Abstract
A series of public demonstrations of critical security vulnerabilities in medical cyber–physical systems (CPSs) such as infusion pumps and pacemakers has shown the susceptibility of medical devices to attacks by malignant agents. Medical-device manufacturers and regulators thus have an interest in establishing not only that a medical device is safe and effective (the traditional criteria for device acceptability) but that it is also secure. In this paper, the authors advocate the use of an argumentation framework for security based on assurance cases and define a candidate structure for security assurance cases along with a methodology for assurance-case-driven security engineering for medical CPSs. They also develop an example illustrating the approach. This approach, the authors believe, should replace the ad hoc analysis and argumentation approaches used today by both device developers and regulators.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
