Network Security Analysis Method for Medical Devices Under Medical Health Scenarios
Based on Microsoft Threat Modeling Tool
JIANG Zongbo1,2, LI Shu2, LIU Yingying3
1. School of Bioengineering, Chongqing University, Chongqing 400044, China; 2. Institute for Medical Devices Control, National
Institutes for Food and Drug Control, Beijing 102629, China; 3. Beijing Medical and Health Technology Development Center,
Beijing 100035, China
Abstract:Objective To simulate the construction of medical health scenarios, and formulate detection methods and scoring
standards for threats to medical equipment and the entire scene, to provide solutions for network security issues of medical
devices under medical health scenarios. Methods According to the particularity of the medical health scenario, the simulated
medical health scenario was analyzed and the data flow diagram was constructed. The Microsoft threat modeling tool was used to
generate a vulnerability list according to the STRIDE model, and the vulnerabilities and risks were analyzed. The scoring standards
and penetration testing methods for the particularity of the medical device scenario were formulated, and solutions were proposed
and risk downgrade was carried out. Results A list of vulnerabilities was generated based on the scenario’s data flow diagram, with
a total of 66 threats, including 15 ‘S’ (spoofing), 3 ‘T’ (tampering), 10 ‘R’ (repudiation), 4 ‘I’ (information disclosure), 14 ‘D’ (denial
of service), and 20 ‘E’ (elevation of privilege). The threats were categorized, their causes were analyzed, and the solutions were
proposed to mitigate them and downgrade risks. Conclusion The analysis of medical device network security under medical health
scenarios through Microsoft threat modeling tool can scientifically and effectively analyze the network security problems that may be
encountered in the scenario, and avoid or prevent the consequences and impact caused by network security problems to a certain extent.
姜宗伯1,2,李澍2,刘颖颖3. 基于Microsoft威胁建模工具的医疗健康
场景下医疗器械网络安全问题分析方法[J]. 中国医疗设备, 2023, 38(12): 113-118.
JIANG Zongbo1,2, LI Shu2, LIU Yingying3. Network Security Analysis Method for Medical Devices Under Medical Health Scenarios
Based on Microsoft Threat Modeling Tool. China Medical Devices, 2023, 38(12): 113-118.