Provide a tamper-resistant audit trail for security-related events, such as software installation, user authentication, and so on).
Employ appropriate software/ hardware protections against malicious observation/modification of medical device secrets by the device possessor.
The least-privilege principle calls for the operating system to grant programs/ processes only those privileges required for them to carry out their specified functions.
A component that accepts an input without checking its validity presents a path that an attacker can probe.
Storage is divided into code segments that might be read or executed but not written and into data segments that might be read or written but not executed.
The aim is to avoid execution of untrustworthy, possibly malicious, applications.
The aim is to enable valid updates to operational software while minimizing the possibility that the update mechanisms can be subverted to install fraudulent updates.
Developer and integrator affix a digital signature to software/firmware installed in a device.
Generating random numbers for use in initializing pseudorandom number generators and cryptographic algorithms, using them correctly, and avoiding reusing them are challenging problems.
Cryptographic algorithms that resist serious analysis are notoriously difficult to invent and to program correctly.