Design of secure distributed medical database systems

  • Marie Khair
  • Ioannis Mavridis
  • George Pangalos
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1460)


Security is an important issue in health care environments where large amounts of highly sensitive personal data are processed. It is therefore important that both the technical considerations and the security requirements (availability, integrity and confidentiality) are taken into account as main design objectives when designing a distributed medical database system. The aim of this paper has been to describe a step-by-step methodology for the design of a secure distributed medical database system. The methodology is based on the combination of mandatory and discretionary security approaches and uses hierarchies of user roles, data sets and sites in order to decide the secure distribution of the application. An experimental implementation of the proposed methodology in a major Greek hospital has shown the usefulness of the proposals as well as their effectiveness in limiting the unauthorized access to the medical database, without severely restricting the capabilities of the system.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ozsu, T., Valduriez, P.: Principles of distributed database systems. Prentice Hall (1991)Google Scholar
  2. 2.
    Bell, D.: Distributed database systems. Addison Wesley (1993)Google Scholar
  3. 3.
    Ceri, S., Pelagatti, G.: Distributed Databases: Principles and Systems. NY, McGraw-Hill (1985)Google Scholar
  4. 4.
    Castano, S., Fugini, M., Martella, G., Samarati, P.: Database security. Addison Wesley (1994)Google Scholar
  5. 5.
    Pangalos, G., Khair, M.: Design of a secure medical database systems. IFIP/SEC'96, 12th International Information Security Conference (1996)Google Scholar
  6. 6.
    Wolfson, O., Jajodia, S. and Huang Y.: An Adaptive Data Replication Algorithm. ACM Transactions on Database Systems, Vol. 22, No. 2 (June 1997) 255–314CrossRefGoogle Scholar
  7. 7.
    Mavridis, I., Pangalos, G.: Security Issues in a Mobile Computing Paradigm. Communications and Multimedia Security (CMS'97). Vol.3 (1997) 60–76Google Scholar
  8. 8.
    Fugini, M.: Secure database development methodologies, in Database security. Landwehr (ed.) (1988)Google Scholar
  9. 9.
    Pangalos, G., Khair, M., Bozios, L.: An integrated secure design of a medical database system. MEDINFO'95, The 8th world congress on medical informatics, Canada (1995)Google Scholar
  10. 10.
    Ferraiolo, D. and Kuhn R.: Role-based access controls. 15th NIST-NCSC National Computer Security Conference. Baltimore, MD, October 13–16 (1992) 554–563Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Marie Khair
    • 1
  • Ioannis Mavridis
    • 2
  • George Pangalos
    • 2
  1. 1.Dept of Computer Science, Faculty of Natural and Applied SciencesNotre Dame UniversityLouaizeLebanon
  2. 2.Informatics Lab., Computers Div., Faculty of TechnologyAristotle University of ThessalonikiGreece

Personalised recommendations