電子病歷系統提供一個方便且簡單的方法，即便在緊急的情況下，也能夠讓病人與醫療專業人士安全地分享他/她的醫療記錄，並監控自己的健康隱私。為了滿足這些要求，即需要一存取控制機制，在不降低安全性的考量下，有效率地處理每一種情況。然而，現今使用在醫療環境之存取控制機制中，往往忽略了去規範與限制在緊急情況下，病人資料的揭露程度。因此，本研究提出了一安全分享電子病歷資料之方法，使得此方法無論在任何情況，即使是緊急情況下，也能保證其安全性。基於此，我們採用國立成功大學量子資訊與網路安全實驗室所提出之安全機制，其機制包含了多階層資料流架構，並結合傳統以角色為基礎的存取控制與強制訪問控制政策。本研究之主要貢獻為在此安全機制下提出一〝基於情況之電子病歷存取政策〞。

Electronic Patient Health Record (EPHR) systems may facilitate a patient not only to share his/her health records securely with healthcare professional but also to control his/her health privacy, in a convenient and easy way even in case of emergency. In order to fulfill these requirements, it is greatly desirable to have the access control mechanism which can efficiently handle every circumstance without negotiating security. However, the existing access control mechanisms used in healthcare to regulate and restrict the disclosure of pa-tient data are often bypassed in case of emergencies. In this thesis, we propose a way to se-curely share EPHR data under any situation including break-the-glass (BtG) without com-promising its security. In this regard, we adopt the reference security model designed by Quantum Information and Network Security Lab (QINS, NCKU), which consists of a multi-level data flow hierarchy, and an efficient access control framework based on the conventional Role-Based and Mandatory Access Control polices. Here, the main contribu-tion of this thesis work is to enforce “situations based access policy” on the reference secu-rity model.

[1] R. S. Sandhu and P. Samarati, "Access control: principle and practice," Communications Magazine, vol. 32, no. 9, pp. 44-48, 1994.
[2] D. Ferraiolo and D. Kuhn, "Role Based Access Control," in 15th National Computer Security Conference, 1992.
[3] R. S. Sandhu, E. J. Coyne, H. L. Feinstein and C. E. Youman, "Role-based access control models," in Computer, vol. 29, 1996, pp. 38-47.
[4] NIST, "Role Based Access Control," 1999. [Online]. Available: http://hissa.ncsl.nist.gov/rbac.
[5] D. F. Ferraiolo, R. S. Sandhu, S. Gavrila, D. R. Kuhn and R. Chandramouli, "Proposed NIST standard for role-based access controlc," Proposed NIST standard for role-based access control, vol. 4, no. 3, pp. 224-274, 2001.
[6] R. S. Sandhu, D. Ferraiolo and R. Kuhn, "The NIST model for role based access control: Toward a Unified Standard," in Proceeding 5th ACM Workshop on Role Based Access Control, New York, 2000.
[7] R. Thomas, "Team-based Access Control (TMAC): A primitive for applying role-based access controls in collaborative environments," in Proc. 2nd ACM Workshop on Role based Access Control, New York, 1997.
[8] J. B. Joshi, E. Bertino, U. L. and A. Ghafoor, "A generalized temporal role-based access control model," Knowledge and Data Engineering - IEEE Transactions, vol. 17, no. 1, pp. 4-23, 2005.
[9] D. Kulkarni and A. Tripathi, "Context-aware role-based access control in pervasive computing systems," in Proc. 13th ACM Symp. on Access Control Models and Technologies,, New York, 2008.
[10] E. Bertino, B. Catania, M. L. Damiani and P. Perlasca, "GEO-RBAC: a spatially aware RBAC," in Proceedings of the 10th ACM symposium on Access control models and technologies, 2005.
[11] E. Bertino, B. P. A and E. Ferrari, "TRBAC: A temporal role-based access control model," ACM Transactions on Information and System Security (TISSEC), vol. 4, no. 3, pp. 191-233, 2001.
[12] M. Covington, "Generalized role based access control for securing future applications," in Proc. of the Nat. Information Systems Security Conf., 2000.
[13] S. H. Park, Y. J. Han and T. M. Chung, " Context-role based access control for context-aware application," in High Performance Computing and Communications, Berlin, Springer Berlin Heidelberg, 2006, pp. 572-580.
[14] M. Moyer and M. Ahamad, "Generalized role-based access control," in Proc. of the 21st IEEE Int. Conf. on Distributed Computing Systems, Arizona, 2001.
[15] G. H. Motta and S. S. Furuie, " A contextual role-based access control authorization model for electronic patient record," Information Technology in Biomedicine, IEEE Transactions, vol. 7, no. 3, pp. 202-207, 2003.
[16] C. K. Georgiadis, I. Mavridis, G. Pangalos and R. Thomas, "Flexible team-based access control using contexts," in Proc. 6th ACM Symp. on Access Control Models and Technologies, New York, 2001.
[17] D. Russell and G. Gangemi, "Computer System Security and Access Control," in Computer Security Basics, California, O’Reilly, 2006, pp. 63-69.
[18] E. Rissanen, B. S. Firozabadi and M. Sergot, "Towards a Mechanism for Discretionary Overriding of Access Control," in Security Protocols, Berlin, Springer Berlin Heidelberg, 2006, pp. 312-319.
[19] D. Povey, "Optimistic security: a new access control paradigm," in Proc. 1999 workshop on New Security Paradigms, 2000.
[20] L. Ferreira, R. Cruz-Correia, L. A. P. Farinha, F. Oliveira-Palhares, D. W. Chadwick and A. Costa-Pereira, "How to break access control in a controlled manner," in Computer-Based Medical Systems, 2006. CBMS 2006, 19th IEEE International Symposium, 2006.
[21] "Break-glass: An approach to granting emergency access to healthcare systems," Joint –NEMA/COCIR/JIRA Security and Privacy Committee (SPC), 2004.
[22] C. A. Ardagna, S. D. C. d. Vimercati, S. Foresti, T. W. Grandison, S. Jajodia and P. Samarati, "Access control for smarter healthcare using policy spaces," Computers & Security, vol. 29, no. 8, pp. 848-858, 2010.
[23] L. Rostad, "An Initial Model and a Discussion of Access Control inPatient Controlled Health Records," in The 3rd Int. Conf. on Availability, Reliability and Security, 935-942, 2008.
[24] M. I. Kim and K. B. Johnson, "Personal health records: Evaluation of functionality and utility," Journal of the American Medical Informatics Association, vol. 9, no. 2, pp. 171-180, 2002.
[25] G. Zhao, D. Chadwick and S. Otenko, "Obligations for role based access control," in IEEE Int. Symp. on Security in Networks and Distributed Systems (SSNDS07), 2007.