1 / 34

Data and Applications Security Developments and Directions

Data and Applications Security Developments and Directions. Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course August 29, 2014. Objective of the Unit.

rcisneros
Download Presentation

Data and Applications Security Developments and Directions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course August 29, 2014

  2. Objective of the Unit • This unit provides an overview of the course. The course describes concepts, developments, challenges, and directions in data and applications security. Topics include • database security, distributed data management security, object security, data warehouse security, data mining for security applications, privacy, secure semantic web, secure digital libraries, secure knowledge management and secure sensor information management, biometrics

  3. Outline of the Unit • Outline of Course • Course Work • Course Rules • Contact • Appendix

  4. Outline of the Course • Unit #1: Introduction to Data and Applications • Part I: Background • Unit #2: Data Management • Unit #3: Information Security • Unit #4: Information Management including Semantic Web • Part II: Discretionary Security • Unit #5: Concepts • Unit #6: Policy Enforcement • Part III: Mandatory Security • Unit #7: Concepts • Unit #8: Architectures

  5. Outline of the Course (Continued) • Part IV: Secure Relational Data Management • Unit #9: Data Model • Unit #10: Functions • Unit #11: Prototypes and Products • Part V: Inference Problem • Unit #12: Concepts • Unit #13: Constraint Processing • Unit #14: Conceptual Structures • Part VI: Secure Distributed Data Management • Unit #15: Secure Distributed data management • Unit #16: Secure Heterogeneous Data Integration • Unit #17: Secure Federated Data Management

  6. Outline of the Course (Continued) • Part VII: Secure Object Data Management • Unit #18: Secure Object Management • Unit #19: Secure Distributed Objects and Modeling Applications • Unit #20: Secure Multimedia Systems • Part VIII: Data Warehousing, Data Mining and Security • Unit #21: Secure Data Warehousing • Unit #22: Data Mining for Security Applications • Unit #23: Privacy • Additional Lectures: • Insider Threat Detection • Reactively Adaptive Malware

  7. Outline of the Course (Continued) • Part IX: Secure Information Management • Unit #24: Secure Digital Libraries • Unit #25: Secure Semantic Web (web services, XML security) • Unit #26: Secure Information and Knowledge Management • Additional Topics • Secure Web Services and identity management • Social Network Security and Privacy • Secure cloud computing and secure cloud query processing • Part X: Dependable data management and forensics • Unit #27: Secure Dependable Data Management • Unit #28: Secure Sensor and Wireless Data Management • Unit #29: Other Technologies, e.g., digital forensics, biometrics, etc.

  8. Outline of the Course (Continued) • Part XI: Emerging Technologies • Papers from ACM CODASPY 2011, 2012, 2013, 2014 on Data and Applications Security and Privacy • Unit #30 Conclusion to the Course

  9. Topics Covered • August 29, Introduction, Security nodules • September 5: Access control, Malware • September 12 – Dr. Lin Lecture, Multilevel database management • Sept 19 – Inference problem + continuation of Sept 12 lecture • Sept 26 – Secure Dist Data Mgmt, Secure objects • October 3, October 3: Data Warehousing, Data Mining, Security, Privacy • October 10: Secure web services, XML security • October 24 – Secure semantic web, Secure web/knowledge mgmt • October 31 – Secure cloud, Secure social media • November 7 - Digital forensics, Biometrics, + misc other topics • November 14 – paper presentation • November 21 – paper presentation

  10. Course Work • Two term papers; each worth 8 points • Two exams each worth 20 points • Programming project worth 15 points • Four homework assignments each worth 6 points • Paper presentation: 5 points • Total 100 points • Course Reference Book: Database and Applications Security: Integration Data Management and Information Security, Bhavani Thuraisingham, CRC Press, 2005 • Will also include papers as reading material

  11. Tentative Schedule • Assignment #1: Due September 26, 2014 (posted lecture 7) • Assignment #2: Due October 3, 2014 (lecture 11) – new due date 10/10/14 • Term paper #1: October 10. 2014 – new due date – 10/13/14 • Exam #1: October 17, 2014 • Assignment #3: October 31, 2014 • Assignment #4: November 7, 2014 • Term paper #2: November 14, 2014 • Programming project: November 21, 2014 • Exam #2: December 5, 2014

