论文信息 - Attack Graph Modeling for Implantable Pacemaker

Attack Graph Modeling for Implantable Pacemaker

Remote health monitoring systems are used to audit implantable medical devices or patients’ health in a non-clinical setting. These systems are prone to cyberattacks exploiting their critical vulnerabilities. Thus, threatening patients’ health and confidentiality. In this paper, a pacemaker automatic remote monitoring system (PARMS) is modeled using architecture analysis and design language (AADL), formally characterized, and checked using the JKind model checker tool. The generated attack graph is visualized using the Graphviz tool, and classifies security breaches through the violation of the security features of significance. The developed attack graph showed the essentiality of setting up appropriate security measures in PARMS.

[1] Haider Abbas,et al. Security Vulnerabilities, Attacks, Countermeasures, and Regulations of Networked Medical Devices—A Review , 2019, IEEE Communications Surveys & Tutorials.

[2] William Bradley Glisson,et al. Attack-Graph Threat Modeling Assessment of Ambulatory Medical Devices , 2017, HICSS.

[3] Dong Seong Kim,et al. A Framework for Modeling and Assessing Security of the Internet of Things , 2015, 2015 IEEE 21st International Conference on Parallel and Distributed Systems (ICPADS).

[4] Manghui Tu. Data Loss Prevention Management and Control: Inside Activity Incident Monitoring, Identification, and Tracking in Healthcare Enterprise Environments , 2015, J. Digit. Forensics Secur. Law.

[5] Cesare Tinelli,et al. Proof certificates for SMT-based model checkers for infinite-state systems , 2016, 2016 Formal Methods in Computer-Aided Design (FMCAD).

[6] Mary Sheeran,et al. Checking Safety Properties Using Induction and a SAT-Solver , 2000, FMCAD.

[7] Kevin Fu,et al. They can hear your heartbeats: non-invasive security for implantable medical devices , 2011, SIGCOMM.

[8] Pascal Raymond,et al. The synchronous data flow programming language LUSTRE , 1991, Proc. IEEE.

[9] Florian Kammüller,et al. Formal Modeling and Analysis with Humans in Infrastructures for IoT Health Care Systems , 2017, HCI.

[10] Loukas Lazos,et al. Multimodal Graph Analysis of Cyber Attacks , 2019, 2019 Spring Simulation Conference (SpringSim).

[11] Mamadou Bilo Doumbouya,et al. Combining conceptual graphs and argumentation for aiding in the teleexpertise , 2015, Comput. Biol. Medicine.

[12] Umashankar Lakshmanadoss,et al. Telemonitoring of the Pacemakers , 2011 .

[13] Jian Xu,et al. Systematic Vulnerability Evaluation of Interoperable Medical Device System using Attack Trees , 2015 .

[14] Kishore D. Kulat,et al. Design Overview Of Processor Based Implantable Pacemaker , 2008, J. Comput..

[15] Christoph P. Mayer. Electronic Communications of the EASST Volume 17 ( 2009 ) Workshops der Wissenschaftlichen Konferenz Kommunikation in Verteilten Systemen 2009 ( WowKiVS 2009 ) Security and Privacy Challenges in the Internet of Things , 2008 .

[16] Thomas Nagunwa. Behind Identity Theft and Fraud in Cyberspace: The Current Landscape of Phishing Vectors , 2014 .

[17] Andrew Jones,et al. Internet of Things Security: A Review of Risks and Threats to Healthcare Sector , 2017, 2017 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[18] S Sarah Ibrahimi. A secure communication model for the pacemaker:a balance between security mechanisms and emergency access , 2014 .

[19] Jian Xu,et al. A methodology for systematic attack trees generation for interoperable medical devices , 2016, 2016 Annual IEEE Systems Conference (SysCon).

[20] Long Cheng,et al. On Threat Modeling and Mitigation of Medical Cyber-Physical Systems , 2017, 2017 IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies (CHASE).

[21] William Bradley Glisson,et al. A Bleeding Digital Heart: Identifying Residual Data Generation from Smartphone Applications Interacting with Medical Devices , 2019, HICSS.

[22] Kyung-Sup Kwak,et al. The Internet of Things for Health Care: A Comprehensive Survey , 2015, IEEE Access.

[23] Curtis R. Taylor,et al. Understanding the security of interoperable medical devices using attack graphs , 2014, HiCoNS.

[24] A. Härenstam,et al. The Healthcare Sector , 2017 .

[25] J E MALCOLM,et al. A pulse generator. , 1961, British medical journal.

[26] Christos Strydis,et al. Attack-tree-based Threat Modeling of Medical Implants , 2018, PROOFS@CHES.

[27] Anastasiia Strielkina,et al. Availability models for healthcare IoT systems: Classification and research considering attacks on vulnerabilities , 2018, 2018 IEEE 9th International Conference on Dependable Systems, Services and Technologies (DESSERT).

[28] Noureddine Boudriga,et al. Cardiac Implantable Medical Devices forensics: Postmortem analysis of lethal attacks scenarios , 2017, Digit. Investig..

[29] Mohsen Guizani,et al. Automated Attack and Defense Framework for 5G Security on Physical and Logical Layers , 2019, ArXiv.

[30] Rami Puzis,et al. Deployment optimization of IoT devices through attack graph analysis , 2019, WiSec.

[31] Marc Sango,et al. Model-Based System, Safety and Security Co-Engineering Method and Toolchain for Medical Devices Design , 2019 .

[32] Zhenkai Liang,et al. I Can See Your Brain: Investigating Home-Use Electroencephalography System Security , 2019, IEEE Internet of Things Journal.