Development of secure medical database systems

  • Pangalos G. 
  • Pomportsis A. 
  • Bozios L. 
  • Khair M. 
Medical Systems
Part of the Lecture Notes in Computer Science book series (LNCS, volume 856)


Security is an important issue directly related to the quality and effectiveness of medical care. Database security in particular plays a significant role in the overall security of medical information systems and networks. The general framework and requirements for medical database security and the major secure database development methodologies are discussed briefly. An experimental implementation which aims to improve medical database security is then presented and discussed. An important characteristic of this development is that mandatory security controls are used additionally to the discretional ones in order to enhance database security.


Medical database security Information system security database security policies database security 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Lunt T., Security in database systems, Computers and security journal, Vol. 11,No. 1, March 1992, pp. 41–56Google Scholar
  2. 2.
    Biskup J., Medical database security, in data protection and confidentiality in health informatics, EEC/DGXII ed.,IOS press, 1991.Google Scholar
  3. 3.
    Landwehr C., ed., Database security II: Status and prospects, North-Holland, 1989.Google Scholar
  4. 4.
    Spooner D., Landwehr C., eds., Database security III, North-Holland, 1990.Google Scholar
  5. 5.
    Proceedings ESORICS (European Symposium on Research in Computer Security), Toulouse, France, 1990.Google Scholar
  6. 6.
    Jajodia S., Landwehr C., eds., Database security IV, North-Holland, 1991.Google Scholar
  7. 7.
    EEC/DGXII, ed., Data protection and confidentiality in health informatics, IOS press, 1991.Google Scholar
  8. 8.
    Biscup J., Analysis of the privacy model for the information system DORIS, in (3).Google Scholar
  9. 9.
    Cannataci A., Data protection issues in database management and expert systems, in (7).Google Scholar
  10. 10.
    Campbell J, A research and development program for trusted distribute DBMSs, in Database security IV, Jaodia (ed), North Holland, 1991.Google Scholar
  11. 11.
    DoD, Department of Defence Trusted computer system evaluation criteria, DoD 5200.28-STD, 1985Google Scholar
  12. 12.
    National Computer Security Centre, Draft trusted DBMS interpretation of the DoD trusted computer system evaluation criteria, USA, 1989Google Scholar
  13. 13.
    National Computer Security Centre, Trusted network interpretation of the trusted computer system evaluation criteria, NCSC-TG-005, USA, 1987.Google Scholar
  14. 14.
    Information Technology Evaluation Criteria (ITSEC), Version 1.2, EEC Document, Brussels, June 1991.Google Scholar
  15. 15.
    Information Technology Security Evaluation Manual (ITSEM), Draft V0.2, EEC Draft Document, April 1992.Google Scholar
  16. 16.
    Landwehr C. E., Minutes of IFIP-TC11 1986 meeting, Montecarlo, December 1986.Google Scholar
  17. 17.
    Stonabraker M., The design and implementation of INGRES, ACM TODS, Vol. 1, No. 3, 1976.Google Scholar
  18. 18.
    Zloof M., Query by example: a database language, IBM systems Journal, Vol. 16, No. 4, 1977.Google Scholar
  19. 19.
    Astrahan M., System R: Relational approach to database management, ACM TODS, Vol. 1, No. 2, June 1976.Google Scholar
  20. 20.
    McGee W., The information Management System IMS/VS. Part V: Transaction processing facilities, IBM systems journal, Vol. 16, No. 2, 1977.Google Scholar
  21. 21.
    Landwehr C., The best available technologies for computer security, IEEE Computer, Vol. 16, No. 7, 1983.Google Scholar
  22. 22.
    ACF2: The access control facility — General information manual, 1983.Google Scholar
  23. 23.
    Secure product description, Bull and Babbage publ., 1979.Google Scholar
  24. 24.
    Duffy K. and Sullivan J., Integrity lock prototype, in the Proceedings 4th IFIP international security conference, Montecarlo, 1986.Google Scholar
  25. 25.
    Cerniglia C. and Millen J., Computer security models, MTR project, Report No. 9531, 1984.Google Scholar
  26. 26.
    Landwehr C., Formal models for computer security, ACM computer surveys, Vol. 13, No. 3, 1981.Google Scholar
  27. 27.
    Griffiths P. and Wade B., An authorisation mechanism for a relational database system, ACM TODS, Vol. 1, No. 3, 1976.Google Scholar
  28. 28.
    Fagin R., On an authorisation mechanism, ACN TODS, Vol. 3, No. 3, 1976.Google Scholar
  29. 29.
    Fugini M., Secure database development methodologies, in (3)Google Scholar
  30. 30.
    Dwyer P., Multilevel security in database management systems, Computers and security, Vol. 6, No. 3, 1987.Google Scholar
  31. 31.
    Akl S., Views for multilevel database database security, IEEE Trans. on S/W Eng., Vol. 13, No. 2, 1987.Google Scholar
  32. 32.
    Hartson H., Database security — system architectures, Information systems, Vol. 6, N0.1, 1981.Google Scholar
  33. 33.
    Leveson J., Safety analysis using Petri nets, IEEE Trans. on S/W Eng., Vol. 13, No. 3, 1987.Google Scholar
  34. 34.
    Bussolati U., A database approach to modelling and managing of security information, Proc. 7th Int. Conf. on VLDB, Cannes, 1981.Google Scholar
  35. 35.
    Bussolati U., Data security management in distributed databases, Information systems, Vol. 7, No. 3, 1982.Google Scholar
  36. 36.
    Date C., An introduction to database systems, Vol. 2, second ed., Addison-Wesley, 1986.Google Scholar
  37. 37.
    Ting T., Application information security semantics: A case of mental health delivery, in (4).Google Scholar
  38. 38.
    Hinke T., DBMS trusted computing base taxonomy, in (4).Google Scholar
  39. 39.
    Graubart R., A comparison of three secure DBMS architectures, in (4).Google Scholar
  40. 40.
    Hosmer H., Designing multilevel secure distributed databases, in (3).Google Scholar
  41. 41.
    Pangalos G., Security in medical database systems, EEC, SEISMED project report, No. INT/S.3/92, 1992.Google Scholar
  42. 42.
    J. V. Marel, A.B. Bakker, User accessrights in an intergrated hospital information system, IFIP-IMIA, North-Holland, 1988.Google Scholar
  43. 43.
    J. BisKup, A general framework for database security, Proc. EROSICS, Toulouse, France, 1990, pp. 35–41.Google Scholar
  44. 44.
    J. Biskcup, Medical database security, Proc. GI-20, Jahrestagung II, Stutgart, October 1990, Springer-Verlag, 1990, pp. 212–221.Google Scholar
  45. 45.
    T.C. Ting, S.A. Demurjian, M.Y. Hu, A specification methodology for user-role based security in an object-oriented design model, Proc. 6th IFIP WG11.3 on database security, 1993.Google Scholar
  46. 46.
    Pfleeger, C., Security in computing, Prentice hall, 1991.Google Scholar
  47. 47.
    S. Katsikas, D. Gritzalis, High level security policies, SEISMED report, June 1993.Google Scholar
  48. 48.
    Russel, D., Computer security basics, O'Reilly & Associates, inc, 1991.Google Scholar
  49. 49.
    Denning, D., Views for multilevel database security, IEEE transactions on S.E., vSE-13, no2, 1987.Google Scholar
  50. 50.
    Groubert, R., Design overview for retrofitting integrity lock architecture onto a commercial DBMS, proc. 1985 symp. Security and privacy, IEEE comput Soc 1985, pp. 147–159.Google Scholar
  51. 51.
    G. Pangalos, Security guidelines for database system developments, 8th Annual IFIP conference on database security, Germany, 23–26 August, 1994.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1994

Authors and Affiliations

  • Pangalos G. 
    • 1
  • Pomportsis A. 
    • 3
  • Bozios L. 
    • 2
  • Khair M. 
    • 1
  1. 1.Computers Division, Faculty of Technology, General DepartmentAristotelian UniversityThessalonikiGreece
  2. 2.Information Systems DepartmentAHEPA University HospitalThessalonikiGreece
  3. 3.Department of InformaticsAristotelian UniversityThessalonikiGreece

Personalised recommendations