  12. Assignment #1, 2, 3, 4 Assignment #1: Posted in Lecture 8 Assignment #2 Posted in Lecture 11 Assignment #3: Posted in Lecture 16 Assignment #4: Posted in Lecture 26

  13. Some Topics for Papers: Any topic in data and applications security • XML Security • Inference Problem • Privacy • Secure Biometrics (after exam #1) • Intrusion Detection • E-Commerce Security (will be discussed after exam #1) • Secure Sensor Information Management (after exam #1) • Secure Distributed Systems • Secure Semantic Web (after exam #1) • Secure Data Warehousing • Insider Threat Analysis • Secure Multimedia/geospatial Systems • Malware detection • Policies and access control • Designs of multilevel secure databases

  14. Term Papers: Example Format • Abstract • Introduction • Background on the Topic • Survey of various techniques, designs etc, (e.g., access control policies, inference control methods) • Analyze the techniques, designs etc. and give your opinions • Directions for further work • Summary and Conclusions • References

  15. Term Papers: Example Format - II • Abstract • Introduction • Background on the Topic and Related Work • Discuss strengths and weaknesses of others’ work • Give your own design and say why it is better • Directions for further work • Summary and Conclusions • References

  16. Project Report Format • Overview of the Project • Design of the System • Input/Output • Future Enhancements • References

  17. Some Project Topics • Query Modification on XML Documents • Access control for web systems • Intrusion detection system • Access control for multimedia systems • E.g., access control for image, video • Role-based access control system • Access control for object systems • Secure data warehouse

  18. Course Rules • Course attendance is mandatory; unless permission is obtained from instructor for missing a class with a valid reason (documentation needed for medical emergency for student or a close family member – e.g., spouse, parent, child). Attendance will be collected every lecture. 3 points will be deducted out of 100 for each lecture missed without approval. • Each student will work individually • Late assignments will not be accepted. All assignments have to be turned in just after the lecture on the due date • No make up exams unless student can produce a medical certificate or give evidence of close family emergency • Copying material from other sources will not be permitted unless the source is properly referenced • Any student who plagiarizes from other sources will be reported to the appropriate UTD authroities

  19. Index to Lectures for Exam #1 Introduction to course Lecture 1: Introduction to data and applications security Lecture 2: Cyber security modules (extra credit) Lecture 3: Information Management (not included in exam) Lecture 4: Access control Lecture 5: Dr. Lin’s guest lecture (not included in the exam) Lecture 6: Multilevel secure data management Lecture 7: Assignment #1 Lecture 8: Inference problem – 1 Lecture 9: Inference problem – 2 Lecture 10: Assignment 3 Lecture 11: Secure Distributed Data Management

  20. Index to Lectures for Exam #1 Lecture 12: Secure Object Systems Lecture 13: Data Warehousing, Data Mining Security Lecture 14: Privacy Lecture 15: Data Mining for Malware Detection Lecture 16: Assignment #3 Lecture 17: Malware (guest lecture) Lecture 18: Insider Threat Detection

  21. Papers to Read for Exam #1 • RBAC: Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, Charles E. Youman: Role-Based Access Control Models. IEEE Computer 29(2): 38-47 (1996) • UCON: Jaehong Park, Ravi S. Sandhu: The UCONABC usage control model. ACM Trans. Inf. Syst. Secur. 7(1): 128-174 (2004) - first 20 pages • DCON: Roshan K. Thomas, Ravi S. Sandhu: Towards a Multi-dimensional Characterization of Dissemination Control. POLICY 2004: 197-200 (IEEE) • Bhavani M. Thuraisingham: Mandatory Security in Object-Oriented Database Systems. OOPSLA 1989: 203-210 • Bhavani M. Thuraisingham, William Ford: Security Constraints in a Multilevel Secure Distributed Database Management System. IEEE Trans. Knowl. Data Eng. 7(2): 274-293 (1995) (distributed inference control)

  22. Papers to Read for Exam #1 • RakeshAgrawal, RamakrishnanSrikant: Privacy-Preserving Data Mining. SIGMOD Conference 2000: 439-450 • Elisa Bertino, Bhavani M. Thuraisingham, Michael Gertz, Maria Luisa Damiani: Security and privacy for geospatial data: concepts and research directions. SPRINGL 2008: 6-19 • Bhavani M. Thuraisingham: Data Mining, National Security, Privacy and Civil Liberties. SIGKDD Explorations 4(2): 1-5 (2002) • Mohammad M. Masud, Latifur Khan, Bhavani M. Thuraisingham: A Hybrid Model to Detect Malicious Executables. ICC 2007: 1443-1448 • Pallabi Parveen, Nate McDaniel, Varun S. Hariharan, Bhavani M. Thuraisingham, Latifur Khan: Unsupervised Ensemble Based Learning for Insider Threat Detection  SocialCom/PASSAT 2012: 718-727

