Systematic Vulnerability Evaluation of Interoperable Medical Device System using Attack Trees

Xu, Jian

10 December 2015

"Security for medical devices has gained some attractions in the recent years following some well- publicized attacks on individual devices, such as pacemakers and insulin pumps. This has resulted in solutions being proposed for securing these devices, usually in stand-alone mode. Medical devices are however becoming increasingly interconnected and interoperable as a way to improve patient safety, decrease false alarms, and reduce clinician cognitive workload. Given the nature of interoperable medical devices (IMDs), attacks on IMDs can have devastating consequences. This work outlines our effort in understanding the threats faced by IMDs, an important first step in eventually designing secure interoperability architectures. A useful way of performing threat analysis of any system is to use attack trees. Attack trees are conceptual, multi-leveled diagrams showing how an asset, or target, might be attacked. They provide a formal, methodical way of describing the threats to a system. Developing attack trees for any system is however non-trivial and requires considerable expertise in identifying the various attack vectors. IMDs are typically deployed in hospitals by clinicians and clinical engineers who may not posses such expertise. We therefore develop a methodology that will enable the automated generation of attack trees for IMDs based on a description of the IMD operational workflow and list of safety hazards that need to be avoided during its operation. Additionally, we use the generated attack trees to quantify the security condition of the IMD instance being analyzed. Both these pieces of information can be provided by the users of IMDs in a care facility. The contributions of this paper are: (1) a methodology for automated generation of attack trees for IMDs using process modeling and hazard analysis, and (2) a demonstration of the viability of the methodology for a specific IMD setup called Patient Controlled Analgesia (PCA- IMD), which is used for delivering pain medication to patients in hospitals."

Attack Trees

Interoperable Medical Device System

Vulnerability Evaluation

Context Mediation in the Semantic Web: Handling OWL Ontology and Data Disparity through Context Interchange

Tan, Philip Eik Yeow, Tan, Kian Lee, Madnick, Stuart E.

01 1900

The COntext INterchange (COIN) strategy is an approach to solving the problem of interoperability of semantically heterogeneous data sources through context mediation. COIN has used its own notation and syntax for representing ontologies. More recently, the OWL Web Ontology Language is becoming established as the W3C recommended ontology language. We propose the use of the COIN strategy to solve context disparity and ontology interoperability problems in the emerging Semantic Web – both at the ontology level and at the data level. In conjunction with this, we propose a version of the COIN ontology model that uses OWL and the emerging rules interchange language, RuleML. / Singapore-MIT Alliance (SMA)

Context interchange

OWL web ontology language

RuleML

semantic web

interoperable

A development and assurance process for Medical Application Platform apps

Procter, Sam

January 1900

Doctor of Philosophy / Department of Computing and Information Sciences / John M. Hatcliff / Medical devices have traditionally been designed, built, and certified for use as monolithic units. A new vision of "Medical Application Platforms" (MAPs) is emerging that would enable compositional medical systems to be instantiated at the point of care from a collection of trusted components. This work details efforts to create a development environment for applications that run on these MAPs. The first contribution of this effort is a language and code generator that can be used to model and implement MAP applications. The language is a subset of the Architecture, Analysis and Design Language (AADL) that has been tailored to the platform-based environment of MAPs. Accompanying the language is software tooling that provides automated code generation targeting an existing MAP implementation. The second contribution is a new hazard analysis process called the Systematic Analysis of Faults and Errors (SAFE). SAFE is a modified version of the previously-existing System Theoretic Process Analysis (STPA), that has been made more rigorous, partially compositional, and easier. SAFE is not a replacement for STPA, however, rather it more effectively analyzes the hardware- and software-based elements of a full safety-critical system. SAFE has both manual and tool-assisted formats; the latter consists of AADL annotations that are designed to be used with the language subset from the first contribution. An automated report generator has also been implemented to accelerate the hazard analysis process. Third, this work examines how, independent of its place in the system hierarchy or the precise configuration of its environment, a component may contribute to the safety (or lack thereof) of an entire system. Based on this, we propose a reference model which generalizes notions of harm and the role of components in their environment so that they can be applied to components either in isolation or as part of a complete system. Connections between these formalisms and existing approaches for system composition and fault propagation are also established. This dissertation presents these contributions along with a review of relevant literature, evaluation of the SAFE process, and concludes with discussion of potential future work.

