Title: Attack-Graph Threat Modeling Assessment of Ambulatory Medical Devices
ArXiv ID: 1709.05026
Date: 2017-09-18
Authors: Researchers from original ArXiv paper
📝 Abstract
The continued integration of technology into all aspects of society stresses the need to identify and understand the risk associated with assimilating new technologies. This necessity is heightened when technology is used for medical purposes like ambulatory devices that monitor a patient's vital signs. This integration creates environments that are conducive to malicious activities. The potential impact presents new challenges for the medical community. Hence, this research presents attack graph modeling as a viable solution to identifying vulnerabilities, assessing risk, and forming mitigation strategies to defend ambulatory medical devices from attackers. Common and frequent vulnerabilities and attack strategies related to the various aspects of ambulatory devices, including Bluetooth enabled sensors and Android applications are identified in the literature. Based on this analysis, this research presents an attack graph modeling example on a theoretical device that highlights vulnerabilities and mitigation strategies to consider when designing ambulatory devices with similar components.
💡 Deep Analysis
Deep Dive into Attack-Graph Threat Modeling Assessment of Ambulatory Medical Devices.
The continued integration of technology into all aspects of society stresses the need to identify and understand the risk associated with assimilating new technologies. This necessity is heightened when technology is used for medical purposes like ambulatory devices that monitor a patient’s vital signs. This integration creates environments that are conducive to malicious activities. The potential impact presents new challenges for the medical community. Hence, this research presents attack graph modeling as a viable solution to identifying vulnerabilities, assessing risk, and forming mitigation strategies to defend ambulatory medical devices from attackers. Common and frequent vulnerabilities and attack strategies related to the various aspects of ambulatory devices, including Bluetooth enabled sensors and Android applications are identified in the literature. Based on this analysis, this research presents an attack graph modeling example on a theoretical device that highlights vuln
📄 Full Content
Attack-Graph Threat Modeling Assessment of Ambulatory Medical Devices
The continued integration of technology into all
aspects of society stresses the need to identify and
understand the risk associated with assimilating new
technologies. This necessity is heightened when
technology is used for medical purposes like
ambulatory devices that monitor a patient’s vital signs.
This integration creates environments that are
conducive to malicious activities. The potential impact
presents new challenges for the medical community.
Hence, this research presents attack graph
modeling
as
a
viable
solution
to
identifying
vulnerabilities, assessing risk, and forming mitigation
strategies to defend ambulatory medical devices from
attackers. Common and frequent vulnerabilities and
attack strategies related to the various aspects of
ambulatory devices, including Bluetooth enabled
sensors and Android applications are identified in the
literature. Based on this analysis, this research
presents an attack graph modeling example on a
theoretical device that highlights vulnerabilities and
mitigation strategies to consider when designing
ambulatory devices with similar components.
Introduction
The assimilation of technology into medical related
devices is continuing to escalate in today’s networked
environments. This integration is blatantly visible in
Ambulatory Medical Devices (AMDs) and Implantable
Medical Devices (IMDs). Patients are able to wear
AMDs that can monitor Electrocardiogram (EKG) data
to detect arrhythmia, monitor blood glucose levels,
administer insulin, and wear pulse oximeters that
continuously monitors blood oxygen saturation in real
time [40, 55, 56]. Not only does this emerging frontier,
potentially, improve the safety and well-being of
patients; it also provides a continuous source of data
for healthcare practitioners to utilize when they are
studying associated disorders.
IMDs, such as infusion pumps, dispense controlled
volumes of a drug (e.g. insulin or pain medicine) when
it is required by the patient. These implantable drug-
delivery systems provide a viable method for achieving
remedial drug concentrations in order to enhance
patient welfare throughout treatment [23]. Another
type of implantable medical device is a pacemaker.
Pacemakers are placed under the skin near the heart to
stimulate heartbeats [2].
The continued integration of technology into
medical devices stresses the need to identify and
understand the risk associated with assimilating new
technologies. Not only do AMDs and IMDs present a
physiological risk to the patients who use the device,
but it also presents liability risk to practitioners and
businesses who are monitoring and interpreting the
data produced by these devices [36]. Environmental
issues that increase the risks associated with AMDs
and IMDs, when compared to traditional medical
devices include accessibility and data transmission
modes but these devices are accessible by the patient
and the general population while they are in use in
everyday activities. In other words, there is no physical
tampering restriction imposed by the medical provider,
like hospital staff, when these devices are used. From a data transmission perspective, most
communication to and from the device is achieved via
a wireless connection by a practitioner who may or
may not be in the same location as the device. The type
of transmission will vary depending on the solution
implemented by the device manufacturer. Some
ambulatory devices require a period of data storage,
followed by a data upload, while other devices feed a
constant stream of data to a storage device while it is in
use [44, 50, 51]. These characteristics present
opportunities to attackers that are not present in
traditional medical devices. Therefore, ambulatory
devices should be assessed and modeled independently
of the traditional devices and traditional risk models. From a risk perspective, many risk models have
been proposed, investigated and implemented into the
health care industry. A few of the traditional models
3648
Proceedings of the 50th Hawaii International Conference on System Sciences | 2017
URI: http://hdl.handle.net/10125/41599
ISBN: 978-0-9981331-0-2
CC-BY-NC-ND
that are commonly discussed include: Failure Mode
and Effect Analysis (FMEA) [4], A Risk Management
Capability Model for Use in Medical Device
Companies [46], and CORAS [43]. However, these
models fail to provide concise insight into AMD
susceptibility. The reality is that coupling environmental variable
with multiple impact targets creates environments for
AMDs and IMDs that entice plausible malic