  23. Suggested papers for Malware detection (NOT Mandatory for Exam) • Mohammad M. Masud, Latifur Khan, Bhavani M. Thuraisingham: E-Mail Worm Detection Using Data Mining. IJISP 1(4): 47-61 (2007) • Mohammad M. Masud, Latifur Khan, Bhavani M. Thuraisingham, Xinran Wang, Peng Liu, Sencun Zhu: Detecting Remote Exploits Using Data Mining. IFIP Int. Conf. Digital Forensics 2008: 177-189 • Latifur Khan, Mamoun Awad, Bhavani M. Thuraisingham: A new intrusion detection system using support vector machines and hierarchical clustering. VLDB J. 16(4): 507-521 (2007)

  24. Index to Lectures for Exam #2 Lecture 19: XML Security Lecture 20: Assured Information Sharing in the Cloud Lecture 21: Guest Lecture (cloud query processing) Lecture 22: Secure Cloud Computing Lecture 23: Secure SOA Lecture 24: Guest Lecture (Intro to semantic web) Lecture 25: Trustworthy semantic web Lecture 26: Assignment #4 Lecture 27: Secure knowledge mgmt and web security Lecture 28: Guest Lecture: Semantic Web and Social Net Lecture 29: Security/Privacy for social net.

  25. Index to Lectures for Exam #2 Lecture 30: Secure Dependable Data Mgmt Lecture 31: Attacks to databases Lecture 32: Digital Forensics and Biometrics Lecture 33: Database Forensics

  26. Papers to Read for Presentations: CODASPY 2011 Lei Jin, Hassan Takabi, James B. D. Joshi: Towards active detection of identity clone attacks on online social networks. 27-38 Tyrone Cadenhead, Vaibhav Khadilkar, Murat Kantarcioglu, Bhavani M. Thuraisingham: A language for provenance access control. 133-144 Philip W. L. Fong: Relationship-based access control: protection model and policy language. 191-202 Mohammad Jafari, Philip W. L. Fong, Reihaneh Safavi-Naini, Ken Barker, Nicholas Paul Sheppard: Towards defining semantic foundations for purpose-based privacy policies. 213-224 Igor Bilogrevic, MurtuzaJadliwala, Jean-Pierre Hubaux, ImadAad, ValtteriNiemi: Privacy-preserving activity scheduling on mobile devices. 261-272 Barbara Carminati, Elena Ferrari, SandroMorasca, DavideTaibi: A probability-based approach to modeling the risk of unauthorized propagation of information in on-line social networks. 51-62

  27. Papers to Read for Presentations: CODASPY 2012 • Yuhao Yang, Jonathan Lutes, Fengjun Li, Bo Luo, Peng Liu: Stalking online: on user privacy in social networks. 37-48 • Suhendry Effendy, Roland H. C. Yap, Felix Halim: Revisiting link privacy in social networks. 61-70 • Ninghui Li, Haining Chen, Elisa Bertino: On practical specification and enforcement of obligations. 71-82 • Ian Molloy, Luke Dickens, Charles Morisset, Pau-Chen Cheng, Jorge Lobo, Alessandra Russo: Risk-based security decisions under uncertainty. 157-168 • Musheer Ahmed, Mustaque Ahamad: Protecting health information on mobile devices. 229-240

  28. Papers to Read for Presentations: CODASPY 2013 • Daniel Le Métayer: Privacy by design: a formal framework for the analysis of architectural choices. 95-104 • Sanae Rosen, Zhiyun Qian, Zhuoqing Morley Mao: AppProfiler: a flexible method of exposing privacy-related behavior in android applications to end users. 221-232 • Rimma V. Nehme, Hyo-Sang Lim, Elisa Bertino: FENCE: continuous access control enforcement in dynamic data stream environments. 243-254 • Wei Wei, Ting Yu, Rui Xue: iBigTable: practical data integrity for bigtable in public cloud. 341-352 • Majid Arianezhad, L. Jean Camp, Timothy Kelley, Douglas Stebila: Comparative eye tracking of experts and novices in web single sign-on. 105-116

