Foundational Security Principles for Medical Application Platforms

Vasserman, Eugene Y.; Hatcliff, John

doi:10.1007/978-3-319-05149-9_13

Eugene Y. Vasserman⁴ &
John Hatcliff⁴

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8267))

Included in the following conference series:

International Workshop on Information Security Applications

1510 Accesses
5 Citations

Abstract

We describe a preliminary set of security requirements for safe and secure next-generation medical systems, consisting of dynamically composable units, tied together through a real-time safety-critical middleware. We note that this requirement set is not the same for individual (stand-alone) devices or for electronic health record systems, and we must take care to define system-level requirements rather than security goals for components. The requirements themselves build on each other such that it is difficult or impossible to eliminate any one of the requirements and still achieve high-level security goals.

Position paper.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
Details of issues with the current pair-wise regulatory approach can be found in [2].
2.
Code can include “virtual” software-only “devices”.
3.
Data left its producer but has not yet arrived at the final consumer (destination).
4.
As defined by the receiving component.

References

Hatcliff, J., King, A., Lee, I., MacDonald, A., Fernando, A., Robkin, M., Vasserman, E.Y., Weininger, S., Goldman, J.M.: Rationale and architecture principles for medical application platforms. In: Proceedings of the International Conference on Cyber-Physical Systems (ICCPS) (2012)
Google Scholar
Goldman, J.M.: CIMIT/TATRC symposium on developing a plug-and-play open networking standard for the operating room of the future (May 2005)
Google Scholar
Burleson, W.P., Clark, S.S., Ransford, B., Fu, K.: Design challenges for secure implantable medical devices. In: Proceedings of the Design Automation Conference (DAC) (June 2012)
Google Scholar
Clark, S.S., Fu, K.: Recent results in computer security for medical devices. In: Nikita, K.S., Lin, J.C., Fotiadis, D.I., Arredondo Waldmeyer, M.-T. (eds.) MobiHealth 2011. LNICST, vol. 83, pp. 111–118. Springer, Heidelberg (2012)
Google Scholar
Conmy, P., Nicholson, M., McDermid, J.: Safety assurance contracts for integrated modular avionics. In: Proceedings of the 8th Australian Workshop on Safety Critical Systems and Software (SCS) (2003)
Google Scholar
Objective Interface Systems, Inc.: Multiple independent levels of security (MILS) — technical primer. http://www.ois.com/Products/mils-technical-primer.html (2011)
Brucker, A.D., Petritsch, H.: Extending access control models with break-glass. In: Proceedings of the ACM Symposium on Access Control Models and Technologies, New York, NY, USA, pp. 197–206. ACM (2009)
Google Scholar
Anderson, R.J.: A security policy model for clinical information systems. In: Proceedings of the IEEE Symposium on Security and privacy, pp. 30–43 (1996)
Google Scholar
United States Congress: Health Insurance Portability and Accountability Act, Privacy Rule. 45 CFR 164 (1996)
Google Scholar
United States Congress: Gramm-Leach-Bliley Act, Financial Privacy Rule. 15 USC §6801–§6809
Google Scholar
Accorsi, R.: Safe-keeping digital evidence with secure logging protocols: state of the art and challenges. International Conference on IT Security Incident Management and IT Forensics, pp. 94–110 (2009)
Google Scholar
Arney, D., Weininger, S., Whitehead, S.F., Goldman, J.M.: Supporting medical device adverse event analysis in an interoperable clinical environment: design of a data logging and playback system. In: International Conference on Biomedical Ontology (ICBO) (July 2011)
Google Scholar

Download references

Acknowledgments

This work was supported by National Science Foundation grants CNS 1239543, and CNS 1224007, and National Institutes of Health grant 1U01EB012470-01.

Author information

Authors and Affiliations

Kansas State University, Manhattan, USA
Eugene Y. Vasserman & John Hatcliff

Authors

Eugene Y. Vasserman
View author publications
You can also search for this author in PubMed Google Scholar
John Hatcliff
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Eugene Y. Vasserman .

Editor information

Editors and Affiliations

KAIST, Daejeon, Korea, Republic of (South Korea)
Yongdae Kim
Korea University, Seoul, Korea, Republic of (South Korea)
Heejo Lee
CyLab Carnegie Mellon University, Pittsburgh, Pennsylvania, USA
Adrian Perrig

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Vasserman, E.Y., Hatcliff, J. (2014). Foundational Security Principles for Medical Application Platforms. In: Kim, Y., Lee, H., Perrig, A. (eds) Information Security Applications. WISA 2013. Lecture Notes in Computer Science(), vol 8267. Springer, Cham. https://doi.org/10.1007/978-3-319-05149-9_13

Download citation

DOI: https://doi.org/10.1007/978-3-319-05149-9_13
Published: 08 March 2014
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-05148-2
Online ISBN: 978-3-319-05149-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics