Abstract
The application of object oriented (OO) technology in the health care sector is of particular interest today, both because of the nature of the field and its social and financial importance. Database security in particular plays an important role in the overall security of medical information systems since not only involves fundamental ethical principles (e.g. privacy and confidentiality), but also essential prerequisites for effective medical care. The development of appropriate secure medical database design and implementation methodologies is therefore an important research problem and a necessary prerequisite for the successful development of such systems. Object oriented techniques can play a decisive role in developing better security systems in this area. There are however a number of problems related to the nature and complexity of the applications and the ill-defined structures involved that have to be addressed first in order to successfully integrate OO technology and security in medical database systems. Some of the potential and limitations of integrating OO technology and security in medical database systems and the European approach to this problem are discussed in this paper and a number of specific implementations are briefly described.
This work was supported in part by the Commission of the European Communities, AIM program, SEISMED (A2033) Project.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Lunt T., Security in database systems, Computers and security journal, Vol 7,No. 1, 1992.
Biskup J., Medical database security, in data protection and confidentiality in health informatics, EEC/DGXII ed.,IOS press, 1991.
Landwehr C., ed., Database security II: Status and prospects, North-Holland, 1989.
Spooner D., Landwehr C., eds., Database security III, North-Holland, 1990.
Proceedings ESORICS (European Symposium on Research in Computer Security), Toulouse, France, 1990.
Jajodia S., Landwehr C., eds., Database security IV, North-Holland, 1991.
EEC/DGXII, ed., Data protection and confidentiality in health informatics, IOS press, 1991.
Biscup J., Analysis of the privacy model for the information system DORIS, in (3).
Cannataci A., Data protection issues in database management and expert systems, in (7).
Campbell J, A research and development program for trusted distribute DBMSs, in Database security IV, Jaodia (ed), North Holland, 1991.
DoD, Department of Defence Trusted computer system evaluation criteria, DoD 5200.28-STD, 1985
National Computer Security Centre, Draft trusted DBMS interpretation of the DoD trusted computer system evaluation criteria, USA, 1989
National Computer Security Centre, Trusted network interpretation of the trusted computer system evaluation criteria, NCSC-TG-005, USA, 1987.
Information Technology Evaluation Criteria (ITSEC), Version 1.2, EEC Document, Brussels, June 1991.
Information Technology Security Evaluation Manual (ITSEM), Draft V0. 2, EEC Draft Document, April 1992.
Landwehr C. E., Minutes of IFIP-TC11 1986 meeting, Montecarlo, December 1986.
Stonabraker M., The design and implementation of INGRES, ACM TODS, Vol. 1, No. 3, 1976.
Zloof M., Query by example: a database language, IBM systems Journal, Vol. 16, No. 4, 1977.
Astrahan M., System R: Relational approach to database management, ACM TODS, Vol. 1, No. 2, June 1976.
McGee W., The information Management System IMSNS. Part V: Transaction processing facilities, IBM systems journal, Vol. 16, No. 2, 1977.
Landwehr C., The best available technologies for computer security, IEEE Computer, Vol. 16, No. 7, 1983.
ACF2: The access control facility - General information manual, 1983.
Secure product description, Bull and Babbage publ., 1979.
Duffy K. and Sullivan J., Integrity lock prototype, in the Proceedings 4th IFIP international security conference, Montecarlo, 1986.
Cerniglia C. and Millen J., Computer security models, MTR project, Report No. 9531, 1984.
Landwehr C., Formal models for computer security, ACM computer surveys,Vol. 13, No. 3, 1981.
Griffiths P. and Wade B., An authorisation mechanism for a relational database system, ACM TODS, Vol. 1, No. 3, 1976.
Fagin R., On an authorisation mechanism, ACN TODS, Vol. 3, No. 3, 1976.
Fugini M., Secure database development methodologies, in (3)
Dwyer P., Multilevel security in database management systems, Computers and security, Vol. 6, No. 3, 1987.
AU S., Views for multilevel database database security, IEEE Trans. on S/W Eng., Vol. 13, No. 2, 1987.
Hartson H., Database security - system architectures, Information systems, Vol. 6, NO. 1, 1981.
Leveson J., Safety analysis using Petri nets, IEEE Trans. on S/W Eng., Vol. 13, No. 3, 1987.
Bussolati U., A database approach to modelling and managing of security information, Proc. 7th Int. Conf. on VLDB, Cannes, 1981.
Bussolati U., Data security management in distributed databases, Information systems, Vol. 7, No. 3, 1982.
Date C., An introduction to database systems, Vol. 2, second ed., Addison-Wesley, 1986.
Ting T., Application information security semantics: A case of mental health delivery, in (4).
Hinke T., DBMS trusted computing base taxonomy, in (4).
Graubart R., A comparison of three secure DBMS architectures, in (4).
Hosmer H., Designing multilevel secure distributed databases, in (3).
Pangalos G., Security in medical database systems, EEC, SEISMED project report, No. 1NT/S. 3 /92, 1992.
J.V. Marel, A.B. Bakker, User accessrights in an intergrated hospital information system, IFIP-IMIA, North-Holland, 1988.
J. BisKup, A general framework for database security, Proc. EROSICS, Toulouse, France, 1990, pp. 35–41.
J. Biskup, Medical database security, Proc. GI-20, Jahrestagung II, Stutgart, October 1990, Springer-Verlag, 1990, pp. 212–221.
T.C. Ting, S.A. Demurjian, M.Y. Hu, A specification methodology for user-role based security in an object-oriented design model, Proc. 6th IFIP WG11.3 on database security, 1993.
C. Pfleeger, Security in computing, Prentice hall, 1991.
S. Katsikas, D. Gritzalis, High level security policies, SEISMED report, June 1993.
S. Oliver, S., Building a secure database using self-protecting objects, computer security journal, vol. 11, no. 3, pp. 259–71.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1994 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Pangalos, G. (1994). Integrating Object Oriented Technology and Security in Medical Database Systems. In: Thuraisingham, B., Sandhu, R., Ting, T.C. (eds) Security for Object-Oriented Systems. Workshops in Computing. Springer, London. https://doi.org/10.1007/978-1-4471-3858-7_2
Download citation
DOI: https://doi.org/10.1007/978-1-4471-3858-7_2
Publisher Name: Springer, London
Print ISBN: 978-3-540-19877-2
Online ISBN: 978-1-4471-3858-7
eBook Packages: Springer Book Archive