Skip to main content
Article
Security and Interoperable Medical Device Systems, Part 2: Failures, Consequences and Classifications
Security and Privacy, IEEE
  • Eugene Vasserman, Kansas State University
  • Krishna Venkatasubramanian, Worcester Polytechnic Institute
  • Oleg Sokolsky, University of Pennsylvania
  • Insup Lee, University of Pennsylvania
Date of this Version
11-1-2012
Document Type
Journal Article
Comments
Part 1 available at: http://repository.upenn.edu/cis_papers/749
Abstract
Interoperable medical devices (IMDs) face threats due to the increased attack surface presented by interoperability and the corresponding infrastructure. Introducing networking and coordination functionalities fundamentally alters medical systems' security properties. Understanding the threats is an important first step in eventually designing security solutions for such systems. Part 2 of this two-part article defines a failure model, or the specific ways in which IMD environments might fail when attacked. An attack-consequences model expresses the combination of failures experienced by IMD environments for each attack vector. This analysis leads to interesting conclusions about regulatory classes of medical devices in IMD environments subject to attacks.
DOI
10.1109/MSP.2012.153
Copyright/Permission Statement
© 2012 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Keywords
  • ICE,
  • IMD,
  • Integrated Clinical Environment,
  • attack model,
  • attack vectors,
  • computer security,
  • interoperability,
  • interoperable medical devices,
  • medical devices
Citation Information
Eugene Vasserman, Krishna Venkatasubramanian, Oleg Sokolsky and Insup Lee. "Security and Interoperable Medical Device Systems, Part 2: Failures, Consequences and Classifications" Security and Privacy, IEEE Vol. 10 Iss. 5 (2012) p. 70 - 73
Available at: http://works.bepress.com/sokolsky/14/