research-article

Proposal and Application of Security/Safety Evaluation Method for Medical Device System that Includes IoT

Authors:

Takao OkuboAuthors Info & Claims

ICNCC '18: Proceedings of the 2018 VII International Conference on Network, Communication and Computing

Pages 157 - 164

https://doi.org/10.1145/3301326.3301330

Published: 14 December 2018 Publication History

Get Access

Abstract

A new risk analysis method for the Internet of Things (IoT) is required. IoT devices are exposed to both security and safety threats. Therefore, in the field of IoT, it is necessary to handle security and safety integrally, although these areas were treated as separate fields in the past. In the present paper, we propose a risk analysis method that can deal with both security and safety based on a safety analysis method called system-theoretic process analysis (STPA). In addition, we present a case in which the proposed method is applied to an insulin pump, which is a device for diabetic patients. In this case, using the proposed method, the occurrence of accidents due to security threats, which cannot be prevented by functional safety, could be identified. In addition, we showed a method of selecting countermeasures that can reduce the probability of the accident occurrence most among the limited budget.

References

[1]

NIST. 2016. CVE-2016-5084 Detail. Retrieved August 1, 2018 from https://nvd.nist.gov/vuln/detail/CVE-2016-5084

Google Scholar

[2]

Ryoichi Sasaki, Yuu Hidaka, Takashi Moriya, Katsuhiro Taniyama, Hiroshi Yajima, Kiyomi Yaegashi, Yasuhiro Kawashima and Hiroshi Yoshiura. 2008. Development and Applications of Multiple Risk Communicator. IPSJ 49, 9(Sep. 2018), 3180--3190. URL=http://id.nii.ac.jp/1001/00009450/

Google Scholar

[3]

Nancy G Leveson. 2012. Engineering a Safer World: Systems Thinking Applied to Safety. MIT Press

Google Scholar

[4]

William Young and Nancy Leveson. 2013. Systems thinking for safety and security. ACSAC' 13(Dec. 2013), 1--8.

Digital Library

Google Scholar

[5]

Kaneko Tomoko, Takuo Hayakawa, Takahashi Yuji, Takao Okubo and Ryoichi Sasaki. 2018. Proposing enhancement of a threat analysis from the security perspective for STAMP/STPA as a safety analysis. DPS 2018-DPS-174, 6(Feb. 2018), 1--8. URL= http://id.nii.ac.jp/1001/00186222/

Google Scholar

[6]

I Friedberg, K McLaughlin, P Smith, D Laverty and S Sezer. 2017. STPA-SafeSec: Safety and security analysis for cyber-physical systems, Journal of Information Security and Applications 34(Jun. 2017), 183--196.

Google Scholar

[7]

Bruce Schneier.1999. ATTACK TREES. Retrieved August 1, 2018 from http://tnlandforms.us/cs594-cns96/attacktrees.pdf

Google Scholar

[8]

I N Fovino, M Masra and A Cian. 2009. Integrating cyber attacks within fault trees. Reliability Engineering and System Safety 94(Sep. 2009), 1394--1402.

Google Scholar

[9]

M Masera and I N Fovino. 2006. Through the Description of Attacks: A Multidimensional View. International Conference on Computer Safety, Reliability, and Security(Sep.2006), 15--28.

Digital Library

Google Scholar

[10]

S.Bistarelli, F.Fioravanti and P.Peretti. "Defense trees for economic evaluation of security investments," in Proc. ARES, pp. 416--423, Apl.2006.

Digital Library

Google Scholar

[11]

Ryo Aihara, Ryohei Ishii and Ryoichi Sasaki. 2018. Proposal and Application of Event Tree and Defense Tree Combined Method for Risk Analysis against Targeted Attacks. IPSJ 59, 3(Mar. 2018), 1082--1094. URL=http://id.nii.ac.jp/1001/00186756/

Google Scholar

[12]

Microsoft. 2009. The STRIDE Threat Model. Retrieved August 1, 2018 from https://docs.microsoft.com/en-us/previous-versions/commerce-server/ee823878(v=cs.20)

Google Scholar

[13]

IPA. 2018. STAMP Workbench. Retrieved August 1, from https://www.ipa.go.jp/sec/tools/stamp_workbench.html

Google Scholar

Cited By

View all

Abuserrieh LAlalfi M(2024)A Survey on Verification of Security and Safety in IoT SystemsIEEE Access10.1109/ACCESS.2024.341307112(138627-138645)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3413071
Kamalov FPourghebleh BGheisari MLiu YMoussa S(2023)Internet of Medical Things Privacy and Security: Challenges, Solutions, and Future Trends from a New PerspectiveSustainability10.3390/su1504331715:4(3317)Online publication date: 10-Feb-2023
https://doi.org/10.3390/su15043317
Rashid FOsman OMcgee ERaad H(2023)Discovering Hazards in IoT Architectures: A Safety Analysis Approach for Medical Use CasesIEEE Access10.1109/ACCESS.2023.328041411(53671-53686)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3280414
Show More Cited By

