Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Safety-focused security requirements elicitation for medical device software

: Lindvall, M.; Diep, M.; Klein, M.; Jones, P.; Zhang, Y.; Vasserman, E.


Institute of Electrical and Electronics Engineers -IEEE-; IEEE Computer Society:
IEEE 25th International Requirements Engineering Conference, RE 2017. Proceedings : 4-8 September 2017, Lisbon, Portugal
Los Alamitos, Calif.: IEEE Computer Society Conference Publishing Services (CPS), 2017
ISBN: 978-1-5386-3191-1
ISBN: 978-1-5386-3192-8
International Requirements Engineering Conference (RE) <25, 2017, Lisbon>
Conference Paper
Fraunhofer CESE ()

Security attacks on medical devices have been shown to have potential safety concerns. Because of this, stakeholders (device makers, regulators, users, etc.) have increasing interest in enhancing security in medical devices. An effective means to approach this objective is to integrate systematic security requirements elicitation and analysis into the design and evaluation of medical device software. This paper extends the sequence-based enumeration approach, a systematic approach for defining the behavior of embedded software, to analyze the requirement documents of a medical device for the purpose of eliciting security requirements. As a proof of concept, we apply our approach on a concrete case study, which shows that the extended approach is useful for identifying sequences of medical device events that might be harmful to the patient, for example because the events are initiated by an active adversary trying to use the device in a malicious way. We then show how security requirements may be formulated based on the identified threats. By exploring these sequences systematically, the developers can reliably assess what, where, and how the security threats may manifest in their system, what the safety implications are, and finally they can evaluate the resulting requirements and mitigations.