research-article

Security aspects of cyber-physical device safety in assistive environments

Author:
Steven J. Templeton

University of California, Davis, CA

University of California, Davis, CA
View Profile

PETRA '11: Proceedings of the 4th International Conference on PErvasive Technologies Related to Assistive EnvironmentsMay 2011Article No.: 53Pages 1–8https://doi.org/10.1145/2141622.2141685

Published:25 May 2011Publication History

PETRA '11: Proceedings of the 4th International Conference on PErvasive Technologies Related to Assistive Environments

Pages 1–8

ABSTRACT

As more devices that affect their environment come into use, their proper functioning to protect the welfare of their charges is a concern. Examples include assistive transport devices, robotics, drug delivery systems, etc. Here privacy is not the primary concern, instead it is safety. Given that there are many instances of medical devices not being developed to be secure, plus the standard of practice for security with robotics and other cyber-physical devices, the issue needs consideration. These systems are not only vulnerable to intentional attack, but can cause harm inadvertently by unexpected interaction from other systems. This paper discusses security challenges of expanded use of cyber-physical devices in assistive environments and provides suggestions to improve the security and safety of these devices in the future.

References

ANSI/ISA-84.00.01-2004 Part 1 (IEC 61511-1 Mod) Functional Safety: Safety Instrumented Systems for the Process Industry SectorGoogle Scholar
ANSI/ISA-TR99.00.01-2007-Security Technologies for Industrial Automation and Control SystemsGoogle Scholar
ANSI/ISA-TR100.00.01-2007-Security Technologies for Industrial Automation and Control SystemsGoogle Scholar
August, T., Tunca, T. I. 2010. Who Should be Responsible for Software Security? A Comparative Analysis of Liability Policies in Network Environments. Management Science. (Dec. 2010) Google ScholarDigital Library
Baker, G. 2008. Schoolboy hacks into city's tram system. The Telegraph. (Jan 11, 2008) http://www.telegraph.co.uk/news/worldnews/1575293/Schoolboy-hacks-into-citys-tram-system.htmlGoogle Scholar
Cheolgi, K., Sun, M., Mohan, S., Yun, H., Sha, L., Abdelzaher, T. F. 2010. A framework for the safe interoperability of medical devices in the presence of network failures. ICCPS '10: Proceedings of the 1st ACM/IEEE International Conference on Cyber-Physical Systems. (Apr. 2010) Google ScholarDigital Library
Condon, S. 2009. Red tape keeps Conficker on medical devices. (5 May 2009) http://www.zdnet.com/news/red-tape-keeps-conficker-on-medical-devices/295270Google Scholar
Consumer Reports. 2010. Most important factors in buying a car. Consumer Reports. (Jan. 2010) http://www.consumerreports.org/cro/cars/new-cars/news/2010/01/2010-car-brand-perceptions-survey/most-important-factors/brand-perceptions-most-important-factors.htmGoogle Scholar
Falliere, N., Murchu L. O., Chien, E. 2011. W32.Stuxnet Dossier, version 1.4. Symantec (Feb. 2011) http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdfGoogle Scholar
Haack, J. N., Fink, G. A., Maiden, W. M., McKinnon, A. D., Templeton, S. J., Fulp, E. W. 2011. Ant-Based Cyber Security. 8^th International Conference on Information Technology: New Generations (Apr. 2011) Google ScholarDigital Library
Halperin, D., Heydt-Benjamin, T. S., Clark, S. S., Defend, B., Morgan, W., Fu, K., Kohno, T., Maisel, W. H. 2008. Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses. IEEE Symposium on Security and Privacy. (May 2008) Google ScholarDigital Library
Halperin, D., Heydt-Benjamin, T. S., Fu, K., Kohno, T., Maisel, W. H. 2008. Security and Privacy of Implantable Medical Devices. IEEE Pervasive Computing. (Jan. 2008) Google ScholarDigital Library
Hansen, J. A., Hansen N. M. 2010. A Taxonomy of Vulnerabilities in Implantable Medical Devices SPIMACS'10. (Oct. 2010) Google ScholarDigital Library
Highfield, R. 2008. Hacking fears over wireless pacemakers. The Telegraph. March 13, 2008. http://www.telegraph.co.uk/science/science-news/3336025/Hacking-fears-over-wirelesspacemakers. htmlGoogle Scholar
IPSO/Carmax. 2010. IPSO/Carmax vehicle buying decisions survey. (Dec 2010) http://www.ipsos-na.com/news-polls/pressrelease.aspx?id=4960Google Scholar
ISA. 2010. ISASecure Program Description. (Mar. 2011) http://www.isasecure.org/Certification-Program/ISASecure-Program-Description.aspxGoogle Scholar
Koscher K.; Czeskis A.; Roesner F.; Patel S.; Kohno T.; Checkoway S.; McCoy D.; Kantor B.; Anderson D.; Snacham H.; Savage S.. 2010. Experimental Security Analysis of a Modern Automobile. Proceedings of the IEEE Symposium and Security and Privacy. (May 2010) Google ScholarDigital Library
Krush, W. 2008. Who's Hacking Your PACs?. Government Health IT. (May. 2008)Google Scholar
Leveson, N. G.; Turner, C. S.. 1993. An investigation of the Therac-25 accidents. Computer. v.26-7, pp 18--41 (Jul. 1993) Google ScholarDigital Library
Lutz, R. R., Software engineering for safety: a roadmap, Proceedings of the Conference on The Future of Software Engineering, p.213--226, June 04--11, 2000, Limerick, Ireland (Jun. 2000) Google ScholarDigital Library
Maharana, M. K.; Swarup, K. S. 2008. Identification of Operating States of Power System Using Transient Stability Analysis. Joint International Conference on Power System Technology and IEEE Power India Conference, 2008. (Oct. 2008)Google Scholar
Maisel, W. H., Kohno, T. 2010. Improving the Security and Privacy of Implantable Medical Devices. N Engl J Med 2010; 362:1164--1166 (Apr. 2010)Google Scholar
Mead, N. R. 2004. Who Is Liable for Insecure Systems?. IEEE Computer. Volume 37 Issue 7. (July 2004) Google ScholarDigital Library
Meier, B. 2010. Lifesaving Devices Can Cause Havoc at Life's End. New York Times. May 13, 2010. (May 2010)Google Scholar
Moore, S. K. 2006. Psychiatry's Shocking New Tools. IEEE Spectrum. (Mar. 2006) Google ScholarDigital Library
RISI. (2010) 2009 Annual Report on Cyber Security Incidents and Trends Affecting Industrial Control Systems. Security Incidents Organization (2010) http://www.securityincidents.orgGoogle Scholar
Ryan, D. J.; Heckman, C.;. 2003. Two views on security software liability. Let the legal system decide. IEEE Security and Privacy. (Feb. 2003) http://singularityhub.com/2010/09/08/80000-and-counting-brain-implants-on-the-rise-world-wide/ Google ScholarDigital Library
Saenz, A. 2010. 80,000 and Counting, Brain Implants on the Rise World Wide. Singularity Hub. (Sep. 2010) http://singularityhub.com/2010/09/08/80000-and-counting-brain-implants-on-the-rise-world-wide/Google Scholar
Schechter. S., Security that is meant to be skin deep:Using ultraviolet micropigmentation to store emergency-access keys for implantable medical devices. Technical Report SR-TR-2010-33. Microsoft Research (Apr. 2010)Google Scholar
U. S. Department of Defense. 2010. DoD 8570.01-M, Information Assurance Workforce Improvement Program. Securing the Nation's Critical Cyber Infrastructure. (Apr. 2010) http://www.dtic.mil/whs/directives/corres/pdf/857001m.pdfGoogle Scholar
U. S. Department Of Health and Human Services Food and Drug Administration. 2002. General Principles of Software Validation; Final Guidance for Industry and FDA Staff (Jan. 2002)Google Scholar
Warner, J. S., Johnston, R. G. 2003. GPS Spoofing Countermeasures. LAUR-03-6163. Los Alamos National Laboratory. (Dec. 2003) http://library.lanl.gov/cgi-bin/getfile?00852243.pdfGoogle Scholar
Willke, B. J. 2010. Securing the Nation's Critical Cyber Infrastructure. (Apr. 2010) http://www.us-cert.gov/control_systems/icsjwg/presentations/spring2010/01%20-%20Case%20studies%20-%20Bradford%20Willke.pdfGoogle Scholar

