Skip to main content
SpringerLink
Log in

Integrating Object Oriented Technology and Security in Medical Database Systems

  • Chapter
Book cover Security for Object-Oriented Systems

Part of the book series: Workshops in Computing ((WORKSHOPS COMP.))

  • 40 Accesses

Abstract

The application of object oriented (OO) technology in the health care sector is of particular interest today, both because of the nature of the field and its social and financial importance. Database security in particular plays an important role in the overall security of medical information systems since not only involves fundamental ethical principles (e.g. privacy and confidentiality), but also essential prerequisites for effective medical care. The development of appropriate secure medical database design and implementation methodologies is therefore an important research problem and a necessary prerequisite for the successful development of such systems. Object oriented techniques can play a decisive role in developing better security systems in this area. There are however a number of problems related to the nature and complexity of the applications and the ill-defined structures involved that have to be addressed first in order to successfully integrate OO technology and security in medical database systems. Some of the potential and limitations of integrating OO technology and security in medical database systems and the European approach to this problem are discussed in this paper and a number of specific implementations are briefly described.

This work was supported in part by the Commission of the European Communities, AIM program, SEISMED (A2033) Project.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Lunt T., Security in database systems, Computers and security journal, Vol 7,No. 1, 1992.

    Google Scholar 

  2. Biskup J., Medical database security, in data protection and confidentiality in health informatics, EEC/DGXII ed.,IOS press, 1991.

    Google Scholar 

  3. Landwehr C., ed., Database security II: Status and prospects, North-Holland, 1989.

    Google Scholar 

  4. Spooner D., Landwehr C., eds., Database security III, North-Holland, 1990.

    Google Scholar 

  5. Proceedings ESORICS (European Symposium on Research in Computer Security), Toulouse, France, 1990.

    Google Scholar 

  6. Jajodia S., Landwehr C., eds., Database security IV, North-Holland, 1991.

    Google Scholar 

  7. EEC/DGXII, ed., Data protection and confidentiality in health informatics, IOS press, 1991.

    Google Scholar 

  8. Biscup J., Analysis of the privacy model for the information system DORIS, in (3).

    Google Scholar 

  9. Cannataci A., Data protection issues in database management and expert systems, in (7).

    Google Scholar 

  10. Campbell J, A research and development program for trusted distribute DBMSs, in Database security IV, Jaodia (ed), North Holland, 1991.

    Google Scholar 

  11. DoD, Department of Defence Trusted computer system evaluation criteria, DoD 5200.28-STD, 1985

    Google Scholar 

  12. National Computer Security Centre, Draft trusted DBMS interpretation of the DoD trusted computer system evaluation criteria, USA, 1989

    Google Scholar 

  13. National Computer Security Centre, Trusted network interpretation of the trusted computer system evaluation criteria, NCSC-TG-005, USA, 1987.

    Google Scholar 

  14. Information Technology Evaluation Criteria (ITSEC), Version 1.2, EEC Document, Brussels, June 1991.

    Google Scholar 

  15. Information Technology Security Evaluation Manual (ITSEM), Draft V0. 2, EEC Draft Document, April 1992.

    Google Scholar 

  16. Landwehr C. E., Minutes of IFIP-TC11 1986 meeting, Montecarlo, December 1986.

    Google Scholar 

  17. Stonabraker M., The design and implementation of INGRES, ACM TODS, Vol. 1, No. 3, 1976.

    Google Scholar 

  18. Zloof M., Query by example: a database language, IBM systems Journal, Vol. 16, No. 4, 1977.

    Google Scholar 

  19. Astrahan M., System R: Relational approach to database management, ACM TODS, Vol. 1, No. 2, June 1976.

    Google Scholar 

  20. McGee W., The information Management System IMSNS. Part V: Transaction processing facilities, IBM systems journal, Vol. 16, No. 2, 1977.

    Google Scholar 

  21. Landwehr C., The best available technologies for computer security, IEEE Computer, Vol. 16, No. 7, 1983.

    Google Scholar 

  22. ACF2: The access control facility - General information manual, 1983.

    Google Scholar 

  23. Secure product description, Bull and Babbage publ., 1979.

    Google Scholar 

  24. Duffy K. and Sullivan J., Integrity lock prototype, in the Proceedings 4th IFIP international security conference, Montecarlo, 1986.

