Attack Modeling and Mitigation Strategies for Risk-Based Analysis of Networked Medical Devices

Hodges, Bronwyn; Mcdonald, Jeffrey; Glisson, William; Jacobs, Mike; Van Devender, Maureen; Pardue, Harold

Attack Modeling and Mitigation Strategies for Risk-Based Analysis of Networked Medical Devices

dc.contributor.author	Hodges, Bronwyn
dc.contributor.author	Mcdonald, Jeffrey
dc.contributor.author	Glisson, William
dc.contributor.author	Jacobs, Mike
dc.contributor.author	Van Devender, Maureen
dc.contributor.author	Pardue, Harold
dc.date.accessioned	2020-01-04T08:32:06Z
dc.date.available	2020-01-04T08:32:06Z
dc.date.issued	2020-01-07
dc.description.abstract	The escalating integration of network-enabled medical devices raises concerns for both practitioners and academics in terms of introducing new vulnerabilities and attack vectors. This prompts the idea that combining medical device data, security vulnerability enumerations, and attack-modeling data into a single database could enable security analysts to proactively identify potential security weaknesses in medical devices and formulate appropriate mitigation and remediation plans. This study introduces a novel extension to a relational database risk assessment framework by using the open-source tool OVAL to capture device states and compare them to security advisories that warn of threats and vulnerabilities, and where threats and vulnerabilities exist provide mitigation recommendations. The contribution of this research is a proof of concept evaluation that demonstrates the integration of OVAL and CAPEC attack patterns for analysis using a database-driven risk assessment framework.
dc.format.extent	10 pages
dc.identifier.doi	10.24251/HICSS.2020.796
dc.identifier.isbn	978-0-9981331-3-3
dc.identifier.uri	http://hdl.handle.net/10125/64538
dc.language.iso	eng
dc.relation.ispartof	Proceedings of the 53rd Hawaii International Conference on System Sciences
dc.rights	Attribution-NonCommercial-NoDerivatives 4.0 International
dc.rights.uri	https://creativecommons.org/licenses/by-nc-nd/4.0/
dc.subject	Machine Learning and Cyber Threat Intelligence and Analytics
dc.subject	cyber threat
dc.subject	medical devices
dc.subject	risk analysis
dc.subject	threat intelligence
dc.subject	vulnerabilities
dc.title	Attack Modeling and Mitigation Strategies for Risk-Based Analysis of Networked Medical Devices
dc.type	Conference Paper
dc.type.dcmi	Text

Files

Original bundle

Now showing 1 - 1 of 1

Name:: 0643.pdf
Size:: 2.36 MB
Format:: Adobe Portable Document Format

Download

Collections

Machine Learning and Cyber Threat Intelligence and Analytics