Attack Modeling and Mitigation Strategies for Risk-Based Analysis of Networked Medical Devices
dc.contributor.author | Hodges, Bronwyn J. | |
dc.contributor.author | McDonald, J. Todd | |
dc.contributor.author | Glisson, William Bradley | |
dc.contributor.author | Jacobs, Michael | |
dc.contributor.author | Van Devender, Maureen | |
dc.contributor.author | Pardue, J. Harold | |
dc.date.accessioned | 2021-09-15T21:40:24Z | |
dc.date.available | 2021-09-15T21:40:24Z | |
dc.date.issued | 2020-01 | |
dc.description | Paper co-authored by William Glisson that was published by Proceedings of the 53rd Hawaii International Conference on System Sciences in 2020. | |
dc.description.abstract | The escalating integration of network-enabled medical devices raises concerns for both practitioners and academics in terms of introducing new vulnerabilities and attack vectors. This prompts the idea that combining medical device data, security vulnerability enumerations, and attack-modeling data into a single database could enable security analysts to proactively identify potential security weaknesses in medical devices and formulate appropriate mitigation and remediation plans. This study introduces a novel extension to a relational database risk assessment framework by using the open-source tool OVAL to capture device states and compare them to security advisories that warn of threats and vulnerabilities, and where threats and vulnerabilities exist provide mitigation recommendations. The contribution of this research is a proof of concept evaluation that demonstrates the integration of OVAL and CAPEC attack patterns for analysis using a database-driven risk assessment framework. | |
dc.identifier.citation | Hodges, B., Mcdonald, J., Glisson, W., Jacobs, M., Van Devender, M., & Pardue, H. (2020). Attack Modeling and Mitigation Strategies for Risk-Based Analysis of Networked Medical Devices. Proceedings of the 53rd Hawaii International Conference on System Sciences. Hawaii International Conference on System Sciences. https://doi.org/10.24251/hicss.2020.796 | |
dc.identifier.uri | https://hdl.handle.net/20.500.11875/3198 | |
dc.publisher | Proceedings of the 53rd Hawaii International Conference on System Sciences | |
dc.subject | Machine Learning and Cyber Threat Intelligence and Analytics | |
dc.subject | cyber threat | |
dc.subject | medical devices | |
dc.subject | risk analysis | |
dc.subject | threat intelligence | |
dc.subject | vulnerabilities | |
dc.title | Attack Modeling and Mitigation Strategies for Risk-Based Analysis of Networked Medical Devices | |
dc.type | Article |
Files
Original bundle
1 - 1 of 1
Loading...
- Name:
- Attack Modeling and Mitigation_OCR.pdf
- Size:
- 1.26 MB
- Format:
- Adobe Portable Document Format
- Description:
- Article
License bundle
1 - 1 of 1
No Thumbnail Available
- Name:
- license.txt
- Size:
- 1.63 KB
- Format:
- Item-specific license agreed upon to submission
- Description: