Database security, III : status and prospects : results of the IFIP WG 11.3 Workshop on Database Security, Monterey, California, U.S.A., 5-7 September 1989

A special case study forms the basis for discussion in this third Database Security volume, a case study dealing with security in a mental health delivery system. The book covers a range of security issues. Particular interest is shown in the formal specification of security policies, as well as object-oriented data models and their advantages and disadvantages from a security point of view. Other issues such as audit, aggregation and inference, security policies and models, and system architectures, are also dealt with.

Case Study - Medical Information Systems. Application Information Security Semantics: A Case of Mental Health Delivery (T.C. Ting). Protection of Privacy and Confidentiality in Medical Information Systems: Problems and Guidelines (J. Biskup). Policy and Models. Conversation Structures as a Means of Specifying Security Policy (J. Dobson). Security Policies for Integrated Project Support Environments (J.A. McDermid, E.S. Hocking). Security Algebras and Formal Models - Using Petri Net Theory (T.Y. Lin, L. Kershberg, R.P. Trueblood). Requirements and Models. DBMS Trusted Computing Base Taxonomy (T.H. Hinke). Comparing DBMS and Operating System Security Requirements - The Need for a Separate DBMS Security Criteria (R. Graubart). Solving Multilevel Database Security Problems: Technology is Not Enough (G.W. Smith). Constructing Containers Using a Multilevel Relational Data Model (C. Meadows). Integration of Security Considerations with DBMS Development. Mandatory Controls for Database Integrity (R. Sandhu). A Layered TCB Implementation versus the Hinke-Schaefer Approach (C. Garvey, T. Hinke, N. Jensen, J. Solomon, A. Wu). A Comparison of Three Secure DBMS Architectures (R. Graubart). An Interim Report on the Development of Secure Database Prototypes at the National Computer Security Center (J.R. Campbell). Security Problems for Extended Database Technologies. Multilevel Security for Object-Oriented Database Systems (T.F. Lunt). Prototyping the SODA Security Model (T.F. Keefe, W.T. Tsai). Using EXESS as a Framework for Secure DBMSS (D.A. Bonyun). Security Policies in Object-Oriented Databases (M.M. Larrondo-Petrie, E. Gudes, H. Song, E.B. Fernandez). Audit. Audit Trail Organization in Relational Databases (S. Jajodia, S.K. Gadia, G. Bhargava, E.H. Sibley). Handling Integrity Lock Violations (H.H. Hosmer). Inference and Aggregation. Multivalued Dependency Inferences in Multilevel Relational Database Systems (T.-A. Su, G. Ozsoyoglu). On the Problem of Security in Data Bases (S. Wiseman). Database Inference Controller (L.J. Buczkowski). The LDV Approach to Database Security (J.T. Haigh, R.C. O'Brien, P. Stachour, D.L. Toups). Assurance. Formal Specification of a Mental Health Delivery System (R.A. Kemmerer). Discussion Summary (edited by R. Sandhu). Report from IFIP Working Group 11.3 Database Management Security (edited by M. Schaefer and B. Hubbard). Research Question List, Answers, and Revision (edited by C. Landwehr).