论文信息 - Foundational Security Principles for Medical Application Platforms - (Extended Abstract)

Foundational Security Principles for Medical Application Platforms - (Extended Abstract)

We describe a preliminary set of security requirements for safe and secure next-generation medical systems, consisting of dynamically composable units, tied together through a real-time safety-critical middleware. We note that this requirement set is not the same for individual (stand-alone) devices or for electronic health record systems, and we must take care to define system-level requirements rather than security goals for components. The requirements themselves build on each other such that it is difficult or impossible to eliminate any one of the requirements and still achieve high-level security goals.

Eugene Y. Vasserman | John Hatcliff | J. Hatcliff

[1] J. D. Miller. Sharing clinical research data in the United States under the health insurance portability and accountability act and the privacy rule , 2010, Trials.

[2] Kevin Fu,et al. Design challenges for secure implantable medical devices , 2012, DAC Design Automation Conference 2012.

[3] Sandy Weininger,et al. Supporting Medical Device Adverse Event Analysis in an Interoperable Clinical Environment: Design of a Data Logging and Playback System , 2011, ICBO.

[4] Insup Lee,et al. Rationale and Architecture Principles for Medical Application Platforms , 2012, 2012 IEEE/ACM Third International Conference on Cyber-Physical Systems.

[5] Achim D. Brucker,et al. Extending access control models with break-glass , 2009, SACMAT '09.

[6] John A. McDermid,et al. Safety Assurance Contracts for Integrated Modular Avionics , 2003, SCS.

[7] Kevin Fu,et al. Recent Results in Computer Security for Medical Devices , 2011, MobiHealth.

[8] Rafael Accorsi,et al. Safe-Keeping Digital Evidence with Secure Logging Protocols: State of the Art and Challenges , 2009, 2009 Fifth International Conference on IT Security Incident Management and IT Forensics.

[9] Ross J. Anderson,et al. A security policy model for clinical information systems , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[10] Julian M. Goldman. CIMIT/TATRC Symposium on Developing a Plug-and-Play Open Networking Standard for the Operating Room of the Future , 2005 .