Integrating Object Oriented Technology and Security in Medical Database Systems

  • G. Pangalos
Part of the Workshops in Computing book series (WORKSHOPS COMP.)


The application of object oriented (OO) technology in the health care sector is of particular interest today, both because of the nature of the field and its social and financial importance. Database security in particular plays an important role in the overall security of medical information systems since not only involves fundamental ethical principles (e.g. privacy and confidentiality), but also essential prerequisites for effective medical care. The development of appropriate secure medical database design and implementation methodologies is therefore an important research problem and a necessary prerequisite for the successful development of such systems. Object oriented techniques can play a decisive role in developing better security systems in this area. There are however a number of problems related to the nature and complexity of the applications and the ill-defined structures involved that have to be addressed first in order to successfully integrate OO technology and security in medical database systems. Some of the potential and limitations of integrating OO technology and security in medical database systems and the European approach to this problem are discussed in this paper and a number of specific implementations are briefly described.

This work was supported in part by the Commission of the European Communities, AIM program, SEISMED (A2033) Project.


Database System Security Policy Integrity Constraint Medical Database Medical Information System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Lunt T., Security in database systems, Computers and security journal, Vol 7,No. 1, 1992.Google Scholar
  2. 2.
    Biskup J., Medical database security, in data protection and confidentiality in health informatics, EEC/DGXII ed.,IOS press, 1991.Google Scholar
  3. 3.
    Landwehr C., ed., Database security II: Status and prospects, North-Holland, 1989.Google Scholar
  4. 4.
    Spooner D., Landwehr C., eds., Database security III, North-Holland, 1990.Google Scholar
  5. 5.
    Proceedings ESORICS (European Symposium on Research in Computer Security), Toulouse, France, 1990.Google Scholar
  6. 6.
    Jajodia S., Landwehr C., eds., Database security IV, North-Holland, 1991.Google Scholar
  7. 7.
    EEC/DGXII, ed., Data protection and confidentiality in health informatics, IOS press, 1991.Google Scholar
  8. 8.
    Biscup J., Analysis of the privacy model for the information system DORIS, in (3).Google Scholar
  9. 9.
    Cannataci A., Data protection issues in database management and expert systems, in (7).Google Scholar
  10. 10.
    Campbell J, A research and development program for trusted distribute DBMSs, in Database security IV, Jaodia (ed), North Holland, 1991.Google Scholar
  11. 11.
    DoD, Department of Defence Trusted computer system evaluation criteria, DoD 5200.28-STD, 1985Google Scholar
  12. 12.
    National Computer Security Centre, Draft trusted DBMS interpretation of the DoD trusted computer system evaluation criteria, USA, 1989Google Scholar
  13. 13.
    National Computer Security Centre, Trusted network interpretation of the trusted computer system evaluation criteria, NCSC-TG-005, USA, 1987.Google Scholar
  14. 14.
    Information Technology Evaluation Criteria (ITSEC), Version 1.2, EEC Document, Brussels, June 1991.Google Scholar
  15. 15.
    Information Technology Security Evaluation Manual (ITSEM), Draft V0. 2, EEC Draft Document, April 1992.Google Scholar
  16. 16.
    Landwehr C. E., Minutes of IFIP-TC11 1986 meeting, Montecarlo, December 1986.Google Scholar
  17. 17.
    Stonabraker M., The design and implementation of INGRES, ACM TODS, Vol. 1, No. 3, 1976.Google Scholar
  18. 18.
    Zloof M., Query by example: a database language, IBM systems Journal, Vol. 16, No. 4, 1977.Google Scholar
  19. 19.
    Astrahan M., System R: Relational approach to database management, ACM TODS, Vol. 1, No. 2, June 1976.Google Scholar
