Automated Security Assurance Toolbox
The following open-source tools have been made available from the MedSecurance project to support improved security and safety assurance of connected medical devices (Internet of Medical Things) and systems. Click on any tool to visit the GitHub repository to access the software and documentation for the tools.
​
The ontology provides a structured representation of the knowledge contained in various standards and specifications. The ontology is intended to simplify partners and end-users to query the concepts used (such as identified actors, events and processes). Which requirements are defined by which specifications are also tracked in order to make gap analysis of the specification possible.
​
The tool enables the creation of a contract describing the system at hand. This description is based on the inputs and outputs of the other MedSecurance tools. The contract also allows the inclusion of those documents mandated by the considered specifications and standards: this feature enables one to prove the conformance of the system with said specifications and standards.
​
A model-based systems engineering (MBSE) tool developed specifically designed for IoMT systems called Papyrus4IoMT Web. This tool aims to support a wide range of downstream security-related activities by facilitating the creation of comprehensive architectural IoMT models. These models can be leveraged for various critical tasks, including the automatic generation of secure code, conducted thorough threat and vulnerability risk assessments, performing design security analyses, and supporting comprehensive security assurance.
​
IoMT Communications Recommendation Tools
These tools provide is a comprehensive set of software components designed to enhance network security and performance. They offer a range of functionalities to manage, monitor, and secure network infrastructure effectively. From evaluating network protocols to authenticating users, each component plays a crucial role in ensuring the smooth operation and integrity of the network.​
​
IoMT Threat, Vulnerability and Risk Assessment Tool
An advanced suite designed to enhance the security of medical devices by identifying and managing potential risks. This tools integrate various functionalities to offer a robust security solution. Users can utilise the tools to perform detailed vulnerability scans, where the tool identifies known vulnerabilities and correlates them with entries in global databases like CVEs. Additionally, it facilitates threat modelling, allowing users to simulate potential attack vectors and understand their possible impacts.
​
​Provides an objective and durable record of the basis for confidence in critical properties of an IoMT system, by enabling the developers, users, independent evaluators, certification authorities and other parties having a stake in the system to inspect and review that record. The tools support effective and efficient maintenance of assurance during subsequent revisions of such systems by enabling systematic repetition of assurance activities, and checking their results, to counter the tendency for deterioration of quality and rigor over time due in part to loss of personnel with the requisite expertise and familiarity with the system.