Attack-Graph Threat Modeling Assessment of Ambulatory Medical Devices

TL;DR

This paper explores attack graph modeling to identify vulnerabilities and develop mitigation strategies for ambulatory medical devices, emphasizing the importance of security in medical technology integration.

Contribution

It introduces attack graph modeling as a method to assess risks and vulnerabilities in ambulatory medical devices, including Bluetooth sensors and Android apps.

Findings

Identified common vulnerabilities in ambulatory devices

Developed an attack graph example highlighting attack paths

Suggested mitigation strategies for device security

Abstract

The continued integration of technology into all aspects of society stresses the need to identify and understand the risk associated with assimilating new technologies. This necessity is heightened when technology is used for medical purposes like ambulatory devices that monitor a patient's vital signs. This integration creates environments that are conducive to malicious activities. The potential impact presents new challenges for the medical community. Hence, this research presents attack graph modeling as a viable solution to identifying vulnerabilities, assessing risk, and forming mitigation strategies to defend ambulatory medical devices from attackers. Common and frequent vulnerabilities and attack strategies related to the various aspects of ambulatory devices, including Bluetooth enabled sensors and Android applications are identified in the literature. Based on this analysis, this research presents an attack graph modeling example on a theoretical device that highlights vulnerabilities and mitigation strategies to consider when designing ambulatory devices with similar components.