Security and Interoperable-Medical-Device Systems, Part 2: Failures, Consequences, and Classification

Interoperable medical devices (IMDs) face threats due to the increased attack surface presented by interoperability and the corresponding infrastructure. Introducing networking and coordination functionalities fundamentally alters medical systems' security properties. Understanding the threats is an important first step in eventually designing security solutions for such systems. Part 2 of this two-part article defines a failure model, or the specific ways in which IMD environments might fail when attacked. An attack-consequences model expresses the combination of failures experienced by IMD environments for each attack vector. This analysis leads to interesting conclusions about regulatory classes of medical devices in IMD environments subject to attacks. Part 1 can be found here: http://doi.ieeecomputersociety.org/10.1109/MSP.2012.128.

[1]  J. Collins Failure of materials in mechanical design : analysis, prediction, prevention , 1981 .

[2]  Drew Pg Integrating the healthcare enterprise. , 2000, M.D. computing : computers in medical practice.

[3]  Irem Y. Tumer,et al.  Failure Analysis in Subsystem Design for Space Missions , 2004 .

[4]  Sjouke Mauw,et al.  Foundations of Attack Trees , 2005, ICISC.

[5]  M. Clarke Developing a Standard for Personal Health Devices based on 11073 , 2007, 2007 29th Annual International Conference of the IEEE Engineering in Medicine and Biology Society.

[6]  Malcolm Clarke,et al.  Developing a standard for personal health devices based on 11,073. , 2007, Studies in health technology and informatics.

[7]  Junhua Chen,et al.  Research on Attack Intention Recognition Based on Graphical Model , 2009, 2009 Fifth International Conference on Information Assurance and Security.

[8]  Yuliang Lu,et al.  Capability-centric attack model for network security analysis , 2010, 2010 2nd International Conference on Signal Processing Systems.

[9]  Eugene Y. Vasserman,et al.  An Overview of Regulatory and Trust Issues for the Integrated Clinical Environment , 2011 .

[10]  Insup Lee,et al.  Biomedical devices and systems security , 2011, 2011 Annual International Conference of the IEEE Engineering in Medicine and Biology Society.

[11]  B. M. O'Halloran,et al.  A failure modes and mechanisms naming taxonomy , 2012, 2012 Proceedings Annual Reliability and Maintainability Symposium.

[12]  Insup Lee,et al.  Security and Interoperable-Medical-Device Systems, Part 1 , 2012, IEEE Security & Privacy.