Access Control in Federated Databases: How Legal Issues Shape Security
نویسندگان
چکیده
Notice: Changes introduced as a result of publishing processes such as copy-editing and formatting may not be reflected in this document. For a definitive version of this work, please refer to the published source: Abstract. This paper will examine how legal considerations arising from the aggregation of data impact upon technical access control mechanisms. Research findings are based on a multidisciplinary investigation of security issues regarding the aggregation of data in a governmental federated database system. The researchers conclude that the development of a federated architecture must consider technical security concerns within the context of legal risk management issues. As such, a holistic approach to the investigation of information security is required that incorporates the disciplines of information technology and law.
منابع مشابه
Security Enforcement in the DOK Federated Database System
The Distributed Object Kernel (DOK) is a federated database system currently under development at the Royal Melbourne Institute of Technology. One of the issues currently under study is the development of a federated access control, as well a secure logical architecture allowing the DOK system to enforce federated security policies in the context of autonomous, distributed and heterogeneous dat...
متن کاملThe security API of IRO-DB
This paper describes the application programming interface (API) providing authorization and access control in IRO-DB. IRO-DB is an ODMB compliant federated database system supporting interoperable access between relational and object-oriented databases. The developed security API implements a federated, administrative, discretionary access control policy which is role-based but additionally su...
متن کاملProviding Dynamic Security Control in a Federated Database
When data is being used in a federated database, the aim is to give a loose coupling of the data in the component databases so that a very dynamic and therefore flexible pattern of data sharing can be established. When security integration is performed this flexibility is curtailed by the resultant security level established at integration time which by default is the least upper bound between ...
متن کاملAccess Control Requirements for Processing Electronic Health Records
There is currently a strong focus worldwide on the potential of large-scale Electronic Health Record systems to cut costs and improve patient outcomes through increased efficiency. A number of countries are developing nationwide EHR systems to aggregate services currently provided by isolated Electronic Medical Record databases. However, such aggregation introduces new risks for patient privacy...
متن کاملSecurity issues for federated database systems
This paper describes security issues for federated database management systems set up for managing distributed, heterogeneous and autonomous multilevel databases. It builds on our previous work in multilevel secure distributed database management systems and on the results of others’ work in federated database systems. In particular, we define a multilevel secure federated database system and d...
متن کامل