1 / 26

Data and Applications Security Developments and Directions

Data and Applications Security Developments and Directions. Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #25 Secure Knowledge Management: and Web Security April 20, 2009. Outline of the Unit. Background on Knowledge Management Secure Knowledge Management

oshin
Télécharger la présentation

Data and Applications Security Developments and Directions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #25 Secure Knowledge Management: and Web Security April 20, 2009

  2. Outline of the Unit • Background on Knowledge Management • Secure Knowledge Management • Confidentiality, Privacy and Trust • Integrated System • Secure Knowledge Management Technologies • Web Security • Digital Libraries • Directions

  3. References • Proceedings Secure Knowledge Management Workshop • Secure Knowledge Management Workshop, Buffalo, NY, September 2004 • http://www.cse.buffalo.edu/caeiae/skm2004/ • Secure Knowledge Management • Bertino, Khan, Sandhu and Thuraisingham • IEEE Transactions on Systems man and Cybernetics • This lecture is based on the above paper

  4. What is Knowledge Management • Knowledge management, or KM, is the process through which organizations generate value from their intellectual property and knowledge-based assets • KM involves the creation, dissemination, and utilization of knowledge • Reference: http://www.commerce-database.com/knowledge-management.htm?source=google

  5. Knowledge Management Components Knowledge Components of Management: Components, Cycle and Technologies Cycle: Technologies: Components: Knowledge, Creation Expert systems Strategies Sharing, Measurement Collaboration Processes And Improvement Training Metrics Web

  6. Organizational Learning Process Diffusion - Tacit, Explicit Integration Modification Identification Creation Metrics Action Incentives Source: Reinhardt and Pawlowsky

  7. Aspects of Secure Knowledge Management (SKM) • Protecting the intellectual property of an organization • Access control including role-based access control • Security for process/activity management and workflow • Users must have certain credentials to carry out an activity • Composing multiple security policies across organizations • Security for knowledge management strategies and processes • Risk management and economic tradeoffs • Digital rights management and trust negotiation

  8. SKM: Strategies, Processes, Metrics, Techniques • Security Strategies: • Policies and procedures for sharing data • Protecting intellectual property • Should be tightly integrated with business strategy • Security processes • Secure workflow • Processes for contracting, purchasing, order management, etc. • Metrics • What is impact of security on number of documents published and other metrics gathered • Techniques • Access control, Trust management

  9. SKM: Strategies, Processes, Metrics, Techniques

  10. Security Impact on Organizational Learning Process Diffusion - Tacit, Explicit Integration Modification Identification Creation Metrics Action Incentives What are the restrictions On knowledge sharing By incorporating security

  11. Security Policy Issues for Knowledge Management • Defining Policies during Knowledge Creation • Representing policies during knowledge management • Enforcing policies during knowledge manipulation and dissemination

  12. Secure Knowledge Management Architecture

  13. SKM for Coalitions • Organizations for federations and coalitions work together to solve a problem • Universities, Commercial corporation, Government agencies • Challenges is to share data/information and at the same time ensure security and autonomy for the individual organizations • How can knowledge be shared across coalitions?

  14. SKM Coalition Architecture Knowledge for Coalition Export Export Knowledge Knowledge Export Knowledge Component Component Knowledge for Knowledge for Agency A Agency C Component Knowledge for Agency B

  15. SKM Technologies • Data Mining • Mining the information and determine resources without violating security • Secure Semantic Web • Secure knowledge sharing • Secure Annotation Management • Managing annotations about expertise and resources • Secure content management • Markup technologies and related aspects for managing content • Secure multimedia information management

  16. Directions for SKM • We have identified high level aspects of SKM • Strategies, Processes. Metrics, techniques, Technologies, Architecture • Need to investigate security issues • RBAC, UCON, Trust etc. • CS departments should collaborate with business schools on KM and SKM

  17. Web Security • End-to-end security • Need to secure the clients, servers, networks, operating systems, transactions, data, and programming languages • The various systems when put together have to be secure • Composable properties for security • Access control rules, enforce security policies, auditing, intrusion detection • Verification and validation • Security solutions proposed by W3C and OMG • Java Security • Firewalls • Digital signatures and Message Digests, Cryptography

  18. Attacks to Web Security

  19. Secure Web Components

  20. E-Commerce Transactions • E-commerce functions are carried out as transactions • Banking and trading on the internet • Each data transaction could contain many tasks • Database transactions may be built on top of the data transaction service • Database transactions are needed for multiuser access to web databases • Need to enforce concurrency control and recovery techniques

  21. Types of Transaction Systems • Stored Account Payment • e.g., Credit and debit card transactions • Electronic payment systems • Examples: First Virtual, CyberCash, Secure Electronic Transaction • Stored Value Payment • Uses bearer certificates • Modeled after hard cash • Goal is to replace hard cash with e-cash • Examples: E-cash, Cybercoin, Smart cards

  22. Building Database Transactions Database Transaction Protocol Payments Protocol HTTP Protocol Socket Protocol TCP/IP Protocol

  23. Secure Digital Libraries • Digital libraries are e-libraries • Several communities have developed digital libraries • Medical, Social, Library of Congress • Components technologies • Web data management, Multimedia, information retrieval, indexing, browsing, -- - - • Security has to be incorporated into all aspects • Secure models for digital libraries, secure functions

  24. Secure Digital Libraries

  25. Secure Web Databases • Database access through the web • JDBC and related technologies • Query, indexing and transaction management • E.g., New transaction models for E-commerce applications • Index strategies for unstructured data • Query languages and data models • XML has become the standard document interchange language • Managing XML databases on the web • XML-QL, Extensions to XML, Query and Indexing strategies • Integrating heterogeneous data sources on the web • Information integration and ontologies are key aspects • Mining the data on the web • Web content, usage, structure and content mining

  26. Directions for Web Security • End-to-end security • Secure networks, clients, servers, middleware • Secure Web databases, agents, information retrieval systems, browsers, search engines, - - - • As technologies evolve, more security problems • Data mining, intrusion detection, encryption are some of the technologies for security • Next steps • Secure semantic web, Secure knowledge management • Building trusted applications from untrusted components

More Related