Introduction - The University of Texas at Dallas
Download
Report
Transcript Introduction - The University of Texas at Dallas
Data and Applications Security
Developments and Directions
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
Introduction to the Course
August 20, 2010
Objective of the Unit
This unit provides an overview of the course. The course describes
concepts, developments, challenges, and directions in data and
applications security. Topics include
- database security, distributed data management security, object
security, data warehouse security, data mining for security
applications, privacy, secure semantic web, secure digital
libraries, secure knowledge management and secure sensor
information management, biometrics
Outline of the Unit
Outline of Course
Course Work
Course Rules
Contact
Appendix
Outline of the Course
Unit #1: Introduction to Data and Applications
Part I: Background
- Unit #2: Data Management
- Unit #3: Information Security
- Unit #4: Information Management
Part II: Discretionary Security
- Unit #5: Concepts
- Unit #6: Policy Enforcement
Part III: Mandatory Security
- Unit #7: Concepts
- Unit #8: Architectures
Outline of the Course (Continued)
Part IV: Secure Relational Data Management
- Unit #9: Data Model
- Unit #10: Functions
- Unit #11: Prototypes and Products
Part V: Inference Problem
- Unit #12: Concepts
- Unit #13: Constraint Processing
- Unit #14: Conceptual Structures
Part VI: Secure Distributed Data Management
- Unit #15: Secure Distributed data management
- Unit #16: Secure Heterogeneous Data Integration
- Unit #17: Secure Federated Data Management
Outline of the Course (Continued)
Part VII: Secure Object Data Management
-
Unit #18: Secure Object Management
Unit #19: Secure Distributed Objects and Modeling Applications
Unit #20: Secure Multimedia Systems
Part VIII: Data Warehousing, Data Mining and Security
-
Unit #21: Secure Data Warehousing
Unit #22: Data Mining for Security Applications
Unit #23: Privacy
Part IX: Secure Information Management
-
Unit #24: Secure Digital Libraries
Unit #25: Secure Semantic Web (web services, XML security)
Unit #26: Secure Information and Knowledge Management
Outline of the Course (Continued)
Part X: Emerging Technologies
- Unit #27: Secure Dependable Data Management
- Unit #28: Secure Sensor and Wireless Data Management
- Unit #29: Other Emerging Technologies
Unit #30 Conclusion to the Course
Guest Lectures Some guest lectures may be included
Some other topics
Review for finals
Course Work (November 26 is a holiday)
Three term papers; each worth 9 points (October 22,
November 5 or 12, November 19)
Two exams each worth 15 points
Exam #1 (October 22), Exam #2 (December 3); Any two
hour period between 12:30 and 3:15
Programming project worth 15 points
- Due day; the day of the final exam (December 3)
Four homework assignments each worth 7 points
Due dates: will be announced (September 17, October 8,
October 29, November 12)
Total 100 points
Course Book: Database and Applications Security:
Integration Data Management and Information Security,
Bhavani Thuraisingham, CRC Press, 2005
Will also include papers as reading material
-
-
Some Topics for Papers
XML Security
Inference Problem
Privacy
Secure Biometrics
Intrusion Detection
E-Commerce Security
Secure Sensor Information Management
Secure Distributed Systems
Secure Semantic Web
Secure Data Warehousing
Insider Threat Analysis
Secure Multimedia Systems
Term Papers: Example Format
Abstract
Introduction
Background on the Topic
Survey of various techniques, designs etc,
Analyze the techniques, designs etc. and give your opinions
Directions for further work
Summary and Conclusions
References
Term Papers: Example Format - II
Abstract
Introduction
Background on the Topic and Related Work
Discuss strengths and weaknesses of your work and others’
work
Give your own design
Directions for further work
Summary and Conclusions
References
Project Report Format
Overview of the Project
Design of the System
Input/Output
Future Enhancements
References
Some Project Topics
Quivery Modification on XML Documents
Access control for web systems
Intrusion detection system
Access control for multimedia systems
- E.g., access control for image, video
Role-based access control system
Access control for object systems
Secure data warehouse
Course Rules
Course attendance is mandatory; unless permission is obtained
from instructor for missing a class with a valid reason
(documentation needed for medical emergency for student or a
close family member – e.g., spouse, parent, child). Attendance will
be collected every lecture. 5 points will be deducted out of 100 for
each lecture missed without approval.
Each student will work individually
Late assignments will not be accepted. All assignments have to be
turned in just after the lecture on the due date
No make up exams unless student can produce a medical certificate
or give evidence of close family emergency
Copying material from other sources will not be permitted unless the
source is properly referenced
Any student who plagiarizes from other sources will be reported to
the appropriate UTD authroities
Contact
For more information please contact
- Dr. Bhavani Thuraisingham
- Professor of Computer Science and
- Director of Cyber Security Research Center Erik Jonsson School
of Engineering and Computer Science EC31, The University of
Texas at Dallas Richardson, TX 75080
- Phone: 972-883-4738
- Fax: 972-883-2399
- Email: [email protected]
- URL:http://www.utdallas.edu/~bxt043000/
Papers to Read for Exam #1
http://csrc.utdallas.edu/University_of_Bristol_August_5_2010.
pdf
Design and Implementation of a Database Inference Controller,
Data and Knowledge Engineering Journal, December 1993 (North
Holland), Vol. 11, No. 3 (co-authors: W. Ford, M. Collins, J.
O'Keeffe); (Article reprinted by the MITRE Journal, 1994).
Security Constraint Processing in a Multilevel Secure Distributed
Database Management System, IEEE Transactions on Knowledge
and Data Engineering, April 1995 (co-author: W. Ford).
The Use of Conceptual Structures to Handle the Inference Problem,
Proceedings of the 5th IFIP WG 11.3 Conference on Database Security,
Shepherdstown, VA., November 1991 (Also published by North Holland,
1992)
Papers to Read for Exam #1
http://csrc.utdallas.edu/University_of_Bristol_August_5_2010.
pdf
Design and Implementation of a Query Processor for a
Trusted Distributed database management system, Journal of
Systems and Software 1993
Bhavani M. Thuraisingham: Mandatory Security in ObjectOriented Database Systems. OOPSLA 1989: 203-210 (ACM)
Hybrid Model to Detect Malicious Executables, ICC 2007
(Masud, Khan and Thuraisingham)
Paper to Read for Exam #1
Rakesh Agrawal, Ramakrishnan Srikant: Privacy-Preserving
Data Mining. SIGMOD Conference 2000: 439-450
RBAC: Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein,
Charles E. Youman: Role-Based Access Control Models. IEEE
Computer 29(2): 38-47 (1996)
UCON: Jaehong Park, Ravi S. Sandhu: The UCONABC usage
control model. ACM Trans. Inf. Syst. Secur. 7(1): 128-174
(2004) - first 20 pages
DCON: Roshan K. Thomas, Ravi S. Sandhu: Towards a Multidimensional Characterization of Dissemination Control.
POLICY 2004: 197-200 (IEEE)