Take Two Software Updates and See Me in the Morning: The Case for Software Security Evaluations of Medical Devices Steve Hanna 1, Rolf Rolles 4, Andres.

Slides:

Advertisements

Similar presentations

Chapter 24 Quality Management.

Advertisements

Autotuning in Web100 John W. Heffner August 1, 2002 Boulder, CO.

For SIGAda Conference, 2005 November, Atlanta 1 A New Standards Project on Avoiding Programming Language Vulnerabilities Jim Moore Liaison Representative.

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Implementation of a Validated Statistical Computing Environment Presented by Jeff Schumack, Associate Director – Drug Development Information September.

The creation of "Yaolan.com" A Site for Pre-natal and Parenting Education in Chinese by James Caldwell DAE Interactive Marketing a Web Connection Company.

Making the System Operational

| Copyright © 2009 Juniper Networks, Inc. | 1 WX Client Rajoo Nagar PLM, WABU.

Insert image here © SPEC-Soft SAVINGS AND EXPERTISE FOR YOUR PLANT PFS-Suite Life-cycle Tools For Process Automation PFS-Suite TM.

Configuration management

Working with Disks and Devices

ACT User Meeting June Your entitlements window Entitlements, roles and v1 security overview Problems with v1 security Tasks, jobs and v2 security.

Testing Workflow Purpose

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

1 | © 2012 V-Key.com – Proprietary and Confidential Bugatti Veyron Super SportBugatti Veyron Super Sport: 267 mph (429 km/h), 0-60 in 2.4 secs.

“The Honeywell Web-based Corrective Action Solution”

Security Self-Help Program Summary. Purpose To provide a way to automate the “hardening” of computer systems by applying security settings and configuration.

Security metrics in SCADA system Master of Computer and Information Science Student: Nguyen Duc Nam Supervisor: Elena Sitnikova.

Desktop Value - Introducing Windows XP Service Pack 2 with Advanced Security Technologies Presenter: James K. Murray Title: Information Technologies Consultant.

BLADE: An Attack-Agnostic Approach for Preventing Drive-By Malware Infections, L. Lu et al. BLADE: An Attack-Agnostic Approach for Preventing Drive-By.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 2.

User-centric Handling of Identity Agent Compromise Daisuke Mashima Dr. Mustaque Ahamad Swagath Kannan College of Computing Georgia Institute of Technology.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

1 SOFTWARE TESTING Przygotował: Marcin Lubawski. 2 Testing Process AnalyseDesignMaintainBuildTestInstal Software testing strategies Verification Validation.

FDA Workshop External Defibrillator Improvement Initiative December 15-16, 2010 MDR Reporting Factors Over the Past 5 Years Derek Smith Senior Vice President.

Workshop on High Confidence Medical Device Software and Systems (HCMDSS) Research & Roadmap June 2-3, 2005 Philadelphia, PA. Manufacturer/Care-Giver Perspective.

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Working with Drivers and Printers Lesson 6. Skills Matrix Technology SkillObjective DomainObjective # Understanding Drivers and Devices Install and configure.

Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.

Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

Vulnerability-Specific Execution Filtering (VSEF) for Exploit Prevention on Commodity Software Authors: James Newsome, James Newsome, David Brumley, David.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

1 FIPS 140 Validation for a “System-on-a-Chip” September 27, 2005 NIST Physical Testing Workshop.

A Framework for Automated Web Application Security Evaluation

SAM for Virtualizatio n Presenter Name. Virtualization: a key priority for business decision makers Technavio forecasts that the global virtualization.

CSCE 548 Secure Software Development Taxonomy of Coding Errors.

Lecture 19 Page 1 CS 236 Online Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Security Vulnerabilities in A Virtual Environment

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

Creating SmartArt 1.Create a slide and select Insert > SmartArt. 2.Choose a SmartArt design and type your text. (Choose any format to start. You can change.

Module 10: Windows Firewall and Caching Fundamentals.

High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.

IT Security CS5493(74293). IT Security Q: Why do you need security? A: To protect assets.

Biometrics and Security Colin Soutar, CTO Bioscrypt Inc. 10th CACR Information Security Workshop May 8th, 2002.

Education – Partnership – Solutions Information Security Office of Budget and Finance Christopher Giles Governance Risk Compliance Specialist The Internet.

By Ramesh Mannava.  Overview  Introduction  10 secure software engineering topics  Agile development with security development activities  Conclusion.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

Kevin Watson and Ammar Ammar IT Asset Visibility.

The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World.

Security Architecture and Design Chapter 4 Part 4 Pages 377 to 416.

Securing Network Servers

CMSC 345 Defensive Programming Practices from Software Engineering 6th Edition by Ian Sommerville.

Intrusion Tolerant Architectures

Manuel Brugnoli, Elisa Heymann UAB

Critical Security Controls

Design for Security Pepper.

Putting It All Together

Putting It All Together

CAS-002 Dumps PDF CompTIA Advanced Security Practitioner (CASP) CAS-002 Dumps CompTIA.

