80 likes | 259 Views
Data and Applications Security Developments and Directions. Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #1 Introduction to Data and Applications Security August 24, 2009. Outline. Data and Applications Security Developments and Directions Secure Semantic Web
E N D
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #1 Introduction to Data and Applications Security August 24, 2009
Outline • Data and Applications Security • Developments and Directions • Secure Semantic Web • XML Security; Other directions • Some Emerging Secure DAS Technologies • Secure Sensor Information Management; Secure Dependable Information Management • Some Directions for Privacy Research • Data Mining for handling security problems; Privacy vs. National Security; Privacy Constraint Processing; Foundations of the Privacy Problem • What are the Challenges?
Developments in Data and Applications Security: 1975 - Present • Access Control for Systems R and Ingres (mid 1970s) • Multilevel secure database systems (1980 – present) • Relational database systems: research prototypes and products; Distributed database systems: research prototypes and some operational systems; Object data systems; Inference problem and deductive database system; Transactions • Recent developments in Secure Data Management (1996 – Present) • Secure data warehousing, Role-based access control (RBAC); E-commerce; XML security and Secure Semantic Web; Data mining for intrusion detection and national security; Privacy; Dependable data management; Secure knowledge management and collaboration
Developments in Data and Applications Security: Multilevel Secure Databases - I • Air Force Summer Study in 1982 • Early systems based on Integrity Lock approach • Systems in the mid to late 1980s, early 90s • E.g., Seaview by SRI, Lock Data Views by Honeywell, ASD and ASD Views by TRW • Prototypes and commercial products • Trusted Database Interpretation and Evaluation of Commercial Products • Secure Distributed Databases (late 80s to mid 90s) • Architectures; Algorithms and Prototype for distributed query processing; Simulation of distributed transaction management and concurrency control algorithms; Secure federated data management
Developments in Data and Applications Security: Multilevel Secure Databases - II • Inference Problem (mid 80s to mid 90s) • Unsolvability of the inference problem; Security constraint processing during query, update and database design operations; Semantic models and conceptual structures • Secure Object Databases and Systems (late 80s to mid 90s) • Secure object models; Distributed object systems security; Object modeling for designing secure applications; Secure multimedia data management • Secure Transactions (1990s) • Single Level/ Multilevel Transactions; Secure recovery and commit protocols
Some Directions and Challenges for Data and Applications Security - I • Secure semantic web • Security models • Secure Information Integration • How do you securely integrate numerous and heterogeneous data sources on the web and otherwise • Secure Sensor Information Management • Fusing and managing data/information from distributed and autonomous sensors • Secure Dependable Information Management • Integrating Security, Real-time Processing and Fault Tolerance • Data Sharing vs. Privacy • Federated database architectures?
Some Directions and Challenges for Data and Applications Security - II • Data mining and knowledge discovery for intrusion detection • Need realistic models; real-time data mining • Secure knowledge management • Protect the assets and intellectual rights of an organization • Information assurance, Infrastructure protection, Access Control • Insider cyber-threat analysis, Protecting national databases, Role-based access control for emerging applications • Security for emerging applications • Geospatial, Biomedical, E-Commerce, etc. • Other Directions • Trust and Economics, Trust Management/Negotiation, Secure Peer-to-peer computing,
Coalition Data and Policy Sharing Data/Policy for Federation Export Export Data/Policy Data/Policy Export Data/Policy Component Component Data/Policy for Data/Policy for Agency A Agency C Component Data/Policy for Agency B