Security, Functionality and Scale?

Ross Anderson

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract / Description of output

Since 2002 the UK has been attempting to build a system of federated databases containing all the nation's medical records. This project has encountered numerous problems and some feel that it is becoming the world's largest ever software disaster. One aspect of the problem is security. This means different things to different stakeholders: the government and its contractors boast about their ability to keep out `hackers', while medics and patients' groups worry that making records available to large numbers of authorised insiders will lead to abuses that will fatally undermine privacy. A security policy that I developed for the BMA and that I discussed at DBSEC in 2002 was not used; instead the developers went for a combination of role-based access control plus a `legitimate relationship'. This has been found insufficient and `sealed envelopes' are planned as well. Medical databases are the first application involving very sensitive personal data being kept in large-scale systems which their operators hope will develop rich functionality over time. This combination of a stringent security requirement, complex functionality and great scale poses the most serious problems yet known to the security architect. I will discuss the options and ask whether it is in fact the case that you can have any two of these attributes - security, functionality and scale - but not all three.
Original languageEnglish
Title of host publicationData and Applications Security XXII
Subtitle of host publication22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security London, UK, July 13-16, 2008 Proceedings
EditorsVijay Atluri
Place of PublicationBerlin, Heidelberg
PublisherSpringer
Pages64-64
Number of pages1
ISBN (Electronic)978-3-540-70567-3
ISBN (Print)978-3-540-70566-6
DOIs
Publication statusPublished - 1 Jul 2008
Event22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security - London, United Kingdom
Duration: 13 Jul 200816 Jul 2008

Publication series

NameLecture Notes in Computer Science
PublisherSpringer, Berlin, Heidelberg
Volume5094
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security
Country/TerritoryUnited Kingdom
CityLondon
Period13/07/0816/07/08

Fingerprint

Dive into the research topics of 'Security, Functionality and Scale?'. Together they form a unique fingerprint.

Cite this