Cybersecurity and Penetration Testing for Medical Systems

Medical devices are increasingly connected and complex in their software. As they often are highly safety-critical, such as pacemakers and insulin pumps, there is a need to strengthen them against cyberattacks. The healthcare industry is using various methods for security verification and validation, such as static code analysis, fuzzing, classic black-box penetration testing (PenTest). Yet we realize that with classic security testing, vulnerability detection is inefficient and incomplete. In this article we show how an enhanced TARA-based grey-box PenTest (GBPT) needs less test cases while being more effective in terms of coverage while indicating less false positives. With its integration to test-oriented requirements engineering (TORE), it supports a true triple peak method, connecting requirements elicitation, analysis and test strategy. A side effect of GBPT is its minimum viable test set which eases regression testing in agile development and redeliveries, while still being FDA compliant. This article introduces to the GBPT method and applies it to a real-world insulin pump, thus showing its handling and benefits. KPIs are introduced to show efficiency and effectiveness of GBPT.

Was lernen die Zuhörer in dem Vortrag?

  1. Cybersecurity testing in medical devices
  2. Grey-Box PenTest method
  3. hands-on example with insulin pump
Christof Ebert
Christof Ebert

Christof Ebert is the managing director of Vector Consulting Services. A professor at the University of Stuttgart and Sorbonne in Paris, he is...

Ruschil Ray
Ruschil Ray

Ruschil Ray is with the University of Stuttgart and Robert Bosch. Her research is on Cybersecurity Penetration Testing Methods. Prior to that...

45 Minuten Vortrag


21. Oktober




Safety & Security


Copyright © 2021 HLMC Events GmbH