Research On BTG Mechanism In Medical Environment

With the rapid development of information technology and the patients’ growing demand for personal privacy protection,the access control and confidentiality protection of patient information in the medical environment has received more and more attention.The medical environment is a dynamic and complex environment,various abnormal access situations and security breaches may occur at any time during the access process.And in some abnormal situations,access control with static access control policies does not solve the problem of access decision for access requests.In order to solve the problem above,the BTG(Break the Glass,BTG)mechanism is introduced as an exception handling mechanism to specifically handle the authorization problem for abnormal access situations(especially emergency situations in the medical environment).To a certain extent,the BTG mechanism combined with access control can increase the flexibility of authorization and ensure that patient information is accessed reasonably and safely in abnormal access situations.However,the existing BTG mechanisms still have some defects,if these defects cannot be dealt with,they will cause serious harm to patients or other related individuals,such as malicious disclosure of patients’ sensitive information,damage to the hospitals’ reputation,etc.Therefore,in order to improve the defects of the BTG mechanism in handling abnormal access in the medical environment,this thesis proposes more flexible,safe,and fine-grained BTG mechanism,and then designs experiments to verify the effectiveness of the improved BTG mechanism.This thesis has made the following contributions:By analyzing the characteristics of the medical environment,such as dynamics,reject risk etc.,all access situations that may occur in the medical environment are classified into two categories: normal situations and abnormal situations,abnormal situations are divided into emergency situations and unknown situations,and then the basic features of these different situations are introduced.By summarizing a large number of literatures on BTG mechanism,some defects in the existing BTG mechanism are analyzed,including the a posteriori,inflexibility,and abuse of the BTG mechanism in solving the authorization problem in emergency situations,and the defect that existing BTG mechanism ignores how to solve the authorization problem in unknown situations.For the defects of the BTG mechanism in solving the authorization problems in emergency situations,this thesis proposes the trust based BTG mechanism,which includes four modules: context service,auditing,trusted processing and authorization processing,and the four modules cooperate with each other.The context service module senses and collects the relevant information of the subject and the object;The auditing module records the historical access behaviors of subjects,and evaluates the behaviors of subjects from both the user and the system;The trusted processing module introduces the relevant trusted computing method to evaluate the credibility of the subject with respect to the object,and then generates trusted subject set of the object,and at the same time,the subjects in the set are classified into different trusted levels;The authorization processing module is to authorize the subjects that send the emergency BTG request in an emergency according to the relevant information of each module.The trust based BTG mechanism not only increases the priority,flexibility,and security of the BTG mechanism,but also weighs the accessibility and confidentiality of patient information.The existing BTG mechanism hardly considers how to solve the authorization problem in unknown situations,for this defect,this thesis proposes the risk based BTG mechanism,which includes five modules: obligation processing,obligation library,trusted analysis,sensitivity processing and authorization processing,and the five modules cooperate with each other.The obligation processing module mainly redefines the related obligations and the execution state of obligations combining with obligation mechanism,and then evaluates the subjects’ ability to perform obligations;Obligation library stores predefined obligation sets;The trusted analysis module is to evaluate the credibility of the subject.Sensitivity processing module analyzes the sensitivity of accessed objects;The authorization processing module performs risk assessment and secondary assessment for the unknown BTG request sent according to the relevant information of each module,and finally decides whether to authorize the requesting subject.The risk based BTG mechanism not only expands the scope of application of the BTG mechanism,increases the priority,flexibility,and security of the BTG mechanism,but also weighs the accessibility and confidentiality of patient information.At the end of the thesis,a medical system based on the improved BTG mechanism is designed.The system implements functions of each module of the two improved BTG mechanism above,and uses the examples to verify the effectiveness of the improved mechanism.This thesis mainly through improving the existing BTG mechanism,making it more flexible and more granular to deal with the authorization problem in different abnormal situations in the medical environment,to ensure information security in the medical environment.The research content of this thesis has greater significance to the protection of confidentiality of patient information,and it also has certain inspiration for the future related research.This thesis has the following deficiencies: Although the trusted computing method of this thesis can avoid abnormal data being used to a certain extent,it can’t fundamentally prevent malicious users from tampering with the trusted sample data;The research in this thesis is based on the background of the medical environment.The corresponding method is also based on the characteristics of the medical environment.Therefore,it does not apply to other backgrounds;The medical system set up is only to achieve the improved BTG mechanism proposed in this thesis,and can be further expanded to ensure the integrity of the system.