Creating a Building Code for Medical Device Software Security
George Washington University, Washington DC
Investigators
Abstract
Using physical buildings as a metaphor for software systems is a well-established idea, dating back at least to Fred Brooks' book, The Mythical Man-Month, from the mid-1970s. A recent paper by Landwehr suggests that software systems on whose security we rely might be more trustworthy if the software analog of a building code were developed and applied to them. This proposal is to support planning and participant travel for a workshop that aims to develop both (1) an initial draft for a building code for a specific domain of software-controlled systems, medical devices, which compose a domain of cyberspace in which security and trustworthiness are particularly critical, and (2) a related agenda for research into assuring desired security properties of such systems. The purpose of this workshop is to advance the adoption of proven techniques for assuring that software controlling medical devices is free of common sorts of vulnerabilities and to develop a research agenda that will provide the basis for continuing improvement of the security of future medical device software. The workshop could lead to significantly less vulnerable medical device software systems and could also motivate appropriate research in the area. The techniques for using a building code structure can be used to extend the approach to other possible software domains where security is a critical consideration.
View original record on NSF Award Search →