Database Security, II Status and Prospects : Results of the IFIP WG 11.3 Workshop on Database Security, Kingston, Ontario, Canada, 5-7 October 1988

This second volume reports research and development results in the area of database security. Topics discussed include the development of a proper framework for stating database system security requirements, and particularly how the notion of roles can best be applied. The application of object-oriented database systems to enforce security requirements stated in terms of role authorizations appears to be a promising avenue for further work. Characterization and control of the problems of aggregation and inference have also been the subject of considerable effort and some progress. The utility of establishing a common problem framework for testing proposed solutions to database security problems is also recognized. The group tentatively agreed to use a hypothetical database of medical information for this purpose, since this application can involve complex yet intuitive requirements for secrecy, integrity, and availability. Such a database could require controlling access authorizations for a variety of roles including those of patients, doctors, nurses, pharmacists, epidemiological researchers, and insurers. Contents: Policy and Models. Security Models and Enterprise Models (J.E.