    Google Scholar 

  25. Cerniglia C. and Millen J., Computer security models, MTR project, Report No. 9531, 1984.

    Google Scholar 

  26. Landwehr C., Formal models for computer security, ACM computer surveys,Vol. 13, No. 3, 1981.

    Google Scholar 

  27. Griffiths P. and Wade B., An authorisation mechanism for a relational database system, ACM TODS, Vol. 1, No. 3, 1976.

    Google Scholar 

  28. Fagin R., On an authorisation mechanism, ACN TODS, Vol. 3, No. 3, 1976.

    Google Scholar 

  29. Fugini M., Secure database development methodologies, in (3)

    Google Scholar 

  30. Dwyer P., Multilevel security in database management systems, Computers and security, Vol. 6, No. 3, 1987.

    Google Scholar 

  31. AU S., Views for multilevel database database security, IEEE Trans. on S/W Eng., Vol. 13, No. 2, 1987.

    Google Scholar 

  32. Hartson H., Database security - system architectures, Information systems, Vol. 6, NO. 1, 1981.

    Google Scholar 

  33. Leveson J., Safety analysis using Petri nets, IEEE Trans. on S/W Eng., Vol. 13, No. 3, 1987.

    Google Scholar 

  34. Bussolati U., A database approach to modelling and managing of security information, Proc. 7th Int. Conf. on VLDB, Cannes, 1981.

    Google Scholar 

  35. Bussolati U., Data security management in distributed databases, Information systems, Vol. 7, No. 3, 1982.

    Google Scholar 

  36. Date C., An introduction to database systems, Vol. 2, second ed., Addison-Wesley, 1986.

    Google Scholar 

  37. Ting T., Application information security semantics: A case of mental health delivery, in (4).

    Google Scholar 

  38. Hinke T., DBMS trusted computing base taxonomy, in (4).

    Google Scholar 

  39. Graubart R., A comparison of three secure DBMS architectures, in (4).

    Google Scholar 

  40. Hosmer H., Designing multilevel secure distributed databases, in (3).

    Google Scholar 

  41. Pangalos G., Security in medical database systems, EEC, SEISMED project report, No. 1NT/S. 3 /92, 1992.

    Google Scholar 

  42. J.V. Marel, A.B. Bakker, User accessrights in an intergrated hospital information system, IFIP-IMIA, North-Holland, 1988.

    Google Scholar 

  43. J. BisKup, A general framework for database security, Proc. EROSICS, Toulouse, France, 1990, pp. 35–41.

    Google Scholar 

  44. J. Biskup, Medical database security, Proc. GI-20, Jahrestagung II, Stutgart, October 1990, Springer-Verlag, 1990, pp. 212–221.

    Google Scholar 

  45. T.C. Ting, S.A. Demurjian, M.Y. Hu, A specification methodology for user-role based security in an object-oriented design model, Proc. 6th IFIP WG11.3 on database security, 1993.

    Google Scholar 

  46. C. Pfleeger, Security in computing, Prentice hall, 1991.

    Google Scholar 

  47. S. Katsikas, D. Gritzalis, High level security policies, SEISMED report, June 1993.

    Google Scholar 

  48. S. Oliver, S., Building a secure database using self-protecting objects, computer security journal, vol. 11, no. 3, pp. 259–71.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science and Statistics Dept., University of Rhode Island, 264 Tyler hall, Kingston, RI, 02881, USA

    G. Pangalos

  2. Computers Div., Faculty of Technology — Gen. dept, Aristotelian University of Thessaloniki, Thessaloniki, 540 06, Greece

    G. Pangalos

Authors
  1. G. Pangalos
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. The MITRE Corporation, Burlington Road, 01730, Bedford, MA, USA

    B. Thuraisingham PhD

  2. ISSE Department, George Mason University, 22030, Fairfax, VA, USA

    R. Sandhu PhD

  3. School of Engineering, University of Connecticut, 06268, Storrs, CT, USA

    T. C. Ting PhD

Rights and permissions

Reprints and permissions

Copyright information

© 1994 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Pangalos, G. (1994). Integrating Object Oriented Technology and Security in Medical Database Systems. In: Thuraisingham, B., Sandhu, R., Ting, T.C. (eds) Security for Object-Oriented Systems. Workshops in Computing. Springer, London. https://doi.org/10.1007/978-1-4471-3858-7_2

Download citation

  • DOI: https://doi.org/10.1007/978-1-4471-3858-7_2

  • Publisher Name: Springer, London

  • Print ISBN: 978-3-540-19877-2

  • Online ISBN: 978-1-4471-3858-7

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation