Please use this identifier to cite or link to this item: http://hdl.handle.net/10125/64538

Attack Modeling and Mitigation Strategies for Risk-Based Analysis of Networked Medical Devices

File Size Format  
0643.pdf 2.42 MB Adobe PDF View/Open

Item Summary

Title:Attack Modeling and Mitigation Strategies for Risk-Based Analysis of Networked Medical Devices
Authors:Hodges, Bronwyn
Mcdonald, Jeffrey
Glisson, William
Jacobs, Mike
Van Devender, Maureen
show 1 morePardue, Harold
show less
Keywords:Machine Learning and Cyber Threat Intelligence and Analytics
cyber threat
medical devices
risk analysis
threat intelligence
show 1 morevulnerabilities
show less
Date Issued:07 Jan 2020
Abstract:The escalating integration of network-enabled medical devices raises concerns for both practitioners and academics in terms of introducing new vulnerabilities and attack vectors. This prompts the idea that combining medical device data, security vulnerability enumerations, and attack-modeling data into a single database could enable security analysts to proactively identify potential security weaknesses in medical devices and formulate appropriate mitigation and remediation plans. This study introduces a novel extension to a relational database risk assessment framework by using the open-source tool OVAL to capture device states and compare them to security advisories that warn of threats and vulnerabilities, and where threats and vulnerabilities exist provide mitigation recommendations. The contribution of this research is a proof of concept evaluation that demonstrates the integration of OVAL and CAPEC attack patterns for analysis using a database-driven risk assessment framework.
Pages/Duration:10 pages
URI:http://hdl.handle.net/10125/64538
ISBN:978-0-9981331-3-3
DOI:10.24251/HICSS.2020.796
Rights:Attribution-NonCommercial-NoDerivatives 4.0 International
https://creativecommons.org/licenses/by-nc-nd/4.0/
Appears in Collections: Machine Learning and Cyber Threat Intelligence and Analytics


Please email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.

This item is licensed under a Creative Commons License Creative Commons