M. Riegler, J. Sametinger, Rozenblit: Context-aware Security Modes for Medical Devices, Annual Modeling and Simulation Conference ANNSIM’22, San Diego, CA, USA, July 18-20, 2022, pp. 372-382. Doi: 10.23919/ANNSIM55834.2022.985928

Medical devices require the provision of life-critical functionality even under adverse conditions. We imagineto model (at design time) and to switch (at run-time)security modes in a self-adaptive way, thus, reducing attack surfaces in case of a malfunction, attack, or when vulnerabilities become known. Modes return back to normal when patches are provided and installed. Context-aware devices can resiliently provide a degraded mode of operation with a smaller attack surface instead of completely disabling the whole system and/or a device recall. Healthcare organizations and patients should actively protect themselves by implicitly or explicitly switching to modes with reduced attack surfaces and, thus, limited ranges of activity for attackers. We use simulation to check all circumstances and theself-healing functionality to return to normal mode again. In this paper, we present our ongoing work to make medical devices more secure. We discuss how mode scan support that, how they are defined and which challenges they provide in order to secure medical devices.



Context-Aware Security Modes for Medical Devices