Threat-Driven Approach for Security Analysis: A Case Study with a Telemedicine System

The advancement of the control system in modern critical systems ranges from a gaming system to a critical system that has opened up new possibilities in the industrial and social sectors. This technology provides remote control to the operational process of the system and delivers on-demand services to the user, which saves time and effort. However, the failure of these systems may lead to catastrophic accidents. Thus, there is a strong need to analyze the security of these safety-critical systems (SCSs) at the design level by using the state-space modeling technique. Much of the researchers have done work on the security analysis of SCSs. However, they have not considered very critical aspects as liveness and starvation to analyze the security of SCSs. In this work, we propose an innovative method to analyze the security of SCSs with missing metrics as liveness and starvation via using the mathematical modeling technique Petri net (PN). The validation of the proposed methodology has been checked via applying it on the telemedicine system.

[1]  Eugene Babeshko,et al.  Applying F(I)MEA-technique for SCADA-Based Industrial Control Systems Dependability Assessment and Ensuring , 2008, 2008 Third International Conference on Dependability of Computer Systems DepCoS-RELCOMEX.

[2]  Tadao Murata,et al.  Petri nets: Properties, analysis and applications , 1989, Proc. IEEE.

[3]  N. Ramakrishnan,et al.  Safety and Quality Metrics for ICU Telemedicine: Measuring Success , 2019, Telemedicine in the ICU.

[4]  Marcello Ferro,et al.  Personal Health System architecture for stress monitoring and support to clinical decisions , 2012, Comput. Commun..

[5]  Xinyu Yang,et al.  Data Integrity Attacks Against Dynamic Route Guidance in Transportation-Based Cyber-Physical Systems: Modeling, Analysis, and Defense , 2018, IEEE Transactions on Vehicular Technology.

[6]  Gengxin Sun,et al.  Design and Analysis of Field Telemedicine Information Communication Protocol Based on Wireless Sensor Network , 2019, IEEE Access.

[7]  Ming-Feng Yeh,et al.  Real-time ECG telemonitoring system design with mobile phone platform , 2008 .

[8]  V. N. Venkatakrishnan,et al.  A Threat Table Based Approach to Telemedicine Security i , 2013 .

[9]  Stanislav Abaimov,et al.  Selected Issues of Cyber Security Practices in CBRNeCy Critical Infrastructure , 2017 .

[10]  I. Hogganvik,et al.  Model-based security analysis in seven steps — a guided tour to the CORAS method , 2007 .

[11]  Zuohua Ding,et al.  Modeling and analysis of interactive telemedicine systems , 2013, Innovations in Systems and Software Engineering.

[12]  Aldo von Wangenheim,et al.  Software Quality Evaluation of the Laboratory Information System Used in the Santa Catarina State Integrated Telemedicine and Telehealth System , 2016, 2016 IEEE 29th International Symposium on Computer-Based Medical Systems (CBMS).

[13]  Dongmei Zhang,et al.  An approach for modeling and analyzing the communication protocols in a telemedicine system , 2013, 2013 6th International Conference on Biomedical Engineering and Informatics.

[15]  Dianxiang Xu,et al.  Threat-driven modeling and verification of secure software using aspect-oriented Petri nets , 2006, IEEE Transactions on Software Engineering.

[16]  Chiranjeev Kumar,et al.  An optimized technique for reliability analysis of safety‐critical systems: A case study of nuclear power plant , 2018, Qual. Reliab. Eng. Int..

[17]  M. Abo-Zahhad,et al.  A Wireless Emergency Telemedicine System for Patients Monitoring and Diagnosis , 2014, International journal of telemedicine and applications.

[18]  Mingye Liu,et al.  Fault Tree Analysis for Safety/Security Verification in Aviation Software , 2013 .