Congratulations to our Best Paper Award Nominees!
The Best Paper Award winner will be announced on Tuesday morning, May 17
Self-Authentication in Medical Device Software An Approach To Include Cybersecurity In Legacy Medical Devices
- Srinivasan Jagannathan (Exponent, Inc., USA)
- Adam Sorini (Exponent, USA)
The FDA recommends that medical device manufacturers take steps to assure that appropriate safeguards are in place to reduce the risk of failure due to cyberattack, which could be initiated by the introduction of malware into the medical equipment. However, including safeguards into legacy devices in the field is not easy. One approach is to make software changes that are then distributed into the field. The problem with software-only changes is that they are easy to defeat by malicious attackers. This paper explores an approach that provides incremental security to software that is distributed in the field. Specifically, this paper describes an approach to "self-authenticate" software so that it is robust in detecting attempts to defeat security safeguards that are programmed into the compiled software code. Self-authentication relies on encrypting certain critical functions of the software so that decryption of those portions is necessary for proper operation of the device. The decrypted portions also include integrity-checking and/or authentication functions that confirm that the software has not been modified.
Medical Device Approval Process in China since the Introduction of the China Food and Drug Administration
- Tobias Lueddemann (Technical University of Munich, Germany)
- Diqing Chang (Technical University of Munich, Germany)
- Sadik Sahin (Technical University of Munich, Germany)
- Tim C Lueth (Technische Universität München, Germany)
China's medical device market is continuously growing since the last decade and increasingly attractive for foreign medical device manufacturers. However, marketing products in China as a foreign manufacturer is challenging due to the rapidly changing regulatory environment and lack of available information and documents published in English. This work addresses the recent introduction of the China Food and Drug Administration (CFDA) and presents the current CFDA approval processes and required documentation based on research of the original documents of the CFDA in Chinese language.
Quantified Fault Tree Techniques for Calculating Hardware Fault Metrics According to ISO 26262
- Nabarun Das (kVA, USA)
- William Taylor (kVA, USA)
Since its introduction in 2011, the ISO 26262 standard has provided the state-of-the-art methodology for achieving functional safety of automotive electrical and electronic systems. Among other requirements, the standard requires estimation of quantified metrics such as the Probabilistic Metric for Hardware Failure (PMHF) using quantitative failure analysis techniques. While the standard provides some brief guidance, a complete methodology to calculate the PMHF in detail has not been well described in literature. This paper will draw out several key frameworks for successfully calculating the probabilistic metric for hardware failure using Fault Tree Analysis (FTA). At the top levels of the analysis, methods drawn from previous literature can be used to organize potential failures within a complex multi-functional system. At the lower levels of the FTA, the effects of all fault categories, including dual-point latent and detected faults, can be accounted for using appropriate diagnostic coverage and proof-test interval times. A simple example is developed throughout the paper to demonstrate the methods. Some simplifications are proposed to estimate an upper bound on the PMHF. Conclusions are drawn related to the steps and methods employed, and the nature of PMHF calculation in practical real-world systems.