Probabilistic Threat Detection for Risk Management in Cyber-physical Medical Systems

Aakarsh Rao, Nadir Carreon, Roman Lysecky, Jerzy Rozenblit

Research output: Contribution to journalArticlepeer-review

32 Scopus citations

Abstract

Medical devices are complex cyber-physical systems incorporating emergent hardware and software components. However, this complexity leads to a wide attack surface posing security risks and vulnerabilities. Mitigation and management of such risks during premarket design and postmarket deployment are required. Dynamically mitigating threat potential in the presence of unknown vulnerabilities requires an adaptive risk-based scheme to assess the system's state, a secure system architecture that can isolate hardware and software components, and design methods that can adaptively adjust the system's topology based on risk changes. The essential complementary aspects during deployment are detecting, characterizing, and quantifying security threats. This article presents a dynamic risk management and mitigation approach based on probabilistic threat estimation. A smart-connected-pacemaker case study illustrates the approach. This article is part of a special issue on Software Safety and Security Risk Mitigation in Cyber-physical Systems.

Original languageEnglish (US)
Article number8239935
Pages (from-to)38-43
Number of pages6
JournalIEEE Software
Volume35
Issue number1
DOIs
StatePublished - Jan 1 2017

Keywords

  • medical-device security
  • risk assessment and management
  • software development
  • software engineering
  • threat estimation

ASJC Scopus subject areas

  • Software

Fingerprint

Dive into the research topics of 'Probabilistic Threat Detection for Risk Management in Cyber-physical Medical Systems'. Together they form a unique fingerprint.

Cite this