Document Type

Conference Paper

Subject Area

CPS Medical, CPS Model-Based Design, CPS Formal Methods, CPS Theory, CPS Security

Date of this Version


Publication Source

Proceedings of the 10th ACM/IEEE International Conference on Cyber-Physical Systems

Start Page


Last Page





An Implantable Cardioverter Defibrillator (ICD) is a medical device used for the detection of potentially fatal cardiac arrhythmias and their treatment through the delivery of electrical shocks intended to restore normal heart rhythm. An ICD reprogramming attack seeks to alter the device’s parameters to induce unnecessary therapy or prevent required therapy. In this paper, we present a formal approach for the synthesis of ICD reprogramming attacks that are both effective, i.e., lead to fundamental changes in the required therapy, and stealthy, i.e., are hard to detect. We focus on the discrimination algorithm underlying Boston Scientific devices (one of the principal ICD manufacturers) and formulate the synthesis problem as one of multi-objective optimization. Our solution technique is based on an Optimization Modulo Theories encoding of the problem and allows us to derive device parameters that are optimal with respect to the effectiveness-stealthiness trade-off. Our method can be tailored to the patient’s current condition, and readily generalizes to new rhythms. To the best of our knowledge, our work is the first to derive systematic ICD reprogramming attacks designed to maximize therapy disruption while minimizing detection.

Copyright/Permission Statement

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish,to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from ’19, April 16–18, 2019, Montreal, QC, Canada©2019 Association for Computing Machinery.ACM ISBN 978-1-4503-6285-6/19/04. . . $15.00

International Conference on Cyber-Physical Systems (with CPS-IoT Week 2019)(ICCPS ’19), April 16–18, 2019, Montreal, QC, Canada.ACM, New York, NY,USA, 10 pages.


medical device security, reprogramming attack, implantable cardioverter defibrillator, arrhythmia discrimination, model-based attack synthesis

Bib Tex

@inproceedings{Paoletti:2019:SSR:3302509.3311044, author = {Paoletti, Nicola and Jiang, Zhihao and Islam, Md Ariful and Abbas, Houssam and Mangharam, Rahul and Lin, Shan and Gruber, Zachary and Smolka, Scott A.}, title = {Synthesizing Stealthy Reprogramming Attacks on Cardiac Devices}, booktitle = {Proceedings of the 10th ACM/IEEE International Conference on Cyber-Physical Systems}, series = {ICCPS '19}, year = {2019}, isbn = {978-1-4503-6285-6}, location = {Montreal, Quebec, Canada}, pages = {13--22}, numpages = {10}, url = {}, doi = {10.1145/3302509.3311044}, acmid = {3311044}, publisher = {ACM}, address = {New York, NY, USA}, keywords = {arrhythmia discrimination, implantable cardioverter defibrillator, medical device security, model-based attack synthesis, reprogramming attack}, }



Date Posted: 04 November 2019

This document has been peer reviewed.