| With the construction of medical informatization,electronic medical records are widely used by various medical institutions,and the existence of the phenomenon of "information silos" has hindered the development of medical informatization.At present,there are problems such as malicious user access and unreasonable use of medical records in the process of electronic medical record sharing,which make medical data at risk of privacy leakage,and there is no perfect trust assessment method to meet the scenario of electronic medical record sharing and no fine-grained access control scheme to prevent excessive use of electronic medical records.In this thesis,we propose a purpose-and trust-based access control scheme for inter-hospital electronic medical records.We first construct a trust assessment model based on user behavior considering user sources,and propose an access control policy combining purpose-based access control and attribute-based encryption technology,based on which we construct a fine-grained access control scheme with data hierarchy.The main work of this thesis is as follows:(1)A trust evaluation model based on user behavior is proposed.The model firstly calculates user’s direct trust value based on user behavior and trust influence factor,secondly introduces institutional trust as user’s indirect trust value,uses evaluation similarity and entropy method to exclude malicious evaluation and sets trust weight,and then uses a combination of direct and indirect methods to achieve a comprehensive trust evaluation of users.Finally,the correctness and validity of the model are verified by simulation experiments.(2)A purpose and trust-based hierarchical access control scheme for electronic medical records is proposed.The scheme firstly embeds trust into the access purpose to construct the purpose trust access control policy,secondly adopts the hierarchical access structure to encrypt and decrypt the electronic medical record data in a hierarchical manner,and then constructs a fine-grained hierarchical access control scheme by combining trust value,purpose access control and attribute-based encryption technology with the idea of matching first and then decryption.Finally,the scheme is verified through analysis and experiments to have better performance while effectively controlling the rational use of data.(3)A prototype access control system for sharing electronic medical records among hospitals was designed and implemented.Based on the above research scheme,a prototype access control system for electronic medical record sharing was developed and implemented through requirement analysis and overall design.The system achieves fine-grained access control of electronic medical records and can effectively verify the feasibility and effectiveness of the scheme in this thesis. |