Threat-driven approach for security analysis: A case study with a telemedicine system

Abstract

The advancement of the control system in modern critical systems ranges from a gaming system to a critical system that has opened up new possibilities in the industrial and social sectors. This technology provides remote control to the operational process of the system and delivers on-demand services to the user, which saves time and effort. However, the failure of these systems may lead to catastrophic accidents. Thus, there is a strong need to analyze the security of these safety-critical systems (SCSs) at the design level by using the state-space modeling technique. Much of the researchers have done work on the security analysis of SCSs. However, they have not considered very critical aspects as liveness and starvation to analyze the security of SCSs. In this work, we propose an innovative method to analyze the security of SCSs with missing metrics as liveness and starvation via using the mathematical modeling technique Petri net (PN). The validation of the proposed methodology has been checked via applying it on the telemedicine system. © The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG 2021.