Attack Modeling and Mitigation Strategies for Risk-Based Analysis of Networked Medical Devices
Attack Modeling and Mitigation Strategies for Risk-Based Analysis of Networked Medical Devices
| dc.contributor.author | Hodges, Bronwyn | |
| dc.contributor.author | Mcdonald, Jeffrey | |
| dc.contributor.author | Glisson, William | |
| dc.contributor.author | Jacobs, Mike | |
| dc.contributor.author | Van Devender, Maureen | |
| dc.contributor.author | Pardue, Harold | |
| dc.date.accessioned | 2020-01-04T08:32:06Z | |
| dc.date.available | 2020-01-04T08:32:06Z | |
| dc.date.issued | 2020-01-07 | |
| dc.description.abstract | The escalating integration of network-enabled medical devices raises concerns for both practitioners and academics in terms of introducing new vulnerabilities and attack vectors. This prompts the idea that combining medical device data, security vulnerability enumerations, and attack-modeling data into a single database could enable security analysts to proactively identify potential security weaknesses in medical devices and formulate appropriate mitigation and remediation plans. This study introduces a novel extension to a relational database risk assessment framework by using the open-source tool OVAL to capture device states and compare them to security advisories that warn of threats and vulnerabilities, and where threats and vulnerabilities exist provide mitigation recommendations. The contribution of this research is a proof of concept evaluation that demonstrates the integration of OVAL and CAPEC attack patterns for analysis using a database-driven risk assessment framework. | |
| dc.format.extent | 10 pages | |
| dc.identifier.doi | 10.24251/HICSS.2020.796 | |
| dc.identifier.isbn | 978-0-9981331-3-3 | |
| dc.identifier.uri | http://hdl.handle.net/10125/64538 | |
| dc.language.iso | eng | |
| dc.relation.ispartof | Proceedings of the 53rd Hawaii International Conference on System Sciences | |
| dc.rights | Attribution-NonCommercial-NoDerivatives 4.0 International | |
| dc.rights.uri | https://creativecommons.org/licenses/by-nc-nd/4.0/ | |
| dc.subject | Machine Learning and Cyber Threat Intelligence and Analytics | |
| dc.subject | cyber threat | |
| dc.subject | medical devices | |
| dc.subject | risk analysis | |
| dc.subject | threat intelligence | |
| dc.subject | vulnerabilities | |
| dc.title | Attack Modeling and Mitigation Strategies for Risk-Based Analysis of Networked Medical Devices | |
| dc.type | Conference Paper | |
| dc.type.dcmi | Text |
Files
Original bundle
1 - 1 of 1
No Thumbnail Available
- Name:
- 0643.pdf
- Size:
- 2.36 MB
- Format:
- Adobe Portable Document Format
- Description: