Security Assurance Cases for Medical Cyber–Physical Systems

摘要

A series of public demonstrations of critical security vulnerabilities in medical cyber–physical systems (CPSs) such as infusion pumps and pacemakers has shown the susceptibility of medical devices to attacks by malignant agents. Medical-device manufacturers and regulators thus have an interest in establishing not only that a medical device is safe and effective (the traditional criteria for device acceptability) but that it is also secure. In this paper, the authors advocate the use of an argumentation framework for security based on assurance cases and define a candidate structure for security assurance cases along with a methodology for assurance-case-driven security engineering for medical CPSs. They also develop an example illustrating the approach. This approach, the authors believe, should replace the ad hoc analysis and argumentation approaches used today by both device developers and regulators.