CyMed: A Framework for Testing Cybersecurity of Connected Medical Devices

• URL: http://arxiv.org/abs/2310.03583v1
• Date: Thu, 5 Oct 2023 15:05:16 GMT
• Title: CyMed: A Framework for Testing Cybersecurity of Connected Medical Devices
• Authors: Christopher Scherb and Adrian Hadayah and Luc Bryan Heitz
• Abstract summary: Connected Medical Devices (CMDs) have a large impact on patients as they allow them to lead a more normal life. There are many safety regulations which must be adhered to prior to a CMD entering the market. While many detailed safety regulations exist, there are a fundamental lack of cybersecurity frameworks applicable to CMDs. This paper describes a framework, CyMed, to be used by vendors and ens-users, which contains concrete measures to improve the resilience of CMDs against cyber attack.
• Score: 0.18416014644193066
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Connected Medical Devices (CMDs) have a large impact on patients as they allow them to lead a more normal life. Any malfunction could not only remove the health benefits the CMDs provide, they could also cause further harm to the patient. Due to this, there are many safety regulations which must be adhered to prior to a CMD entering the market. However, while many detailed safety regulations exist, there are a fundamental lack of cybersecurity frameworks applicable to CMDs. While there are recent regulations which aim to enforce cybersecurity practices, they are vague and do not contain the concrete steps necessary to implement cybersecurity. This paper aims to fill that gap by describing a framework, CyMed, to be used by vendors and ens-users, which contains concrete measures to improve the resilience of CMDs against cyber attack. The CyMed framework is subsequently evaluated based on practical tests as well as expert interviews.

Related papers

• Defining and Evaluating Physical Safety for Large Language Models [62.4971588282174]
  Large Language Models (LLMs) are increasingly used to control robotic systems such as drones. Their risks of causing physical threats and harm in real-world applications remain unexplored. We classify the physical safety risks of drones into four categories: (1) human-targeted threats, (2) object-targeted threats, (3) infrastructure attacks, and (4) regulatory violations.
  arXiv  Detail & Related papers  (2024-11-04T17:41:25Z)
• Evaluating the Role of Security Assurance Cases in Agile Medical Device Development [2.9790563467999247]
  Cybersecurity issues in medical devices threaten patient safety and can cause harm if exploited. Standards and regulations require vendors of such devices to provide an assessment of the cybersecurity risks as well as a description of their mitigation. Security assurance cases (SACs) capture these elements as a structured argument.
  arXiv  Detail & Related papers  (2024-07-10T14:34:53Z)
• Towards Evaluating the Security of Wearable Devices in the Internet of Medical Things [0.0]
  The Internet of Medical Things (IoMT) offers a promising solution to improve patient health and reduce human error. Wearable smart infusion pumps that accurately administer medication and integrate with electronic health records are an example of technology that can improve healthcare. However, as the number of connected medical devices increases, the risk of cyber threats also increases.
  arXiv  Detail & Related papers  (2023-12-13T14:12:52Z)
• Classification of cyber attacks on IoT and ubiquitous computing devices [49.1574468325115]
  This paper provides a classification of IoT malware. Major targets and used exploits for attacks are identified and referred to the specific malware. The majority of current IoT attacks continue to be of comparably low effort and level of sophistication and could be mitigated by existing technical measures.
  arXiv  Detail & Related papers  (2023-12-01T16:10:43Z)
• A Systematization of Cybersecurity Regulations, Standards and Guidelines for the Healthcare Sector [5.121113572240309]
  This paper contributes a systematization of the significant cybersecurity documents relevant to the healthcare sector. We collected the 49 most significant documents and used the NIST cybersecurity framework to categorize key information.
  arXiv  Detail & Related papers  (2023-04-28T16:19:21Z)
• DRSM: De-Randomized Smoothing on Malware Classifier Providing Certified Robustness [58.23214712926585]
  We develop a certified defense, DRSM (De-Randomized Smoothed MalConv), by redesigning the de-randomized smoothing technique for the domain of malware detection. Specifically, we propose a window ablation scheme to provably limit the impact of adversarial bytes while maximally preserving local structures of the executables. We are the first to offer certified robustness in the realm of static detection of malware executables.
  arXiv  Detail & Related papers  (2023-03-20T17:25:22Z)
• On Medical Device Cybersecurity Compliance in EU [4.3695508295565775]
  We review the new cybersecurity requirements in the light of currently available guidance documents. We argue that these core concepts form a foundations for cybersecurity compliance in the European Union regulatory framework.
  arXiv  Detail & Related papers  (2021-03-11T17:26:06Z)
• Privacy-preserving medical image analysis [53.4844489668116]
  We present PriMIA, a software framework designed for privacy-preserving machine learning (PPML) in medical imaging. We show significantly better classification performance of a securely aggregated federated learning model compared to human experts on unseen datasets. We empirically evaluate the framework's security against a gradient-based model inversion attack.
  arXiv  Detail & Related papers  (2020-12-10T13:56:00Z)
• Adversarial Machine Learning Attacks and Defense Methods in the Cyber Security Domain [58.30296637276011]
  This paper summarizes the latest research on adversarial attacks against security solutions based on machine learning techniques. It is the first to discuss the unique challenges of implementing end-to-end adversarial attacks in the cyber security domain.
  arXiv  Detail & Related papers  (2020-07-05T18:22:40Z)
• Digital Ariadne: Citizen Empowerment for Epidemic Control [55.41644538483948]
  The COVID-19 crisis represents the most dangerous threat to public health since the H1N1 pandemic of 1918. Technology-assisted location and contact tracing, if broadly adopted, may help limit the spread of infectious diseases. We present a tool, called 'diAry' or 'digital Ariadne', based on voluntary location and Bluetooth tracking on personal devices.
  arXiv  Detail & Related papers  (2020-04-16T15:53:42Z)
• IMDfence: Architecting a Secure Protocol for Implantable Medical Devices [8.01833277608166]
  We propose IMDfence, a security protocol for implantable medical devices (IMDs) IMDfence provides availability, non-repudiation, access control, entity authentication, remote monitoring and system scalability. We find that IMDfence achieves the above security requirements at a mere less than 7% increase in total IMD energy consumption.
  arXiv  Detail & Related papers  (2020-02-21T20:46:05Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.