A. Rao, J. Rozenblit, R. Lysecky and J. Sametinger: Composite Risk Modeling For Automated Threat Mitigation In Medical Devices; MSM 2017 - Modeling and Simulation in Medicine, in SpringSim'17 Spring Simulation Multi-Conference, Virginia Beach, Virginia, USA, April 23 –26, 2017.
ACM DL, DOI: 10.22360/SpringSim.2017.MSM.013

Medical device security is a growing concern with the increasing incorporation of complex software and hardware. Security threats exploiting vulnerabilities in medical devices may directly impact patient safety. Medical devices in particular, provide a high-risk attack surface due to their resource-constraint nature, off-the-shelf software, human-in-the-loop use case, interconnectivity and persistent maintenance of essential functionality. Standardization and federal organizations are actively involved in setting up new paradigms for guidance and regulation of medical device security management throughout their lifecycle. To protect medical devices against security attacks a risk-based framework that continually manages and assesses security risks along with their proactive addressing is highly recommended. In this paper, we model a multi-modal design approach for risk assessment in a medical device and propose an adaptive remediation scheme to mitigate security threats. Our multi-modal approach is integrated into the hardware-software design development of medical device with a middleware for interaction between the modes. This provides an effective premarket risk management while the adaptive remediation scheme pro-actively mitigate risk during postmarket deployment. We model our approaches in detail and demonstrate them in a pacemaker design model and deployment scenario.

Composite Risk Modeling For Automated Threat Mitigation In Medical Devices