1 / 18

Data and Applications Security Developments and Directions

Data and Applications Security Developments and Directions. Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course August 20, 2010. Objective of the Unit.

Thomas
Télécharger la présentation

Data and Applications Security Developments and Directions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course August 20, 2010

  2. Objective of the Unit • This unit provides an overview of the course. The course describes concepts, developments, challenges, and directions in data and applications security. Topics include • database security, distributed data management security, object security, data warehouse security, data mining for security applications, privacy, secure semantic web, secure digital libraries, secure knowledge management and secure sensor information management, biometrics

  3. Outline of the Unit • Outline of Course • Course Work • Course Rules • Contact • Appendix

  4. Outline of the Course • Unit #1: Introduction to Data and Applications • Part I: Background • Unit #2: Data Management • Unit #3: Information Security • Unit #4: Information Management • Part II: Discretionary Security • Unit #5: Concepts • Unit #6: Policy Enforcement • Part III: Mandatory Security • Unit #7: Concepts • Unit #8: Architectures

  5. Outline of the Course (Continued) • Part IV: Secure Relational Data Management • Unit #9: Data Model • Unit #10: Functions • Unit #11: Prototypes and Products • Part V: Inference Problem • Unit #12: Concepts • Unit #13: Constraint Processing • Unit #14: Conceptual Structures • Part VI: Secure Distributed Data Management • Unit #15: Secure Distributed data management • Unit #16: Secure Heterogeneous Data Integration • Unit #17: Secure Federated Data Management

  6. Outline of the Course (Continued) • Part VII: Secure Object Data Management • Unit #18: Secure Object Management • Unit #19: Secure Distributed Objects and Modeling Applications • Unit #20: Secure Multimedia Systems • Part VIII: Data Warehousing, Data Mining and Security • Unit #21: Secure Data Warehousing • Unit #22: Data Mining for Security Applications • Unit #23: Privacy • Part IX: Secure Information Management • Unit #24: Secure Digital Libraries • Unit #25: Secure Semantic Web (web services, XML security) • Unit #26: Secure Information and Knowledge Management

  7. Outline of the Course (Continued) • Part X: Emerging Technologies • Unit #27: Secure Dependable Data Management • Unit #28: Secure Sensor and Wireless Data Management • Unit #29: Other Emerging Technologies • Unit #30 Conclusion to the Course • Guest Lectures Some guest lectures may be included • Some other topics • Review for finals

  8. Course Work (November 26 is a holiday) • Three term papers; each worth 9 points (October 22, November 5 or 12, November 19) • Two exams each worth 15 points • Exam #1 (October 22), Exam #2 (December 3); Any two hour period between 12:30 and 3:15 • Programming project worth 15 points • Due day; the day of the final exam (December 3) • Four homework assignments each worth 7 points • Due dates: will be announced (September 17, October 8, October 29, November 12) • Total 100 points • Course Book: Database and Applications Security: Integration Data Management and Information Security, Bhavani Thuraisingham, CRC Press, 2005 • Will also include papers as reading material

  9. Some Topics for Papers • XML Security • Inference Problem • Privacy • Secure Biometrics • Intrusion Detection • E-Commerce Security • Secure Sensor Information Management • Secure Distributed Systems • Secure Semantic Web • Secure Data Warehousing • Insider Threat Analysis • Secure Multimedia Systems

  10. Term Papers: Example Format • Abstract • Introduction • Background on the Topic • Survey of various techniques, designs etc, • Analyze the techniques, designs etc. and give your opinions • Directions for further work • Summary and Conclusions • References

  11. Term Papers: Example Format - II • Abstract • Introduction • Background on the Topic and Related Work • Discuss strengths and weaknesses of your work and others’ work • Give your own design • Directions for further work • Summary and Conclusions • References

  12. Project Report Format • Overview of the Project • Design of the System • Input/Output • Future Enhancements • References

  13. Some Project Topics • Quivery Modification on XML Documents • Access control for web systems • Intrusion detection system • Access control for multimedia systems • E.g., access control for image, video • Role-based access control system • Access control for object systems • Secure data warehouse

  14. Course Rules • Course attendance is mandatory; unless permission is obtained from instructor for missing a class with a valid reason (documentation needed for medical emergency for student or a close family member – e.g., spouse, parent, child). Attendance will be collected every lecture. 5 points will be deducted out of 100 for each lecture missed without approval. • Each student will work individually • Late assignments will not be accepted. All assignments have to be turned in just after the lecture on the due date • No make up exams unless student can produce a medical certificate or give evidence of close family emergency • Copying material from other sources will not be permitted unless the source is properly referenced • Any student who plagiarizes from other sources will be reported to the appropriate UTD authroities

  15. Contact • For more information please contact • Dr. Bhavani Thuraisingham • Professor of Computer Science and • Director of Cyber Security Research Center Erik Jonsson School of Engineering and Computer Science EC31, The University of Texas at Dallas Richardson, TX 75080 • Phone: 972-883-4738 • Fax: 972-883-2399 • Email: bhavani.thuraisingham@utdallas.edu • URL:http://www.utdallas.edu/~bxt043000/

  16. Papers to Read for Exam #1 • http://csrc.utdallas.edu/University_of_Bristol_August_5_2010.pdf • Design and Implementation of a Database Inference Controller, Data and Knowledge Engineering Journal, December 1993 (North Holland), Vol. 11, No. 3 (co-authors: W. Ford, M. Collins, J. O'Keeffe); (Article reprinted by the MITRE Journal, 1994). • Security Constraint Processing in a Multilevel Secure Distributed Database Management System, IEEE Transactions on Knowledge and Data Engineering, April 1995 (co-author: W. Ford). • The Use of Conceptual Structures to Handle the Inference Problem, Proceedings of the 5th IFIP WG 11.3 Conference on Database Security, Shepherdstown, VA., November 1991 (Also published by North Holland, 1992)

  17. Papers to Read for Exam #1 • http://csrc.utdallas.edu/University_of_Bristol_August_5_2010.pdf • Design and Implementation of a Query Processor for a Trusted Distributed database management system, Journal of Systems and Software 1993 • Bhavani M. Thuraisingham: Mandatory Security in Object-Oriented Database Systems. OOPSLA 1989: 203-210 (ACM) • Hybrid Model to Detect Malicious Executables, ICC 2007 (Masud, Khan and Thuraisingham)

  18. Paper to Read for Exam #1 • Rakesh Agrawal, Ramakrishnan Srikant: Privacy-Preserving Data Mining. SIGMOD Conference 2000: 439-450 • RBAC: Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, Charles E. Youman: Role-Based Access Control Models. IEEE Computer 29(2): 38-47 (1996) • UCON: Jaehong Park, Ravi S. Sandhu: The UCONABC usage control model. ACM Trans. Inf. Syst. Secur. 7(1): 128-174 (2004) - first 20 pages • DCON: Roshan K. Thomas, Ravi S. Sandhu: Towards a Multi-dimensional Characterization of Dissemination Control. POLICY 2004: 197-200 (IEEE)

More Related