Design of secure distributed medical database systems
Security is an important issue in health care environments where large amounts of highly sensitive personal data are processed. It is therefore important that both the technical considerations and the security requirements (availability, integrity and confidentiality) are taken into account as main design objectives when designing a distributed medical database system. The aim of this paper has been to describe a step-by-step methodology for the design of a secure distributed medical database system. The methodology is based on the combination of mandatory and discretionary security approaches and uses hierarchies of user roles, data sets and sites in order to decide the secure distribution of the application. An experimental implementation of the proposed methodology in a major Greek hospital has shown the usefulness of the proposals as well as their effectiveness in limiting the unauthorized access to the medical database, without severely restricting the capabilities of the system.
Unable to display preview. Download preview PDF.
- 1.Ozsu, T., Valduriez, P.: Principles of distributed database systems. Prentice Hall (1991)Google Scholar
- 2.Bell, D.: Distributed database systems. Addison Wesley (1993)Google Scholar
- 3.Ceri, S., Pelagatti, G.: Distributed Databases: Principles and Systems. NY, McGraw-Hill (1985)Google Scholar
- 4.Castano, S., Fugini, M., Martella, G., Samarati, P.: Database security. Addison Wesley (1994)Google Scholar
- 5.Pangalos, G., Khair, M.: Design of a secure medical database systems. IFIP/SEC'96, 12th International Information Security Conference (1996)Google Scholar
- 7.Mavridis, I., Pangalos, G.: Security Issues in a Mobile Computing Paradigm. Communications and Multimedia Security (CMS'97). Vol.3 (1997) 60–76Google Scholar
- 8.Fugini, M.: Secure database development methodologies, in Database security. Landwehr (ed.) (1988)Google Scholar
- 9.Pangalos, G., Khair, M., Bozios, L.: An integrated secure design of a medical database system. MEDINFO'95, The 8th world congress on medical informatics, Canada (1995)Google Scholar
- 10.Ferraiolo, D. and Kuhn R.: Role-based access controls. 15th NIST-NCSC National Computer Security Conference. Baltimore, MD, October 13–16 (1992) 554–563Google Scholar