Attack-Graph Threat Modeling Assessment of Ambulatory Medical Devices

Date

2017-01

Authors

Luckett, Patrick
McDonald, J. Todd
Glisson, William Bradley

Journal Title

Journal ISSN

Volume Title

Publisher

Proceedings of the 50th Hawaii International Conference on System Sciences

Abstract

The continued integration of technology into all aspects of society stresses the need to identify and understand the risk associated with assimilating new technologies. This necessity is heightened when technology is used for medical purposes like ambulatory devices that monitor a patient’s vital signs. This integration creates environments that are conducive to malicious activities. The potential impact presents new challenges for the medical community. \ \ Hence, this research presents attack graph modeling as a viable solution to identifying vulnerabilities, assessing risk, and forming mitigation strategies to defend ambulatory medical devices from attackers. Common and frequent vulnerabilities and attack strategies related to the various aspects of ambulatory devices, including Bluetooth enabled sensors and Android applications are identified in the literature. Based on this analysis, this research presents an attack graph modeling example on a theoretical device that highlights vulnerabilities and mitigation strategies to consider when designing ambulatory devices with similar components.

Description

A paper co-authored by William Glisson that was published in the Proceedings of the 50th Hawaii International Conference on System Sciences in 2017.

Keywords

attack graph, medical devices, Risk

Citation

Luckett, P., McDonald, J., & Glisson, W. (2017). Attack-Graph Threat Modeling Assessment of Ambulatory Medical Devices. Proceedings of the 50th Hawaii International Conference on System Sciences (2017). Hawaii International Conference on System Sciences, p.3648-3657. https://doi.org/10.24251/hicss.2017.441