CPS: Beyond Usability - Adam Bates · M. Saad Hussain - Presentation 1.pptx Author: Adam Bates...

Preview:

Click to see full reader

Citation preview

CPS:BeyondUsability:ApplyingValueSensi8veDesignBasedMethodstoInves8gateDomainCharacteris8csforSecurityfor

ImplantableCardiacDevices(ACSAC‘14)

1

TamaraDenning,BatyaFriedman,BrianGill,DanielB.Kramer,MaMhewR.Reynolds,TadayoshiKohno

PresentedBy:SaadHussain

•  Privateinforma8on– Obtainserialnumber,pa8entname,diagnosis

•  Healthimpacts– Turnofftherapies(defibrilla8on)

–  Inducecardiacfibrilla8on

WirelessICDSecurity&Impacts[Halperin2008][Gollakota2011]

2

WirelessICDSecurity

3

•  Needmoresecurity1.   Noindividualizedsecurity2.   Demonstratedsecurityvulnerabili9es

SecuringImplantableCardiacDevices

4

Moresecurityisneeded

SecuringImplantableCardiacDevices

5

Moresecurityisneeded

•  Proposal:Passwordonfile

SecuringImplantableCardiacDevices

6

Moresecurityisneeded

•  E.g.Proposal:Passwordonfile

Cost:Inaccessibility–  Inemergencies–  Travel–  Switchingproviders

SecuringImplantableCardiacDevices

Moresecurityisneeded

•  E.g.Proposal:Passwordonfile

Cost:Inaccessibility–  Inemergencies–  Travel–  Switchingproviders

7

Security:TheScienceandArtofTradeoffs

8

Security:TheScienceandArtofTradeoffs

SecuritySolu9on“Costs”

ValueofHuman“Assets”

10

Security:TheScienceandArtofTradeoffs

SecuritySolu9on“Costs”

ValueofHuman“Assets”

10

ImplantableCardiacDevices:BroaderContext

11

•  Defensedesignsrequireinterac8onwithdomainexperts

•  Exploratorystudiessurfaceissues

Addi8onalElementstoconsiderduringDesign

12

•  Stakeholders

•  StakeholderGoalsandValues

•  Implica8onsforValues

•  Communica8ngTechnicalConceptsinComprehensibleWays

Pa8entStudy

•  Semi---structuredinterviewswithpa8entswithIMDs

•  Inves8gatedpa8entvaluesandconcerns

•  Elicitedreac8onstosecuritysystemconcepts

[Denning2010]

13

TheMedicalEcosystem:ManyRoles,ComplexInterac8ons

MedicalTechnicians

PrimaryCarePhysician

Electrophysiologist

AnesthesiologistImplan8ngSurgeon

DeviceManufacturerRepresenta8ve

NurseNursePrac88oner

CardiologistEmergencyRoomStaff

HospitalBilling FDA

InsuranceCompanies

14

Qualita8veStudyDesign

30

•  3Workshops:–  24providers–  Cardiologists,nurses,anesthesiologists,etc.

•  Workshopformatfacilitates:–  Interac8vediscourse–  Surfacingconsensus,tensions

•  GroupAc8vi8es&PaperInstruments

Framework:ValueSensi8veDesign[Friedman2006]

16

AccountfordirectandindirectStakeholders

ValueDamsandFlows

WorkshopFormat

MetaphorGenera8onCri8quesandConcerns

•  StakeholderPerspec8ves• • • • Evalua8onofSecuritySystemConceptsOpen---endedDiscussion

[Kensing1991][Yoo2013]

17

WorkshopFormat

MetaphorGenera8onCri8quesandConcerns

•  StakeholderPerspec9ves• • • • Evalua8onofSecuritySystemConceptsOpen---endedDiscussion

[Kensing1991][Yoo2013]

18

StakeholderPerspec8veDataAnalysis

19

•  Open---endedanswersusedtodeveloptopiccategories

•  Independentresearcherusedcategoriestocodepar8cipantresponses

• Kappa=0.745–  >0.75isexcellentagreement–  0.40---0.75isintermediatetogood[Fleiss2003]–  0.61---0.80issubstan8alagreement[Landis1977]

StakeholderPerspec8veResultsInformSecurityDesign

20

•  Access&Sharing•  Compa9bility•  CorrectUsage•  DeviceBaVeryLife•  DeviceCompactness/Inertness

•  DeviceEcosystem

•  DeviceFunc8onality•  Pa8ent/Pa8entHealth•  Programming•  QualityofData•  RemoteMonitoring•  Security&Privacy•  Surgery&Healing

StakeholderPerspec8veResultsInformSecurityDesign

21

•  Access&Sharing•  Compa9bility•  CorrectUsage•  DeviceBaVeryLife•  DeviceCompactness/Inertness

•  DeviceEcosystem

•  DeviceFunc8onality•  Pa8ent/Pa8entHealth•  Programming•  QualityofData•  RemoteMonitoring•  Security&Privacy•  Surgery&Healing

?HumanAssets

?SecurityCosts

1.AssetswewanttoprotectfromaMack.

