Dissertation Defense AnnouncementCollege of Arts and Sciences announces the Final Dissertation Defense of
Faisal Alsubaeifor the Degree of Doctor of Philosophy
December 06, 2019 at 01:00 PM,Dunn Hall Room 375B
Advisor: Sajjan Shiva
Security Assessment Framework For The Internet Of Medical Things Solutions
ABSTRACT: The emergence of the Internet of Medical Things (IoMT) has introduced a monumental change in facilitating the management of diseases, improving disease diagnosis and treatment methods, and reducing healthcare costs and errors. In fact, having several connected devices at each bed is currently the norm in most hospitals in the United States of America. IoMT solutions are not limited to hospital devices alone: IoMT solutions for outpatients, such as over-the-counter and in-home medical devices, are becoming increasingly prevalent. This change has greatly impacted the quality of healthcare for both patients and all frontline healthcare workers. However, the IoMT is far from being immune to security and privacy breaches due to the wide variety and large number of IoMT devices wirelessly transmitting sensitive medical data to the cloud. Moreover, lack of security awareness among users (e.g., patients, medical professionals) can facilitate attacks on IoMT systems. Such attacks include asset destruction, denial of service (DoS), medical data theft or manipulation, and therapy manipulation. The disastrous consequences of these attacks will not only disrupt the whole medical system (e.g., ransomware) but could also put the patients' lives at risk. Therefore, ensuring the security of the IoMT is an urgent issue worthy of further investigation and development. Security cannot be planned for, managed, monitored, or controlled if it cannot be measured. However, security assessment poses problems for novice IoMT adopters, especially in choosing security measures that are both sufficient and robust. Accordingly, I propose a framework based on a novel ontological scenario-based approach to recommend security measures in IoMT and assess protection and deterrence in IoMT solutions. The framework recommends scenario-specific assessment criteria that include necessary and sufficient security measures and their attributes to provide IoMT stakeholders with the means of measuring security in any IoMT solution to support their decision-making. Finally, it supports the selection of a solution that matches the stakeholder's security goals, which differ depending on the scenario. The novelty of the proposed assessment framework lies in its ability to adapt to new structures, levels of granularity, extensions, and standards.