Medical Application Platforms

Hazard Analysis

Interoperable Systems

Systematic Analysis of Faults and Errors

Sensor Observation Service for Environmental Monitoring Data

Mokhtary, Mandana

January 2012

The Swedish Environmental Protection Agency (Naturvårdsverket) is the public agency in Sweden with responsibility to overview the conditions of the environment and the policies related to the environmental monitoring data. Nowadays, observation data are stored in several different data models in this organization, leading to difficulties in finding, understanding and consequently using data in terms of analysis and management of environmental issues. One common model that uniformly structures observation data could largely make it easier for decision makers to find the required information. The aim of this study is to build an interoperable data model for environmental monitoring observation in Naturvårdsverket based on OGC-SWE standard formats. The proposed solution relies on Sensor Web architecture, which is the set of data model definitions andweb service specifications. Also, this methodology is based on open source components; therefore it is cost-effective for the users. The Service Oriented Architecture (SOA) is used to create a uniform model by using communication protocols such as Extensible Markup Language (XML) and Simple Object Access Protocol (SOAP). The primary findings of the thesis is that when the observation is encoded into the standard format from the beginning, then it is easier to parse these documents and find the required information for the end users without knowing how these information are gathered and stored. The client scan send a request to the Sensor Observation Service (SOS) and receive the observation that is structured based on Observation and Measurements (O&M).

Sensor Web

Sensor Observation Service

interoperable data model

environmental monitoring observation

Remote Sensing

Fjärranalysteknik

Functional Programming and Metamodeling frameworks for System Design

Mathaikutty, Deepak Abraham

19 May 2005

System-on-Chip (SoC) and other complex distributed hardware/software systems contain heterogeneous components whose behavior are best captured by different models of computations (MoCs). As a result, any system design framework for such systems requires the capability to express heterogeneous MoCs. Although a number of system level design languages (SLDL)s and frameworks have proliferated over the last few years, most of them are lacking in multiple ways. Some of the SLDLs and system design frameworks we have worked with are SpecC, Ptolemy II, SystemC-H, etc. From our analysis of these, we identify their following shortcomings: First, their dependence on specific programming language artifacts (Java or C/C++) make them less amenable to formal analysis. Second, the refinement strategies proposed in the design flows based on these languages lack formal semantics underpinnings making it difficult to prove that refinements preserve correctness, and third, none of the available SLDLs are easily customizable by users. In our work, we address these problems as follows: To alleviate the first problem, we follow Axel Jantsch's paradigm of function-based semantic definitions of MoCs and formulate a functional programming framework called SML-Sys. We illustrate through a number of examples how to model heterogenous computing systems using SML-Sys. Our framework provides for formal reasoning due to its formal semantic underpinning inherited from SML's precise denotational semantics. To handle the second problem and apply refinement strategies at a higher-level, we propose a refinement methodology and provide a semantics preserving transformation library within our framework. To address the third shortcoming, we have developed EWD, which allows users to customize MoC-specific visual modeling syntax defined as a metamodel. EWD is developed using a metamodeling framework GME (Generic Modeling Environment). It allows for automatic design-time syntactic and semantic checks on the models for conformance to their metamodel. Modeling in EWD facilitates saving the model in an XML-based interoperability language (IML) we defined for this purpose. The IML format is in turn automatically translated into Standard ML, or Haskell models. These may then be executed and analyzed either by our existing model analysis tools SMLSys, or the ForSyDe environment. We also generate SMV-based template from the XML representation to obtain verification models. / Master of Science

Metamodeling

Functional Programming

Interoperable Modeling Language

Heterogeneous System Design

Functional Languages

Metamodel

Domain

A Web-based Distributed and Interoperable Tool for Sharing Mathematical Assessments and Supervising Online Tests

Al-shomrani, Saleh M.

