Show simple item record

dc.contributor.authorRao, A.
dc.contributor.authorCarreón, N.A.
dc.contributor.authorLysecky, R.
dc.contributor.authorRozenblit, J.
dc.date.accessioned2022-12-15T22:41:39Z
dc.date.available2022-12-15T22:41:39Z
dc.date.issued2022
dc.identifier.citationRao, A., Carreón, N. A., Lysecky, R., & Rozenblit, J. (2022). FIRE: A Finely Integrated Risk Evaluation Methodology for Life-Critical Embedded Systems. Information (Switzerland), 13(10).
dc.identifier.issn2078-2489
dc.identifier.doi10.3390/info13100487
dc.identifier.urihttp://hdl.handle.net/10150/667238
dc.description.abstractLife-critical embedded systems, including medical devices, are becoming increasingly interconnected and interoperable, providing great efficiency to the healthcare ecosystem. These systems incorporate complex software that plays a significantly integrative and critical role. However, this complexity substantially increases the potential for cybersecurity threats, which directly impact patients’ safety and privacy. With software continuing to play a fundamental role in life-critical embedded systems, maintaining its trustworthiness by incorporating fail-safe modes via a multimodal design is essential. Comprehensive and proactive evaluation and management of cybersecurity risks are essential from the very design to deployment and long-term management. In this paper, we present FIRE, a finely integrated risk evaluation methodology for life-critical embedded systems. Security risks are carefully evaluated in a bottom-up approach from operations-to-system modes by adopting and expanding well-established vulnerability scoring schemes for life-critical systems, considering the impact to patient health and data sensitivity. FIRE combines a static risk evaluation with runtime dynamic risk evaluation to establish comprehensive risk management throughout the lifecycle of the life-critical embedded system. We demonstrate the details and effectiveness of our methodology in systematically evaluating risks and conditions for risk mitigation with a smart connected insulin pump case study. Under normal conditions and eight different malware threats, the experimental results demonstrate effective threat mitigation by mode switching with a 0% false-positive mode switching rate. © 2022 by the authors.
dc.language.isoen
dc.publisherMDPI
dc.rightsCopyright © 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
dc.rights.urihttps://creativecommons.org/licenses/by/4.0/
dc.subjectlife-critical embedded systems
dc.subjectmedical device security
dc.subjectmodeling and simulation
dc.subjectsecurity risk assessment
dc.subjectsecurity risk management
dc.subjectthreat mitigation
dc.titleFIRE: A Finely Integrated Risk Evaluation Methodology for Life-Critical Embedded Systems
dc.typeArticle
dc.typetext
dc.contributor.departmentElectrical and Computer Engineering Department, University of Arizona
dc.contributor.departmentDepartment of Surgery, University of Arizona
dc.identifier.journalInformation (Switzerland)
dc.description.noteOpen access journal
dc.description.collectioninformationThis item from the UA Faculty Publications collection is made available by the University of Arizona with support from the University of Arizona Libraries. If you have questions, please contact us at repository@u.library.arizona.edu.
dc.eprint.versionFinal published version
dc.source.journaltitleInformation (Switzerland)
refterms.dateFOA2022-12-15T22:41:39Z


Files in this item

Thumbnail
Name:
information-13-00487-v2.pdf
Size:
6.627Mb
Format:
PDF
Description:
Final Published Version

This item appears in the following Collection(s)

Show simple item record

Copyright © 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Except where otherwise noted, this item's license is described as Copyright © 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).