  20. 20.
    McGee W., The information Management System IMSNS. Part V: Transaction processing facilities, IBM systems journal, Vol. 16, No. 2, 1977.Google Scholar
  21. 21.
    Landwehr C., The best available technologies for computer security, IEEE Computer, Vol. 16, No. 7, 1983.Google Scholar
  22. 22.
    ACF2: The access control facility - General information manual, 1983.Google Scholar
  23. 23.
    Secure product description, Bull and Babbage publ., 1979.Google Scholar
  24. 24.
    Duffy K. and Sullivan J., Integrity lock prototype, in the Proceedings 4th IFIP international security conference, Montecarlo, 1986.Google Scholar
  25. 25.
    Cerniglia C. and Millen J., Computer security models, MTR project, Report No. 9531, 1984.Google Scholar
  26. 26.
    Landwehr C., Formal models for computer security, ACM computer surveys,Vol. 13, No. 3, 1981.Google Scholar
  27. 27.
    Griffiths P. and Wade B., An authorisation mechanism for a relational database system, ACM TODS, Vol. 1, No. 3, 1976.Google Scholar
  28. 28.
    Fagin R., On an authorisation mechanism, ACN TODS, Vol. 3, No. 3, 1976.Google Scholar
  29. 29.
    Fugini M., Secure database development methodologies, in (3)Google Scholar
  30. 30.
    Dwyer P., Multilevel security in database management systems, Computers and security, Vol. 6, No. 3, 1987.Google Scholar
  31. 31.
    AU S., Views for multilevel database database security, IEEE Trans. on S/W Eng., Vol. 13, No. 2, 1987.Google Scholar
  32. 32.
    Hartson H., Database security - system architectures, Information systems, Vol. 6, NO. 1, 1981.Google Scholar
  33. 33.
    Leveson J., Safety analysis using Petri nets, IEEE Trans. on S/W Eng., Vol. 13, No. 3, 1987.Google Scholar
  34. 34.
    Bussolati U., A database approach to modelling and managing of security information, Proc. 7th Int. Conf. on VLDB, Cannes, 1981.Google Scholar
  35. 35.
    Bussolati U., Data security management in distributed databases, Information systems, Vol. 7, No. 3, 1982.Google Scholar
  36. 36.
    Date C., An introduction to database systems, Vol. 2, second ed., Addison-Wesley, 1986.Google Scholar
  37. 37.
    Ting T., Application information security semantics: A case of mental health delivery, in (4).Google Scholar
  38. 38.
    Hinke T., DBMS trusted computing base taxonomy, in (4).Google Scholar
  39. 39.
    Graubart R., A comparison of three secure DBMS architectures, in (4).Google Scholar
  40. 40.
    Hosmer H., Designing multilevel secure distributed databases, in (3).Google Scholar
  41. 41.
    Pangalos G., Security in medical database systems, EEC, SEISMED project report, No. 1NT/S. 3 /92, 1992.Google Scholar
  42. 42.
    J.V. Marel, A.B. Bakker, User accessrights in an intergrated hospital information system, IFIP-IMIA, North-Holland, 1988.Google Scholar
  43. 43.
    J. BisKup, A general framework for database security, Proc. EROSICS, Toulouse, France, 1990, pp. 35–41.Google Scholar
  44. 44.
    J. Biskup, Medical database security, Proc. GI-20, Jahrestagung II, Stutgart, October 1990, Springer-Verlag, 1990, pp. 212–221.Google Scholar
  45. 45.
    T.C. Ting, S.A. Demurjian, M.Y. Hu, A specification methodology for user-role based security in an object-oriented design model, Proc. 6th IFIP WG11.3 on database security, 1993.Google Scholar
  46. 46.
    C. Pfleeger, Security in computing, Prentice hall, 1991.Google Scholar
  47. 47.
    S. Katsikas, D. Gritzalis, High level security policies, SEISMED report, June 1993.Google Scholar
  48. 48.
    S. Oliver, S., Building a secure database using self-protecting objects, computer security journal, vol. 11, no. 3, pp. 259–71.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1994

Authors and Affiliations

  • G. Pangalos
    • 1
    • 2
  1. 1.Computer Science and Statistics Dept.University of Rhode IslandKingstonUSA
  2. 2.Computers Div., Faculty of Technology — Gen. deptAristotelian University of ThessalonikiThessalonikiGreece

Personalised recommendations