  29. Papers to Read for Presentations: CODASPY 2014 • William C. Garrison III, Yechen Qiao, Adam J. Lee: On the suitability of dissemination-centric access control systems for group-centric sharing. 1-12 • Ebrahim Tarameshloo, Philip W. L. Fong, Payman Mohassel: On protection in federated social computing systems. 75-86 • Michael Mitchell, Guanyu Tian, Zhi Wang: Systematic audit of third-party android phones. 175-186 • Tien Tuan Anh Dinh, Anwitaman Datta: Streamforce: outsourcing access control enforcement for stream data to the clouds. 13-24 • Mohammad Saiful Islam, Mehmet Kuzu, Murat Kantarcioglu: Inference attack against encrypted range queries on outsourced databases. 235-246

  30. Papers to Read for Exam #2: From Presentations Lei Jin, Hassan Takabi, James B. D. Joshi: Towards active detection of identity clone attacks on online social networks. 27-38 Tyrone Cadenhead, Vaibhav Khadilkar, Murat Kantarcioglu, Bhavani M. Thuraisingham: A language for provenance access control. 133-144 Musheer Ahmed, MustaqueAhamad: Protecting health information on mobile devices. 229-240 Yuhao Yang, Jonathan Lutes, Fengjun Li, Bo Luo, Peng Liu: Stalking online: on user privacy in social networks. 37-48 SuhendryEffendy, Roland H. C. Yap, Felix Halim: Revisiting link privacy in social networks. 61-70 Ian Molloy, Luke Dickens, Charles Morisset, Pau-Chen Cheng, Jorge Lobo, Alessandra Russo: Risk-based security decisions under uncertainty. 157-168

  31. Papers to Read for Exam #2: From Presentations • Daniel Le Métayer: Privacy by design: a formal framework for the analysis of architectural choices. 95-104 • Sanae Rosen, Zhiyun Qian, Zhuoqing Morley Mao: AppProfiler: a flexible method of exposing privacy-related behavior in android applications to end users. 221-232 • Wei Wei, Ting Yu, Rui Xue: iBigTable: practical data integrity for bigtable in public cloud. 341-352 • Ebrahim Tarameshloo, Philip W. L. Fong, Payman Mohassel: On protection in federated social computing systems. 75-86 • Michael Mitchell, Guanyu Tian, Zhi Wang: Systematic audit of third-party android phones. 175-186 • Mohammad Saiful Islam, Mehmet Kuzu, Murat Kantarcioglu: Inference attack against encrypted range queries on outsourced databases. 235-246

  32. Papers to Read for Exam #2: From Lectures • Elisa Bertino, Barbara Carminati, Elena Ferrari, Bhavani M. Thuraisingham, Amar Gupta: Selective and Authentic Third-Party Distribution of XML Documents. IEEE Trans. Knowl. Data Eng. 16(10): 1263-1278 (2004) (first 6 sections, proofs not needed for exam) • Barbara Carminati, Elena Ferrari, Raymond Heatherly, Murat Kantarcioglu, Bhavani M. Thuraisingham: A semantic web based framework for social network access control. SACMAT 2009: 177-186 • Jack Lindamood, Raymond Heatherly, Murat Kantarcioglu, Bhavani M. Thuraisingham: Inferring private information using social network data. WWW 2009: 1145-1146 • Tyrone Cadenhead, Vaibhav Khadilkar, Murat Kantarcioglu, Bhavani M. Thuraisingham: A cloud-based RDF policy engine for assured information sharing. SACMAT 2012: 113-116

  33. Contacts: Instructor • Dr. Bhavani Thuraisingham • Louis Beecherl Distinguished Professor of Computer Science • Executive Director of the Cyber Security Research and Education Institute • Erik Jonsson School of Engineering and Computer Science • The University of Texas at Dallas Richardson, TX 75080 • Phone: 972-883-4738 • Fax: 972-883-2399 • Email: bhavani.thuraisingham@utdallas.edu • URL:http://www.utdallas.edu/~bxt043000/

  34. Contacts: Teaching Assistant • Mohammed Iftekhar • mxi110930@utdallas.eduTeaching AssistantComputer SciencePhD, Computer ScienceErik Jonsson Sch of Engr & Com

More Related