Index Terms

Proposal and Application of Security/Safety Evaluation Method for Medical Device System that Includes IoT
1. Security and privacy
  1. Formal methods and theory of security
    1. Formal security models

Recommendations

Systems thinking for safety and security
ACSAC '13: Proceedings of the 29th Annual Computer Security Applications Conference

The fundamental challenge facing security professionals is preventing losses, be they operational, financial or mission losses. As a result, one could argue that security professionals share this challenge with safety professionals. Despite their shared ...
CC-Case-Safety and Security Engineering Methodology

As the complexity of computer systems increases, assuring safety and security is significant. The authors aim to construct a new development methodology CC-Case that can assure the demands of complex systems, including IoT and AI, using safety and ...
Combining GSN and STPA for Safety Arguments
Computer Safety, Reliability, and Security
Abstract
Dependability case, assurance case, or safety case is employed to explain why all critical hazards have been eliminated or adequately mitigated in mission-critical and safety-critical systems. Goal Structuring Notation (GSN) is the most employed ...

Comments

Information & Contributors

Information

Published In

ICNCC '18: Proceedings of the 2018 VII International Conference on Network, Communication and Computing

December 2018

372 pages

ISBN:9781450365536

DOI:10.1145/3301326

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 December 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ICNCC 2018

ICNCC 2018: 2018 VII International Conference on Network, Communication and Computing

December 14 - 16, 2018

Taipei City, Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
248
Total Downloads

Downloads (Last 12 months)33
Downloads (Last 6 weeks)2

Reflects downloads up to 10 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Abuserrieh LAlalfi M(2024)A Survey on Verification of Security and Safety in IoT SystemsIEEE Access10.1109/ACCESS.2024.341307112(138627-138645)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3413071
Kamalov FPourghebleh BGheisari MLiu YMoussa S(2023)Internet of Medical Things Privacy and Security: Challenges, Solutions, and Future Trends from a New PerspectiveSustainability10.3390/su1504331715:4(3317)Online publication date: 10-Feb-2023
https://doi.org/10.3390/su15043317
Rashid FOsman OMcgee ERaad H(2023)Discovering Hazards in IoT Architectures: A Safety Analysis Approach for Medical Use CasesIEEE Access10.1109/ACCESS.2023.328041411(53671-53686)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3280414
Aijaz MNazir MMohammad M(2023)Threat Modeling and Assessment Methods in the Healthcare-IT System: A Critical Review and Systematic EvaluationSN Computer Science10.1007/s42979-023-02221-14:6Online publication date: 21-Sep-2023
https://doi.org/10.1007/s42979-023-02221-1
Agbo CMehrpouyan H(2022)Conflict Analysis and Resolution of Safety and Security Boundary Conditions for Industrial Control Systems2022 6th International Conference on System Reliability and Safety (ICSRS)10.1109/ICSRS56243.2022.10067393(145-156)Online publication date: 23-Nov-2022
https://doi.org/10.1109/ICSRS56243.2022.10067393
Ahmed Alhaj TAbdulla SIderss MAli AElhaj FRemli MGabralla L(2022)A Survey: To Govern, Protect, and Detect Security Principles on Internet of Medical Things (IoMT)IEEE Access10.1109/ACCESS.2022.322503810(124777-124791)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3225038
Sasaki R(2021)Application of Risk Assessment Method to Local Government Security Models2021 IEEE 21st International Conference on Software Quality, Reliability and Security Companion (QRS-C)10.1109/QRS-C55045.2021.00121(01-08)Online publication date: Dec-2021
https://doi.org/10.1109/QRS-C55045.2021.00121
Yassine IHalabi TBellaiche M(2021)Security Risk Assessment Methodologies in The Internet of Things: Survey and Taxonomy2021 IEEE 21st International Conference on Software Quality, Reliability and Security Companion (QRS-C)10.1109/QRS-C55045.2021.00101(668-675)Online publication date: Dec-2021
https://doi.org/10.1109/QRS-C55045.2021.00101
Malamas VChantzis FDasaklis TStergiopoulos GKotzanikolaou PDouligeris C(2021)Risk Assessment Methodologies for the Internet of Medical Things: A Survey and Comparative AppraisalIEEE Access10.1109/ACCESS.2021.30646829(40049-40075)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3064682
Kavallieratos GKatsikas SGkioulos V(2020)Cybersecurity and Safety Co-Engineering of Cyberphysical Systems—A Comprehensive SurveyFuture Internet10.3390/fi1204006512:4(65)Online publication date: 11-Apr-2020
https://doi.org/10.3390/fi12040065
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Systems thinking for safety and security

CC-Case-Safety and Security Engineering Methodology

Combining GSN and STPA for Safety Arguments

Comments

Published In

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Systems thinking for safety and security

CC-Case-Safety and Security Engineering Methodology

Combining GSN and STPA for Safety Arguments

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Get Access

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations