4,764 research outputs found

    Assuring the Safety of On-Demand Medical Cyber-Physical Systems

    Get PDF
    We present an approach to establish safety of on-demand medical cyber-physical systems which are assembled to treat a patient in a specific clinical scenario. We treat such a system as a virtual medial device (VMD) and propose a model-based framework that includes a modeling language with formal semantics and a medical application platform (MAP) that provides the necessary deployment support for the VMD models

    Medical Cyber-Physical Systems Development: A Forensics-Driven Approach

    Full text link
    The synthesis of technology and the medical industry has partly contributed to the increasing interest in Medical Cyber-Physical Systems (MCPS). While these systems provide benefits to patients and professionals, they also introduce new attack vectors for malicious actors (e.g. financially-and/or criminally-motivated actors). A successful breach involving a MCPS can impact patient data and system availability. The complexity and operating requirements of a MCPS complicates digital investigations. Coupling this information with the potentially vast amounts of information that a MCPS produces and/or has access to is generating discussions on, not only, how to compromise these systems but, more importantly, how to investigate these systems. The paper proposes the integration of forensics principles and concepts into the design and development of a MCPS to strengthen an organization's investigative posture. The framework sets the foundation for future research in the refinement of specific solutions for MCPS investigations.Comment: This is the pre-print version of a paper presented at the 2nd International Workshop on Security, Privacy, and Trustworthiness in Medical Cyber-Physical Systems (MedSPT 2017

    Cybersecurity Vulnerabilities in Medical Devices: A Complex Environment and Multifaceted Problem

    Get PDF
    The increased connectivity to existing computer networks has exposed medical devices to cybersecurity vulnerabilities from which they were previously shielded. For the prevention of cybersecurity incidents, it is important to recognize the complexity of the operational environment as well as to catalog the technical vulnerabilities. Cybersecurity protection is not just a technical issue; it is a richer and more intricate problem to solve. A review of the factors that contribute to such a potentially insecure environment, together with the identification of the vulnerabilities, is important for understanding why these vulnerabilities persist and what the solution space should look like. This multifaceted problem must be viewed from a systemic perspective if adequate protection is to be put in place and patient safety concerns addressed. This requires technical controls, governance, resilience measures, consolidated reporting, context expertise, regulation, and standards. It is evident that a coordinated, proactive approach to address this complex challenge is essential. In the interim, patient safety is under threat

    Understanding the Workforce Needs of New Jersey's Public Health and Other Disaster Management Employers

    Get PDF
    This report explores the priority workforce needs of New Jersey's public disaster management system. An advisory group of disaster management-related employers from law enforcement and state and local public health systems and educational institutions was convened in the spring of 2006 to identify priority workforce skill needs. Researchers also conducted interviews with state officials, domestic security, public health, and disaster planning experts, as well as reviews of labor market information, state and national websites, and industry and scholarly literature

    Towards Identifying and closing Gaps in Assurance of autonomous Road vehicleS - a collection of Technical Notes Part 1

    Get PDF
    This report provides an introduction and overview of the Technical Topic Notes (TTNs) produced in the Towards Identifying and closing Gaps in Assurance of autonomous Road vehicleS (Tigars) project. These notes aim to support the development and evaluation of autonomous vehicles. Part 1 addresses: Assurance-overview and issues, Resilience and Safety Requirements, Open Systems Perspective and Formal Verification and Static Analysis of ML Systems. Part 2: Simulation and Dynamic Testing, Defence in Depth and Diversity, Security-Informed Safety Analysis, Standards and Guidelines

    Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems.

    Get PDF
    Unlike practices in electrical and mechanical equipment engineering, Cyber-Physical Systems (CPS) do not have a set of standardized and harmonized practices for assurance and certification that ensures safe, secure and reliable operation with typical software and hardware architectures. This paper presents a recent initiative called AMASS (Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems) to promote harmonization, reuse and automation of labour-intensive certification-oriented activities via using model-based approaches and incremental techniques. AMASS will develop an integrated and holistic approach, a supporting tool ecosystem and a self-sustainable community for assurance and certification of CPS. The approach will be driven by architectural decisions (fully compatible with standards, e.g. AUTOSAR and IMA), including multiple assurance concerns such as safety, security and reliability. AMASS will support seamless interoperability between assurance/certification and engineering activities along with third-party activities (external assessments, supplier assurance). The ultimate aim is to lower certification costs in face of rapidly changing product features and market needs.This project has received funding from the Electronic Component Systems for European Leadership Joint Undertaking under grant agreement No 692474. This Joint Undertaking receives support from the European Union’s Horizon 2020 research and innovation programme and Spain, Czech Republic, Germany, Sweden, Austria, Italy, United Kingdom, Franc

    A framework to detect cyber-attacks against networked medical devices (Internet of Medical Things):an attack-surface-reduction by design approach

    Get PDF
    Most medical devices in the healthcare system are not built-in security concepts. Hence, these devices' built-in vulnerabilities prone them to various cyber-attacks when connected to a hospital network or cloud. Attackers can penetrate devices, tamper, and disrupt services in hospitals and clinics, which results in threatening patients' health and life. A specialist can Manage Cyber-attacks risks by reducing the system's attack surface. Attack surface analysis, either as a potential source for exploiting a potential vulnerability by attackers or as a medium to reduce cyber-attacks play a significant role in mitigating risks. Furthermore, it is necessitated to perform attack surface analysis in the design phase. This research proposes a framework that integrates attack surface concepts into the design and development of medical devices. Devices are classified as high-risk, medium-risk, and low-risk. After risk assessment, the employed classification algorithm detects and analyzes the attack surfaces. Accordingly, the relevant adapted security controls will be prompted to hinder the attack. The simulation and evaluation of the framework is the subject of further research.</p
    • …
    corecore