Nathanael Paul

A review of the security of insulin pump infusion systems.

Insulin therapy has enabled patients with diabetes to maintain blood glucose control to lead healthier lives. Today, rather than injecting insulin manually using syringes, a patient can use a device such as an insulin pump to deliver insulin programmatically. This allows for more granular insulin delivery while attaining blood glucose control. Insulin pump system features have increasingly benefited patients, but the complexity of the resulting system has grown in parallel. As a result, security breaches that can negatively affect patient health are now possible. Rather than focus on the security of a single device, we concentrate on protecting the security of the entire system. In this article, we describe the security issues as they pertain to an insulin pump system that includes an embedded system of components, which include the insulin pump, continuous glucose management system, blood glucose monitor, and other associated devices (e.g., a mobile phone or personal computer). We detail not only the growing wireless communication threat in each system component, but also describe additional threats to the system (e.g., availability and integrity). Our goal is to help create a trustworthy infusion pump system that will ultimately strengthen pump safety, and we describe mitigating solutions to address identified security issues.

Trustworthy Voting: From Machine to System

The authors describe an electronic voting approach that takes a system view, incorporating a trustworthy process based on open source software, simplified procedures, and built-in redundant safeguards that prevent tampering.

.NET security: lessons learned and missed from Java

Many systems execute untrusted programs in virtual machines (VMs) to limit their access to system resources. Sun introduced the Java VM in 1995, primarily intended as a lightweight platform for execution of untrusted code inside Web pages. More recently, Microsoft developed the .NET platform with similar goals. Both platforms share many design and implementation properties, but there are key differences between Java and .NET that have an impact on their security. This paper examines how .NETs design avoids vulnerabilities and limitations discovered in Java and discusses lessons learned (and missed) from Javas experience with security.

Comparing Java and .NET security: Lessons learned and missed

Many systems execute untrusted programs in virtual machines (VMs) to mediate their access to system resources. Sun introduced the Java VM in 1995, primarily intended as a lightweight platform for executing untrusted code inside web pages. More recently, Microsoft developed the .NET platform with similar goals. Both platforms share many design and implementation properties, but there are key differences between Java and .NET that have an impact on their security. This paper examines how .NETs design avoids vulnerabilities and limitations discovered in Java and discusses lessons learned (and missed) from experience with Java security.

The Design of a Trustworthy Voting System

After the voting debacle in the Florida Presidential election of 2000 with its now-fabled hanging chads and pregnant chads, many voting jurisdictions turned to electronic voting machines. This transition has had at least as many problems as punch-card systems and added the additional one of making recounts impossible. As a result, many jurisdictions have gone back to paper ballots in despair. We believe that electronic voting can have many benefits including accessibility and usability but requires regarding voting as a system of which the voting machine is only a (small) part. In this paper we describe all the components of an electronic voting system that is practical and difficult to tamper with. We emphasize the importance of systems aspects, defense in depth, and being paranoiac.

A Closer Look at Viruses and Worms

Reviewed in this issue:Peter Szor, The Art of Computer Virus Research and Defense, Addison-Wesley, 2005, ISBN: 0-321-30454-3, 744 pages, US

Advanced metering infrastructure and communication test bed and applications for grid reliability

49.99.

Where's the FEEB? the effectiveness of instruction set randomization

This paper discusses the architecture of the advanced metering and communication test bed installed on the ORNL (Oak Ridge National laboratory) distribution grid. The test bed is being exploited for many applications that serve the reliability of the grid, such as standard validation and implementation of the new encryption devices to improve cyber security.