Cybersecurity and Machine Tools

Operating System Security

TPM, UEFI, Trusted Boot, Secure Boot

What Does it Mean to Get Gold in CII Badging?

Presentation transcript:

Take Two Software Updates and See Me in the Morning: The Case for Software Security Evaluations of Medical Devices Steve Hanna 1, Rolf Rolles 4, Andres Molina-Markham 2, Pongsin Poosankam 1,3, Kevin Fu 2, Dawn Song 1 University of California – Berkeley 1, University of Massachusetts Amherst 2, Carnegie Mellon University 3, Unaffiliated 4

Changing Medical Device Landscape Increased software complexity Software plays an increasing role in device failure – (18%) due to software failure, compared to (6%) in 1980s Increased attack opportunities Medical device hardware and software is usually a monoculture within device model 2Hanna, et al. The case for Software Security Evaluations of Medical Devices Health Data Connected Devices Medical Device 28,000 adverse event reports in 14 Models recalled Automated External Defibrillators

To be clear… 3Hanna, et al. The case for Software Security Evaluations of Medical Devices AEDsICDs X

Wisconsin requires daycare providers to be AED proficient Global Automated External Defibrillators (AED) Market: Demand to Drive Growth; June 2009 U.S., European and Japanese External Defibrillation (PAD) Market Report. Frost & Sullivan Valenzuela TD, et al. N Engl J Med. 2000;343: Caffrey S, et al. N Engl J Med. 2002;347: The Population of AEDs Has Increased Significantly Over the Past 5 Years Automated External Defibrillator Milestones AEDs Worldwide 4Hanna, et al. The case for Software Security Evaluations of Medical Devices 1,582, First AED with biphasic waveformFirst save on US airline74% survival rate in casinos75% survival rate in OHare Airport PAD Trial Published New York requires AEDs in public places

Our Objectives Explore state of AED software security Examine for standard software security flaws – Data handling, coding practices, developer assumptions Give insight into state of medical device software and potential for future abuse 5Hanna, et al. The case for Software Security Evaluations of Medical Devices

Desirable Medical Device Properties The device should: – Ensure that software running on a system is the image that was verified – Detect compromise – Verify and authenticate device telemetry – Be robust: defenses and updates weighed with risks to patient 6Hanna, et al. The case for Software Security Evaluations of Medical Devices

Case Study Analyzed Cardiac Science G3 Plus model 9390A Performed static reverse engineering using IDA Pro – Analyzed: MDLink, AEDUpdate and device firmware Analysis using BitBlaze architecture – BitFuzz, the dynamic symbolic path exploration tool Remarks – Problems likely not isolated to the G3 Plus – Potential for abuse as devices become more connected 7Hanna, et al. The case for Software Security Evaluations of Medical Devices

Vulnerabilities Discovered 1.AED Firmware - Replacement 2.AEDUpdate - Buffer overflow 3.AEDUpdate - Plain text user credentials 4.MDLink - Weak password scheme Vulnerabilities were verified on Windows XP SP2. 8Hanna, et al. The case for Software Security Evaluations of Medical Devices

Firmware Replacement Firmware update uses custom CRC to verify firmware Modified firmware, with proper CRC, is accepted by AED and update software Impact: Arbitrary firmware DEVICE COMPROMISED 9Hanna, et al. The case for Software Security Evaluations of Medical Devices

AEDUpdate Buffer Overflow During update device handshake, device version number exchanged AEDUpdate improperly assumes valid input Enables arbitrary code execution – Data sent from AED can be executed as code on the host PC 10Hanna, et al. The case for Software Security Evaluations of Medical Devices

11Hanna, et al. The case for Software Security Evaluations of Medical Devices

Improving Medical Device Security for Developers Lessons and open problems from the CS G3 Plus – Cryptographically secure device updates No security through obscurity, ensures firmware authenticity – Device telemetry verified for integrity and authenticity Defensively assume that data is not trusted – Passwords cryptographically secure and easily managed Private data and life critical functionality should be protected by well-established cryptographic algorithms – Defenses and updates weighed with risks to patient Medical devices should fail open 12Hanna, et al. The case for Software Security Evaluations of Medical Devices

Recommendations Ensure the update machine is secure – Physical isolation, virtual machine for fresh install Follow FDA guidelines and advisories Remain vigilant – Monitoring physical access, routinely updating afflicted devices, and monitoring advisories released about the device 13Hanna, et al. The case for Software Security Evaluations of Medical Devices

Final Recommendation We recommend continued use of AEDs because of their potential to perform lifesaving functions. The attack potential is currently unmeasured and currently, these devices overwhelmingly save more lives than they imperil. 14Hanna, et al. The case for Software Security Evaluations of Medical Devices

Thank You Questions? – Contact: Steve Hanna Dawn Song Kevin Fu secure-medicine.org 15Hanna, et al. The case for Software Security Evaluations of Medical Devices