Abstract
Security is an important issue in health care environments where large amounts of highly sensitive personal data are processed. It is therefore important that both the technical considerations and the security requirements (availability, integrity and confidentiality) are taken into account as main design objectives when designing a distributed medical database system. The aim of this paper has been to describe a step-by-step methodology for the design of a secure distributed medical database system. The methodology is based on the combination of mandatory and discretionary security approaches and uses hierarchies of user roles, data sets and sites in order to decide the secure distribution of the application. An experimental implementation of the proposed methodology in a major Greek hospital has shown the usefulness of the proposals as well as their effectiveness in limiting the unauthorized access to the medical database, without severely restricting the capabilities of the system.
Preview
Unable to display preview. Download preview PDF.
References
Ozsu, T., Valduriez, P.: Principles of distributed database systems. Prentice Hall (1991)
Bell, D.: Distributed database systems. Addison Wesley (1993)
Ceri, S., Pelagatti, G.: Distributed Databases: Principles and Systems. NY, McGraw-Hill (1985)
Castano, S., Fugini, M., Martella, G., Samarati, P.: Database security. Addison Wesley (1994)
Pangalos, G., Khair, M.: Design of a secure medical database systems. IFIP/SEC'96, 12th International Information Security Conference (1996)
Wolfson, O., Jajodia, S. and Huang Y.: An Adaptive Data Replication Algorithm. ACM Transactions on Database Systems, Vol. 22, No. 2 (June 1997) 255–314
Mavridis, I., Pangalos, G.: Security Issues in a Mobile Computing Paradigm. Communications and Multimedia Security (CMS'97). Vol.3 (1997) 60–76
Fugini, M.: Secure database development methodologies, in Database security. Landwehr (ed.) (1988)
Pangalos, G., Khair, M., Bozios, L.: An integrated secure design of a medical database system. MEDINFO'95, The 8th world congress on medical informatics, Canada (1995)
Ferraiolo, D. and Kuhn R.: Role-based access controls. 15th NIST-NCSC National Computer Security Conference. Baltimore, MD, October 13–16 (1992) 554–563
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Khair, M., Mavridis, I., Pangalos, G. (1998). Design of secure distributed medical database systems. In: Quirchmayr, G., Schweighofer, E., Bench-Capon, T.J. (eds) Database and Expert Systems Applications. DEXA 1998. Lecture Notes in Computer Science, vol 1460. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0054507
Download citation
DOI: https://doi.org/10.1007/BFb0054507
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-64950-2
Online ISBN: 978-3-540-68060-4
eBook Packages: Springer Book Archive