Papers
Topics
Authors
Recent
2000 character limit reached

CyMed: A Framework for Testing Cybersecurity of Connected Medical Devices (2310.03583v1)

Published 5 Oct 2023 in cs.CR and cs.CY

Abstract: Connected Medical Devices (CMDs) have a large impact on patients as they allow them to lead a more normal life. Any malfunction could not only remove the health benefits the CMDs provide, they could also cause further harm to the patient. Due to this, there are many safety regulations which must be adhered to prior to a CMD entering the market. However, while many detailed safety regulations exist, there are a fundamental lack of cybersecurity frameworks applicable to CMDs. While there are recent regulations which aim to enforce cybersecurity practices, they are vague and do not contain the concrete steps necessary to implement cybersecurity. This paper aims to fill that gap by describing a framework, CyMed, to be used by vendors and ens-users, which contains concrete measures to improve the resilience of CMDs against cyber attack. The CyMed framework is subsequently evaluated based on practical tests as well as expert interviews.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (43)
  1. Challenges and opportunities in software-driven medical devices. Nature biomedical engineering, 3(7):493–497, 2019.
  2. Resolution strategies for networking the iot at the edge via named functions. In 2018 15th IEEE Annual Consumer Communications & Networking Conference (CCNC), pages 1–6. IEEE, 2018.
  3. Software-as-a-medical device: demystifying connected health regulations. Journal of Systems and Information Technology, 18(2):186–215, 2016.
  4. On medical device cybersecurity compliance in eu. In 2021 IEEE/ACM 3rd International Workshop on Software Engineering for Healthcare (SEH), pages 20–23. IEEE, 2021.
  5. Cybersecurity in medical devices: Quality system considerations and content of premarket submissions: Draft guidance for industry and food and drug administration staff, 2023.
  6. Execution plans for serverless computing in information centric networking. In Proceedings of the 1st ACM CoNEXT Workshop on Emerging in-Network Computing Paradigms, pages 34–40, 2019.
  7. Iso 13485: 2016, 2016.
  8. Peter Jordan. Standard iec 62304-medical device software-software lifecycle processes. 2006.
  9. Meseret N Teferra. Iso 14971-medical device risk management standard. International Journal of Latest Research in Engineering and Technology (IJLRET), 3(3):83–87, 2017.
  10. Avatar: A framework to support dynamic security analysis of embedded systems’ firmwares. In NDSS, volume 23, pages 1–16, 2014.
  11. The nexmon firmware analysis and modification framework: Empowering researchers to enhance wi-fi devices. Computer Communications, 129:269–285, 2018.
  12. Embedded devices security and firmware reverse engineering. Black-Hat USA, 2013.
  13. Fuzzing: a survey. Cybersecurity, 1(1):1–13, 2018.
  14. Afl++ combining incremental steps of fuzzing research. In Proceedings of the 14th USENIX Conference on Offensive Technologies, pages 10–10, 2020.
  15. Analysis of mutation and generation-based fuzzing. Independent Security Evaluators, Tech. Rep, 4, 2007.
  16. Driller: Augmenting fuzzing through selective symbolic execution. In NDSS, volume 16, pages 1–16, 2016.
  17. Sage: whitebox fuzzing for security testing. Communications of the ACM, 55(3):40–44, 2012.
  18. Libafl: A framework to build modular and reusable fuzzers. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, pages 1051–1065, 2022.
  19. Powertrace-based fuzzing of can connected hardware. In 2022 IEEE International Conference on Cyber Security and Resilience (CSR), pages 239–244. IEEE, 2022.
  20. Marko Bacic. On hardware-in-the-loop simulation. In Proceedings of the 44th IEEE Conference on Decision and Control, pages 3194–3198. IEEE, 2005.
  21. James C King. Symbolic execution and program testing. Communications of the ACM, 19(7):385–394, 1976.
  22. A survey of symbolic execution techniques. ACM Computing Surveys (CSUR), 51(3):1–39, 2018.
  23. Klee: unassisted and automatic generation of high-coverage tests for complex systems programs. In OSDI, volume 8, pages 209–224, 2008.
  24. SoK: (State of) The Art of War: Offensive Techniques in Binary Analysis. In IEEE Symposium on Security and Privacy, 2016.
  25. How secure are our computer systems courses? In Proceedings of the 2020 ACM conference on international computing education research, pages 271–281, 2020.
  26. Gao Yang et al. The source and exploitation of the program vulnerability. In 2018 3rd Joint International Information Technology, Mechanical and Electronic Engineering Conference (JIMEC 2018), pages 89–94. Atlantis Press, 2018.
  27. John Barnes. Ada 95 Rationale: The Language The Standard Libraries. Springer, 1995.
  28. Secure ada target: Issues, system design, and verification. In 1985 IEEE Symposium on Security and Privacy, pages 176–176. IEEE, 1985.
  29. Design science research in information systems. Design research in information systems: theory and practice, pages 9–22, 2010.
  30. Firm-afl: High-throughput greybox fuzzing of iot firmware via augmented process emulation. In USENIX Security Symposium, pages 1099–1114, 2019.
  31. Casr-Cluster: Crash clustering for linux applications. In 2021 Ivannikov ISPRAS Open Conference (ISPRAS), pages 47–51. IEEE, 2021.
  32. From offline toward real time: A hybrid systems model checking and cps codesign approach for medical device plug-and-play collaborations. IEEE Transactions on Parallel and Distributed Systems, 25(3):642–652, 2013.
  33. Towards a probabilistic model checking-based approach for medical device risk assessment. In 2015 IEEE International Symposium on Medical Measurements and Applications (MeMeA) Proceedings, pages 180–185. IEEE, 2015.
  34. Matthew Barrett. Framework for improving critical infrastructure cybersecurity version 1.1, 2018-04-16 2018.
  35. Agile management in cybersecurity. In Aurona Gerber and Knut Hinkelmann, editors, Proceedings of Society 5.0 Conference 2023, volume 93 of EPiC Series in Computing, pages 21–32. EasyChair, 2023.
  36. Smart execution strategy selection for multi tier execution in named function networking. In 2018 IEEE International Conference on Communications Workshops (ICC Workshops), pages 1–6. IEEE, 2018.
  37. Sharing mhealth data via named data networking. In Proceedings of the 3rd ACM Conference on Information-Centric Networking, pages 142–147, 2016.
  38. In-network live stream processing with named functions. In 2017 IFIP Networking Conference (IFIP Networking) and Workshops, pages 1–6. IEEE, 2017.
  39. Access-controlled in-network processing of named data. In Proceedings of the 3rd ACM Conference on Information-Centric Networking, ACM-ICN ’16, page 77–82, New York, NY, USA, 2016. Association for Computing Machinery.
  40. Execution state management in named function networking. In 2017 IFIP Networking Conference (IFIP Networking) and Workshops, pages 1–6. IEEE, 2017.
  41. A cyber attack simulation for teaching cybersecurity. EPiC Series in Computing, 93:129–140, 2023.
  42. A serious game for simulating cyberattacks to teach cybersecurity. arXiv preprint arXiv:2305.03062, 2023.
  43. An information centric network for computing the distribution of computations. In Proceedings of the 1st ACM Conference on Information-Centric Networking, pages 137–146, 2014.
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
Dice Question Streamline Icon: https://streamlinehq.com

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now
Lightbulb Streamline Icon: https://streamlinehq.com

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now
List To Do Tasks Checklist Streamline Icon: https://streamlinehq.com

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up