Research On Access Control Policy In Electronic Medical System

With the increasing development of cloud computing technology,the data in the medical system is becoming more and more electronic.Relying on the efficient storage and computing environment of the cloud environment,it has brought great convenience to data users,but at the same time,security risks are also increasing.Increase,especially for very private data such as medical data.There have been many studies on improving the security of electronic medical data,such as the use of fast and secure encryption algorithms or the design of secure access control systems,but the security of the system,the speed of processing speed and the future expansion of the system must be considered It’s difficult.This article mainly starts from the perspective of access control strategy,and protects the privacy leakage that may occur in the electronic medical system.Access control technology is currently widely used in various systems.The main function of access control is to verify the user’s authority to restrict it.The access behavior,through the design of the access control system,can effectively prevent the electronic medical privacy data from being illegally invaded and leaked.This article designs two access control strategies in the electronic medical environment.The main contents are as follows:(1)On the basis of the purpose access control(PBAC),combined with the attribute encryption technology based on the strategy(KP-ABE),an access control scheme(PAKBAC)that considers both the purpose of access and the attributes of the user is designed.The user needs to submit his own access purpose and own attributes,and the data owner sets the allowed and forbidden purposes of data access at the beginning of the system.Unlike PBAC,each purpose in the program contains an attribute strategy for that purpose,namely After the purpose match is met,the attribute strategy corresponding to the purpose still needs to be met,so that the visitor can decrypt the access data correctly,and at the same time verify the correctness of the scheme.The indistinguishable game verifies that the scheme has passive security.At the end of the scheme The program was implemented by simulation and compared with the ciphertext(CP-ABE)-based attribute encryption program,KP-ABE,and the comparison program PACBAC.It was verified that the average running time of the program PAKBAC increased with the number of effective access strategies.In addition,compared with the original attribute encryption scheme and purpose-based access control,this scheme has better security performance and can be well applied to electronic medical systems.(2)Expanding on the basis of attribute-based access control(ABAC),adding a trust evaluation mechanism.In addition to considering the subject,object,context,and action attributes in ABAC,it also adds restrictions on trust attributes.In the scheme,the trust evaluation module is designed in detail.It first introduces several traditional ways of calculating trust value,and then gives the calculation of direct trust value in this paper,the calculation of recommended trust value through reflection neural network,and the calculation of trust value through ant colony optimization algorithm.The optimal selection plan of the object cloud node.Then,the formal definition of the extended attribute access control scheme combined with the trust evaluation module and the process of fine-grained attribute access control are given.The final scheme aims at the different convergence process of the recommended trust value under different learning rates and the multiplicity between two cloud nodes.The change process of the mutual trust value of the second visit is simulated,and the solution has good adaptability in a distributed environment.