FIRE: A Finely Integrated Risk Evaluation Methodology for Life-Critical Embedded Systems
dc.contributor.author | Rao, A. | |
dc.contributor.author | Carreón, N.A. | |
dc.contributor.author | Lysecky, R. | |
dc.contributor.author | Rozenblit, J. | |
dc.date.accessioned | 2022-12-15T22:41:39Z | |
dc.date.available | 2022-12-15T22:41:39Z | |
dc.date.issued | 2022 | |
dc.identifier.citation | Rao, A., Carreón, N. A., Lysecky, R., & Rozenblit, J. (2022). FIRE: A Finely Integrated Risk Evaluation Methodology for Life-Critical Embedded Systems. Information (Switzerland), 13(10). | |
dc.identifier.issn | 2078-2489 | |
dc.identifier.doi | 10.3390/info13100487 | |
dc.identifier.uri | http://hdl.handle.net/10150/667238 | |
dc.description.abstract | Life-critical embedded systems, including medical devices, are becoming increasingly interconnected and interoperable, providing great efficiency to the healthcare ecosystem. These systems incorporate complex software that plays a significantly integrative and critical role. However, this complexity substantially increases the potential for cybersecurity threats, which directly impact patients’ safety and privacy. With software continuing to play a fundamental role in life-critical embedded systems, maintaining its trustworthiness by incorporating fail-safe modes via a multimodal design is essential. Comprehensive and proactive evaluation and management of cybersecurity risks are essential from the very design to deployment and long-term management. In this paper, we present FIRE, a finely integrated risk evaluation methodology for life-critical embedded systems. Security risks are carefully evaluated in a bottom-up approach from operations-to-system modes by adopting and expanding well-established vulnerability scoring schemes for life-critical systems, considering the impact to patient health and data sensitivity. FIRE combines a static risk evaluation with runtime dynamic risk evaluation to establish comprehensive risk management throughout the lifecycle of the life-critical embedded system. We demonstrate the details and effectiveness of our methodology in systematically evaluating risks and conditions for risk mitigation with a smart connected insulin pump case study. Under normal conditions and eight different malware threats, the experimental results demonstrate effective threat mitigation by mode switching with a 0% false-positive mode switching rate. © 2022 by the authors. | |
dc.language.iso | en | |
dc.publisher | MDPI | |
dc.rights | Copyright © 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). | |
dc.rights.uri | https://creativecommons.org/licenses/by/4.0/ | |
dc.subject | life-critical embedded systems | |
dc.subject | medical device security | |
dc.subject | modeling and simulation | |
dc.subject | security risk assessment | |
dc.subject | security risk management | |
dc.subject | threat mitigation | |
dc.title | FIRE: A Finely Integrated Risk Evaluation Methodology for Life-Critical Embedded Systems | |
dc.type | Article | |
dc.type | text | |
dc.contributor.department | Electrical and Computer Engineering Department, University of Arizona | |
dc.contributor.department | Department of Surgery, University of Arizona | |
dc.identifier.journal | Information (Switzerland) | |
dc.description.note | Open access journal | |
dc.description.collectioninformation | This item from the UA Faculty Publications collection is made available by the University of Arizona with support from the University of Arizona Libraries. If you have questions, please contact us at repository@u.library.arizona.edu. | |
dc.eprint.version | Final published version | |
dc.source.journaltitle | Information (Switzerland) | |
refterms.dateFOA | 2022-12-15T22:41:39Z |