The danger of missing instructions: A systematic analysis of security requirements for MCPS

Josephine Lamp, Carlos E. Rubio-Medrano, Ziming Zhao, Gail-Joon Ahn

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The proliferation of networked medical devices has resulted in the development of innovative Medical Cyber-Physical Systems (MCPS) that promise more coordinated and high quality of care for patients. Unsurprisingly, the cybersecurity of MCPS is of high concern, as they are life-critical systems that, if compromised, may result in dire consequences to the patient. A variety of security requirements have been developed over the past 10 years as a result of governmental acts such as HITECH in order to better secure and protect healthcare environments. However, it is unclear how applicable these re-quirements may be to MCPS infrastructures. As a result, this case study analyzes current healthcare security requirements and their applicability to MCPS using an approach that leverages ontological representations and automated requirement traversal techniques. Using such a methodology, we find that 70% of applicable requirements/risks for MCPS components are missing from the security documentation, including serious items such as Authentication, Data Encryption, DoS attacks, and Legacy Vulnerabilities. We also validate our results within real-world instances and find that almost half of the relevant requirements are not implemented within existing MCPS architectures.

Original languageEnglish (US)
Title of host publicationProceedings - 2018 IEEE/ACM International Conference on Connected Health
Subtitle of host publicationApplications, Systems and Engineering Technologies, CHASE 2018
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages94-99
Number of pages6
ISBN (Electronic)9781538672068
DOIs
StatePublished - Feb 21 2019
Event3rd IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies, CHASE 2018 - Washington, United States
Duration: Sep 26 2018Sep 28 2018

Publication series

NameProceedings - 2018 IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies, CHASE 2018

Conference

Conference3rd IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies, CHASE 2018
CountryUnited States
CityWashington
Period9/26/189/28/18

Keywords

  • MCPS
  • Medical Cyber Physical Systems
  • Ontology
  • Requirements Analysis
  • Security Requirements

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Biomedical Engineering
  • Health(social science)
  • Communication
  • Software
  • Computer Science Applications
  • Health Informatics

Fingerprint Dive into the research topics of 'The danger of missing instructions: A systematic analysis of security requirements for MCPS'. Together they form a unique fingerprint.

  • Cite this

    Lamp, J., Rubio-Medrano, C. E., Zhao, Z., & Ahn, G-J. (2019). The danger of missing instructions: A systematic analysis of security requirements for MCPS. In Proceedings - 2018 IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies, CHASE 2018 (pp. 94-99). (Proceedings - 2018 IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies, CHASE 2018). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1145/3278576.3278602