A Dynamic Query-Rewriting Mechanism for Role-Based Access Control in Databases

Although Role-Based Access Control (RBAC) is a common security model currently, it has not been systematically applied in databases. In this paper, we propose a framework that enforces RBAC based on dynamic query rewriting. This framework grants privileges to data based on an intersection of roles, database structures, content, and privileges. All of this is implemented at the database level, which also offers a centralized location for administering security policies. We have implemented the framework within a healthcare setting

Security Requirements for a Lifelong Electronic Health Record System: An Opinion

This article discusses the authors' views on the security requirements of a central, unique electronic health record. The requirements are based on the well-known principles of confidentiality and integrity and the less discussed principles of control and legal value. The article does not discuss any technical or legal solutions to the requirements proposed herein

Privacy protection in a mobile biomedical information collection service

Masteroppgave i informasjons- og kommunikasjonsteknologi 2006 - Høgskolen i Agder, GrimstadThis report presents a model in a mobile health care environment and uses a combination of existing technologies to build a privacy protection scheme. This work covers security issues in both the wireless and wired network, and proposes solutions to these issues. A framework using PKI to distribute digital certificates combined with strong encryption using the AES algorithm is described. Using this framework in combination with a RBAC model using location control we present some principles that will ensure privacy in a mobile wireless biomedical information collection service