Index Terms

Security aspects of cyber-physical device safety in assistive environments
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Countermeasures to Enhance Cyber-physical System Security and Safety
COMPSACW '14: Proceedings of the 2014 IEEE 38th International Computer Software and Applications Conference Workshops

An application of two Cyber-Physical System (CPS) security countermeasures - Intelligent Checker (IC) and Cross-correlator - for enhancing CPS safety and achieving required CPS safety integrity level is presented. ICs are smart sensors aimed at ...
Read More
Cyber-physical systems security: Limitations, issues and future trends
Abstract
Typically, Cyber-Physical Systems (CPS) involve various interconnected systems, which can monitor and manipulate real objects and processes. They are closely related to Internet of Things (IoT) systems, except that CPS focuses on the ...
Read More
Dependency-based security risk assessment for cyber-physical systems
Abstract
A cyber-physical attack is a security breach in cyber space that impacts on the physical environment. The number and diversity of such attacks against Cyber-Physical Systems (CPSs) are increasing at impressive rates. In times of Industry 4.0 and ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
PETRA '11: Proceedings of the 4th International Conference on PErvasive Technologies Related to Assistive Environments
May 2011
401 pages
ISBN:9781450307727
DOI:10.1145/2141622
Program Chairs:
Margrit Betke
Boston University
,
Ilias Maglogiannis
University of Central Greece, Greece
,
Grammati Pantziou
TEI of Athens (Department of Informatics), Greece
Copyright © 2011 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 25 May 2011
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
assistive-environments
cyber-physical systems
pervasive computing
safety
security
standards
Qualifiers
- research-article
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 9
  Total Citations
  View Citations
- 375
  Total Downloads
- Downloads (Last 12 months)9
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Security aspects of cyber-physical device safety in assistive environments

PETRA '11: Proceedings of the 4th International Conference on PErvasive Technologies Related to Assistive Environments

ABSTRACT

References

Cited By

Index Terms

Recommendations

Countermeasures to Enhance Cyber-physical System Security and Safety

Cyber-physical systems security: Limitations, issues and future trends

Dependency-based security risk assessment for cyber-physical systems