12 research outputs found
A Dynamic Query-Rewriting Mechanism for Role-Based Access Control in Databases
Although Role-Based Access Control (RBAC) is a common security model currently, it has not been systematically applied in databases. In this paper, we propose a framework that enforces RBAC based on dynamic query rewriting. This framework grants privileges to data based on an intersection of roles, database structures, content, and privileges. All of this is implemented at the database level, which also offers a centralized location for administering security policies. We have implemented the framework within a healthcare setting
Security Requirements for a Lifelong Electronic Health Record System: An Opinion
This article discusses the authors' views on the security requirements of a central, unique electronic health record. The requirements are based on the well-known principles of confidentiality and integrity and the less discussed principles of control and legal value. The article does not discuss any technical or legal solutions to the requirements proposed herein
Privacy protection in a mobile biomedical information collection service
Masteroppgave i informasjons- og kommunikasjonsteknologi 2006 - Høgskolen i Agder, GrimstadThis report presents a model in a mobile health care environment and uses a combination of existing technologies to build a privacy protection scheme. This work covers security issues in both the wireless and wired network, and proposes solutions to these issues. A framework using PKI to distribute digital certificates combined with strong encryption using the AES algorithm is described. Using this framework in combination with a RBAC model using location control we present some principles that will ensure privacy in a mobile wireless biomedical information collection service