Creating a Building Code for Medical Device Software Security

Project Sponsors:

 National Science Foundation

Institute of Electrical and Electronics Engineers

Project Description:

Software systems on whose security we rely might be more trustworthy if the software analog of a building code were developed and applied to them. This project is a workshop that aims to develop both (1) an initial draft for a building code for a specific domain of software-controlled systems, medical devices, which compose a domain of cyberspace in which security and trustworthiness are particularly critical, and (2) a related agenda for research into assuring desired security properties of such systems.

 The purpose of this workshop is to advance the adoption of proven techniques for assuring that software controlling medical devices is free of common sorts of vulnerabilities and to develop a research agenda that will provide the basis for continuing improvement of the security of future medical device software.

 The workshop, if successful, could potentially lead to significantly less vulnerable medical device software systems and could also motivate appropriate research in the area. If the workshop succeeds in identifying a useful structure for a building code for this domain of software, the basis will also be laid for extending the approach to other possible software domains where security is a critical consideration. 

More Information:

Project People:

Dr. Carl Landwehr

Project Products:

Landwehr, Carl.  "Workshop to Develop a Building Code and Research Agenda For Medical Device Software Security," Report GW-CSPRI-2015-1.

Landwehr, Carl.  "We need a code for building code."