Abstract
We describe a preliminary set of security requirements for safe and secure next-generation medical systems, consisting of dynamically composable units, tied together through a real-time safety-critical middleware. We note that this requirement set is not the same for individual (stand-alone) devices or for electronic health record systems, and we must take care to define system-level requirements rather than security goals for components. The requirements themselves build on each other such that it is difficult or impossible to eliminate any one of the requirements and still achieve high-level security goals.
Position paper.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Details of issues with the current pair-wise regulatory approach can be found in [2].
- 2.
Code can include “virtual” software-only “devices”.
- 3.
Data left its producer but has not yet arrived at the final consumer (destination).
- 4.
As defined by the receiving component.
References
Hatcliff, J., King, A., Lee, I., MacDonald, A., Fernando, A., Robkin, M., Vasserman, E.Y., Weininger, S., Goldman, J.M.: Rationale and architecture principles for medical application platforms. In: Proceedings of the International Conference on Cyber-Physical Systems (ICCPS) (2012)
Goldman, J.M.: CIMIT/TATRC symposium on developing a plug-and-play open networking standard for the operating room of the future (May 2005)
Burleson, W.P., Clark, S.S., Ransford, B., Fu, K.: Design challenges for secure implantable medical devices. In: Proceedings of the Design Automation Conference (DAC) (June 2012)
Clark, S.S., Fu, K.: Recent results in computer security for medical devices. In: Nikita, K.S., Lin, J.C., Fotiadis, D.I., Arredondo Waldmeyer, M.-T. (eds.) MobiHealth 2011. LNICST, vol. 83, pp. 111–118. Springer, Heidelberg (2012)
Conmy, P., Nicholson, M., McDermid, J.: Safety assurance contracts for integrated modular avionics. In: Proceedings of the 8th Australian Workshop on Safety Critical Systems and Software (SCS) (2003)
Objective Interface Systems, Inc.: Multiple independent levels of security (MILS) — technical primer. http://www.ois.com/Products/mils-technical-primer.html (2011)
Brucker, A.D., Petritsch, H.: Extending access control models with break-glass. In: Proceedings of the ACM Symposium on Access Control Models and Technologies, New York, NY, USA, pp. 197–206. ACM (2009)
Anderson, R.J.: A security policy model for clinical information systems. In: Proceedings of the IEEE Symposium on Security and privacy, pp. 30–43 (1996)
United States Congress: Health Insurance Portability and Accountability Act, Privacy Rule. 45 CFR 164 (1996)
United States Congress: Gramm-Leach-Bliley Act, Financial Privacy Rule. 15 USC §6801–§6809
Accorsi, R.: Safe-keeping digital evidence with secure logging protocols: state of the art and challenges. International Conference on IT Security Incident Management and IT Forensics, pp. 94–110 (2009)
Arney, D., Weininger, S., Whitehead, S.F., Goldman, J.M.: Supporting medical device adverse event analysis in an interoperable clinical environment: design of a data logging and playback system. In: International Conference on Biomedical Ontology (ICBO) (July 2011)
Acknowledgments
This work was supported by National Science Foundation grants CNS 1239543, and CNS 1224007, and National Institutes of Health grant 1U01EB012470-01.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Vasserman, E.Y., Hatcliff, J. (2014). Foundational Security Principles for Medical Application Platforms. In: Kim, Y., Lee, H., Perrig, A. (eds) Information Security Applications. WISA 2013. Lecture Notes in Computer Science(), vol 8267. Springer, Cham. https://doi.org/10.1007/978-3-319-05149-9_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-05149-9_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-05148-2
Online ISBN: 978-3-319-05149-9
eBook Packages: Computer ScienceComputer Science (R0)