Beijing Electronic Science and Technology Institute, Beijing 100070, China.
Sensors (Basel). 2023 Apr 6;23(7):3774. doi: 10.3390/s23073774.
With the rapid development of Internet of Things technology, cloud computing, and big data, the combination of medical systems and information technology has become increasingly close. However, the emergence of intelligent medical systems has brought a series of network security threats and hidden dangers, including data leakage and remote attacks, which can directly threaten patients' lives. To ensure the security of medical information systems and expand the application of zero trust in the medical field, we combined the medical system with the zero-trust security system to propose a zero-trust medical security system. In addition, in its dynamic access control module, based on the RBAC model and the calculation of user behavior risk value and trust, an access control model based on subject behavior evaluation under zero-trust conditions (ABEAC) was designed to improve the security of medical equipment and data. Finally, the feasibility of the system is verified through a simulation experiment.
随着物联网技术、云计算和大数据的飞速发展,医疗系统与信息技术的结合越来越紧密。然而,智能医疗系统的出现带来了一系列网络安全威胁和隐患,包括数据泄露和远程攻击,这些都直接威胁到患者的生命安全。为了确保医疗信息系统的安全,并将零信任扩展到医疗领域的应用中,我们将医疗系统与零信任安全系统相结合,提出了一种零信任医疗安全系统。此外,在其动态访问控制模块中,基于 RBAC 模型和用户行为风险值和信任的计算,设计了一种基于零信任条件下主体行为评估的访问控制模型(ABEAC),以提高医疗设备和数据的安全性。最后,通过模拟实验验证了系统的可行性。