2.Costswewanttoavoid.

WorkshopFormat

MetaphorGenera8onCri8quesandConcerns

•  StakeholderPerspec8ves• • • • Evalua9onofSecuritySystemConceptsOpen---endedDiscussion

[Kensing1991][Yoo2013]

22

SecuritySystemConcepts

•  Surveyedliteratureforproposedsecuritysolu8ons

•  Choserepresenta8veconceptswith variedproper8es

•  Par8cipants:–  Providedoverallevalua8ons–  Commentedonproper8es

23

SecuritySystemConcepts

DislikedSystemConcepts:UncoveringSecuritySystemCostsMedicalAlertBracelet

withPassword

?SecurityCosts

27

MedicalAlertBracelet UV---VisibleTaMoowithPassword

DislikedSystemConcepts:UncoveringSecuritySystemCosts

?SecurityCosts

28

[Denning2010][Schechter2010]

Cri8cality---AwareIMDMedicalAlertBracelet UV---VisibleTaMoowithPassword

DislikedSystemConcepts:UncoveringSecuritySystemCosts

?SecurityCosts

40

[Denning2010][Schechter2010]

[Gupta2006]

↑ Facilitatesemergencyaccess↑ Reassurespa8ent↑ Notvisible

↑ Cheap↑ Nopa8enteffort↑ Alwayspresent

Posi9veProper9es(ofDislikedSystems)

DislikedSystemConcepts:UncoveringSecuritySystemCosts

?SecurityCosts

30

Nega9veProper9es↓ Accessisnotguaranteed↓ Cultural,social,orpersonalobjec8ons↓ Broadcastspa8entcondi8ontoothers↓ Poten8alimpactonbaMerylife

DislikedSystemConcepts:UncoveringSecuritySystemCosts

?SecurityCosts

31

LikedSystemConcept:UncoveringSecuritySystemCosts

32

[Denning2008][Gollakota2011]

[Xu2011]

Fail---OpenWristbandwithSafetyFeatures

•  Presenceblocksunauthorizedaccess

•  Initsabsence,systemfailsintoanopenstate—acceptsallcommunica8ons

Fail---OpenWristbandwithSafetyFeatures

33

↓ Security↓ Maintenance↓ 911falseposi8ves↓ Visualindicator↓ Training↓ Expense

↑ Fail---open↑ Safetyfeatures↑ Security↑ Empowerspa8ent↑ Visualcue

LikedSystemConcept:UncoveringSecuritySystemCosts

[Denning2008][Gollakota2011]

[Xu2011]

Human---CentricInves8ga8onIndicatesSecurityCoststoAvoid

SecuritySolu9onCosts

Inaccessibility

34

Money(àà deniedclaims)

Pa8entcomfort+mentalhealth

Implantsize

BaMerylife Pa8entprivacy

Infec8on

Incompa8bility

DiscussionQues8ons

35

•  Whatarethekeycontribu8onsofthispaper?

•  Shouldasecuritydesignhingeuponpa8entsbeingabletochoosewhetherornottheywishtocomply?

•  Whataretherepercussionsifacompany’sIMDisaMacked,andsecuritywasop8onal?

Recommended

Rami Saad #NEVERFAIL
Technology
Detecting Co-Residency with Active Traffic Analysis …bates/documents/Bates_Ccsw12.pdfDetecting Co-Residency with Active Traffic Analysis Techniques Adam Bates, Benjamin Mood, Joe
Documents
Bates & Bates Price Books
Documents
HSR STEWARDSHIP, FINANCING AND CAPACITY: …healthsystemsresearch.org/hsr2010/images/friday/morning1.pdf · Taghreed Adam, Saad Ahmad and Abdul Ghaffar, in preparation . Temporal
Documents
Saad Disertation
Documents
Saad Al-Saad / Abdelkader Ababneh Concept, opportunities
Documents
Abu Bakar Saad
Documents
ADAM SHAIN MARCUS BATES, APTAR PHARMA › sites › default › files › publications › 108_ju… · Marcus Bates is Director, External Partners Connected Devices, at Aptar Pharma
Documents
Audit Saad
Documents
Sarhani Saad
Documents
RevisedFinalStemBook2006 saad
Documents
38 Surah Saad (The Letter Saad)
Travel
Transparent Web Service Auditing via Network Provenance ...papers.… · Transparent Web Service Auditing via Network Provenance Functions ⇤ Adam Bates, Wajih Ul Hassan University
Documents
Bates Mom - Bates Interview (UP 1996)
Documents
ADAM SHAIN MARCUS BATES, APTAR PHARMA
Documents
Natan Saad
Documents
Saad Zaghlul Pasha
Documents
Ibrahim Saad
Documents
Joseph Bates - The Autobiography of Joseph Bates
Documents
SAAD assignment
Documents