||A CC Approach to Secure Medical Instrumentation Systems
||Hammershaimb Mosbech, Jonas
Nørager Svane, Martin
||Sharp, Robin (System Security, Department of Informatics and Mathematical Modeling, Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark)
||Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark
||This thesis presents the results of using the Common Criteria for Information
Technology Security Evaluation (CC) as an engineering tool for designing a
secure medical instrumentation system.
Initially the overall methodology and the domain of medical instrumentation
systems are introduced. This is followed by a presentation of the developed
Protection Profile (PP), which specifies a set of general security requirements for
medical instrumentation systems. The PP is then rened into a Security Target
(ST) formulating a set of specific security requirements for a particular type
of medical instrumentation systems, namely point-of-care blood gas analysis
systems. Finally, the design of a Secure Blood Gas Analysis system, derived
directly from the ST, is presented. This demonstrates the overall applicability
of the methodology.
It is concluded that while it is possible to use the CC as a security requirements
engineering methodology, the approach should be combined with additional
measures in order to fully ensure the security of the developed system.
||Technical University of Denmark (DTU) : Kgs. Lyngby, Denmark
Creation date: 2009-02-03
Update date: 2009-10-27