PikeOS and ELinOS in Medical Applications
Embedded Linux in Medical Technology
Linux makes valuable contributions as a component of Medical devices. Due to a large user base, Security gaps are quickly detected and thus also closed. Of course, it also plays a role at this point that a professional team takes care of the maintenance of a Linux integration in Medical devices and that the system is also regularly maintained. An optimal combination of a core development team and the use of open source can bring great advances in medical technology. The biggest advantage of Linux in data protection is that the source code for the aforementioned packages and the operating system itself is freely available. This exposes it to constant critical view by users, who are quick to build patches in case of Security vulnerabilities.
Card Reader ensures Data Protection
ELinOS-based card reader ensures data protection for patient data. Thales-e-Transactions certifies its card reader "medCompact" according to EAL and announces its availability for the introduction of the electronic health card (eGK) in Germany in July 2008. "medCompact" is based on SYSGO's embedded Linux development environment ELinOS. The German legislator sets high standards for the protection of patient data and requires the formal certification of the device according to Common Criteria EAL 3+.
Hospital, Diagnosis and Information Center
A hospital ecosystem is comprised by several IT components that need to communicate with each other transferring data and device status, Cyber Security should be an item to be considered in all these different components. It should be part of all different stages of the procurement process and architectural definition. The use of crypto engines as well as secure update mechanisms are required according to the latest Medical device ordinance.
The data need to be provided in real time to all stations and the devices need to be monitored as well as the software to be updated where needed. This will help the doctor to get his patient data and increase information transparency for the hospital over all.
Hospital-portable and Home Ventilators
Especially since the COVID-19 virus spread breathing ventilators got highly important to help patients heal their lungs and help them getting back to normal breath rhythm. Ventilators are used in hospital but also in home area as portable devices. Any Malfunction can endanger life. Therefore those device must be:
- Scalable across different type of devices
- Must have mixed criticality with Safety measures
- Keep patient data and device information secure
- Follow industry specific standard for medical devices, such as IEC 61508 / IEC 62304
- Compliance to MPG (Medizinproduktegesetz - Medical Devices Act)
Blood Infusion Pump
A blood infusion pump device is needed for intensive care in infirmary stations of a hospital. Its software architecture must be consider Safety and Security aspects while providing always online connectivity interfaces at the same time. With PikeOS, you can:
- Separate the application implementing the functional Safety by means of resource and time partitioning
- Isolate and encrypt patient sensitive data from the communication stack
- Use secure communication channels
- Provide convenient functions by means of non-critical partitions
Safety-critical Medical applications must be certified to Safety standards such as IEC 62304 and/or follow FDA Device Classification. PikeOS is the best certification solution for three reasons: small size, virtualization, and unparalleled company support for the certification process.
The PikeOS partitioning concept makes it possible for applications of various levels of criticality to be certified for their individual required Safety levels while running securely in parallel on the same hardware platform. Even more important for certification is a competent and reliable partner when it comes to documentation, requirements and tests.
The PikeOS separation kernel itself is small in terms of implementation and its little number of system calls allows comprehensive evaluation and validation. As a matter of fact, PikeOS 5.1.3 (x86 64-bit, ARMv8, PowerPC) has passed the Common Criteria EAL5+ certification.
Integrated Safety and Security reduce Certification Cost
Applications of various levels of criticality and Security are safely separated from each other in distinct partitions and can be certified separately.
IEC 62304 Industry Standard
PikeOS supports the process, the necessary artefacts, as well as analysis and tooling for a successful certification.
Support for a broad Variety of Guest OS allows Consolidation
PikeOS supports mixed-critical setups with precise roles, e.g. Linux-based graphic or network functionalities run concurrently with POSIX-based Safety-critical and time-critical medication applications. The applications are isolated from each other by means of strict partitioning.
Multiple Independent Levels of Security (MILS) Platform
Using MILS Platform to increase Safety and Security standards.