26 November 2008

No description available.

Computer Science

Mathematics Education

Mathematics education

Sharing Assessments

Mathematical Assessments

Supervising Online Tests

Realize Configurable and Interoperable TT&C with Commercial Components

Patel, Kirti

10 1900

International Telemetering Conference Proceedings / October 28-31, 1996 / Town and Country Hotel and Convention Center, San Diego, California / With explosive growth in the satellite communication market. there is an increasing need for the satellite network service providers to support many satellites with a common Telemetry, Tracking, and Commanding (TT&C) assets. The open bus technology, and Commercial Off The Shelf (COTS) Hardware and Software components, provides an opportunity to build a common IF and baseband systems that will support many satellites with different frequencies and protocols. However, the high frequency front end components of the ground station such as antenna or HPA can not be common due to different gain and polarization requirements of the various communication bands and frequencies. The system architecture presented in this paper offers such system that is interoperable and reconfigurable in near real-time to support multiple frequency and multiple communication protocols.

Interoperable

Reconfigurable

TT&C

AF SCN

NASA

INTELSAT

Frequency band Unique Element (FUE)

Common User Element (CUE)

COTS

Résolution de l'hétérogénéité des intergiciels d'un environnement ubiquitaire

Bromberg, David

01 December 2006

nombre croissant de dispositifs informatiques par le biais de technologies réseaux sans fil basées ou non sur des infrastructures (WLAN, Bluetooth, GSM, GPRS, UMTS). Une des problématiques majeures de l'informatique diffuse est de faire communiquer de façon dynamique, spontanée et transparente ces différents dispositifs entre eux indépendamment de leurs hétérogénéités matérielle et logicielle. Les intergiciels ont été introduits dans cet objectif, cependant étant donné leur diversité, une nouvelle source d'hétérogénéité de plus haut niveau apparaît, notamment au niveau de leur protocole d'interaction. Actuellement, deux méthodes permettent de résoudre ces incompatibilités : la substitution et la traduction de protocoles. La première requiert la conception de nouveaux intergiciels capables de s'adapter en fonction de leur environnement d'exécution afin de résoudre dynamiquement l'hétérogénéité des intergiciels existants. L'avantage de cette méthode est de fournir une interopérabilité dynamique. En revanche, son inconvénient est d'être non transparente : elle crée une nouvelle source d'hétérogénéité entre ces nouveaux intergiciels, et nécessite de développer des applications qui leur sont spécifiques. La seconde méthode, quant à elle, est transparente : elle ne requiert ni la conception de nouveaux intergiciels, ni le développement de nouvelles applications. Cependant, elle reste statique et planifiée contrairement à la précédente méthode. Dans le contexte de l'informatique diffuse, ces deux méthodes sont complémentaires. Notre contribution consiste à combiner ces deux approches. A l'aide des langages de processus, nous proposons, dans un premier temps, une spécification formelle de notre solution qui permet de résoudre l'hétérogénéité des intergiciels quels que soient la spécificité de leurs caractéristiques, de leurs protocoles et de leurs technologies. Dans un second temps, nous présentons deux systèmes, basés sur cette spécification, conçus pour résoudre : (i) les incompatibilités des protocoles de découverte de services, (ii) les incompatibilités des protocoles de communication. Leur particularité est d'assurer une interopérabilité dynamique et transparente sans requérir de modifications des applications et des intergiciels existants. A partir de nos différentes expérimentations, il apparaît que le surcoût de cette solution pour résoudre les incompatibilités de protocoles est raisonnable.

[INFO] Computer Science

Ubiquitous computing

open networked environment

interoperable middleware

reconfigurable and adaptable middleware

formal evaluation

software engineering for middleware

software architecture

Adopting a harmonised regional approach to customs regulation for the tripartite free trade agreement

Jana, Vimbai Lisa Michelle

January 2013

No description available.

Adopting a harmonised regional approach to customs regulation for the tripartite free trade agreement

Jana, Vimbai Lisa Michelle

January 2013

No description available.