulatory oversight.
Keywords :
medical computing; security of data; attack scenarios ranking; attack surfaces identification; cybersecurity; hazards-of-interest identification; medical cyber-physical systems; medical device manufacturers; medical device regulators; security assurance case; security considerations; vulnerabilities enumeration; Computer hacking; Hazards; Object recognition; Regulators; assurance cases; certification of medical devices; medical device security;
Journal_Title :
Design & Test, IEEE
DOI :
10.1109/MDAT.2015.2468222
