A Reference Separation Architecture for Mixed-Criticality Medical and IoT Devices

Low cost embedded cyber-physical systems and ubiquitous networking has opened up a new world of connected devices in our homes, workplaces, automobiles, and medical clinics. Unfortunately, security has not progressed at the same pace, exposing unwitting users to loss of privacy, personal identifying information, and even safety. This is especially true for connected medical devices which interact directly with patients. Many of these medical devices lack even basic security, and instead rely on rigidly controlled environments of use, which are difficult to achieve and maintain. The Intrinsically Secure, Open and Safe Cyber-Physically Enabled, Life-Critical Essential Services (ISOSCELES) architecture is a reference implementation for future mixed-criticality medical and Internet of Things (IoT) system designs. This reference implementation will allow manufacturers to focus on the clinical side of their product, reducing the time and effort spent ensuring that security vulnerabilities in the resulting platform minimize adverse impacts on patient safety. ISOSCELES' separation architecture, backed by model-based analysis and configuration tools, simplifies product-line design and maintenance, since changes made to only one partition will have limited to no effect on other partitions.

[1]  John Hatcliff,et al.  Towards an AADL-Based Definition of App Architecture for Medical Application Platforms , 2014, FHIES/SEHC.

[2]  The Value of Medical Device Interoperability Improving patient care with more than $ 30 billion in annual health care savings , 2013 .

[3]  Insup Lee,et al.  Rationale and Architecture Principles for Medical Application Platforms , 2012, 2012 IEEE/ACM Third International Conference on Cyber-Physical Systems.

[4]  Kejia Li,et al.  Component-based app design for platform-oriented devices in a medical device coordination framework , 2012, IHI '12.

[5]  Jörgen Hansson,et al.  Model-Based Verification of Security and Non-Functional Behavior using AADL , 2016, IEEE S&P 2016.

[6]  Manisha Mantri,et al.  Integrating the Healthcare Enterprise (IHE) , 2013 .

[7]  Patrice Chalin,et al.  Open source Patient-Controlled Analgesic pump requirements documentation , 2013, 2013 5th International Workshop on Software Engineering in Health Care (SEHC).

[8]  Eugene Y. Vasserman,et al.  Foundational Security Principles for Medical Application Platforms - (Extended Abstract) , 2013, WISA.

[9]  Insup Lee,et al.  Generic Infusion Pump Hazard Analysis and Safety Requirements Version 1.0 , 2009 .

[10]  Eugene Y. Vasserman,et al.  SAFE and Secure: Deeply Integrating Security in a New Hazard Analysis , 2017, ARES.

[11]  Eugene Y. Vasserman,et al.  Retrofitting Communication Security into a Publish/Subscribe Middleware Platform , 2014, FHIES/SEHC.

[12]  John Hatcliff,et al.  An architecturally-integrated, systems-based hazard analysis for medical applications , 2014, 2014 Twelfth ACM/IEEE Conference on Formal Methods and Models for Codesign (MEMOCODE).

[13]  Subasish Mohapatra,et al.  Virtualization: A Survey on Concepts, Taxonomy and Associated Security Issues , 2010, 2010 Second International Conference on Computer and Network Technology.

[14]  Jörgen Hansson,et al.  System Architecture Virtual Integration: An Industrial Case Study , 2009 .