Assess
Structured threat analysis applied to the rPPG assessment flow — from camera capture on device, through SDK transmission, to cloud inference and result return. STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) provides a systematic framework.
Not yet formalised. Required for ISO 13485 §4.1 (security as part of quality) and IEC 62304 §5.2 (security requirements must be specified). Planned for Layer 13 (Security Architecture). Assess the tooling (Microsoft Threat Modelling Tool, OWASP Threat Dragon) before starting.