230 likes | 388 Views
CSCE 824. Secure and Distributed Database Management Systems. Course Aim. Advanced understanding of DBMS concepts From relation to un- and semi-structured data models New type of applications Security needs. Reference Materials. Required text book:
E N D
CSCE 824 Secure and Distributed Database Management Systems CSCE 824
Course Aim • Advanced understanding of DBMS concepts • From relation to un- and semi-structured data models • New type of applications • Security needs CSCE 824
Reference Materials • Required text book: • T. Ozsu and P. Valduriez, Principles of Distributed Database Systems, Springer; 3rd Edition. edition (March 2, 2011), ISBN-10: 1441988335 • Recommended: • M. Gertz, S. Jajodia, Handbook of database security: applications and trend, Springer 2008 • Castano, Fugini, Martella, Samarati: Database Security, Addison-Wesley, 1995 CSCE 824
Conference Proceedings and Journals • Proceedings of Secure Data Management Workshop, links: 2012 http://www.hitech-projects.com/sdm-workshop/sdm12.html , 2011 http://www.hitech-projects.com/sdm-workshop/sdm11.html • Proceedings of IFIP WG 11.3 Data and Application Security and Privacy, links: 2012 http://conferences.telecom-bretagne.eu/dbsec2012/ , 2011 http://www.egr.vcu.edu/dbsec2011/ • Proceedings of International Conference of Very Large Databases (VLDB), links: 2012 http://www.vldb2012.org/ , 2011 http://www.vldb.org/2011/ CSCE 824
Journals and Books • IEEE Transactions on Knowledge and Data Engineering (TKDE) • ACM Transactions on Information and System Security (TISSEC) • M. Gertz, S. Jajodia, Handbook of database security: applications and trend, Springer 2008 CSCE 824
Challenge • Research project: there will be one individual student research project. Students must present the related work and their results to the class in the last lectures of the semester. • Homework assignments. There will be several homework exercises and reading for the lectures. • Tests: there will be two tests covering the course materials. Both tests are open book, in-class tests. The second test (final exam) is comprehensive. CSCE 824
Grading • Research project: 40%, Test 1 : 20%, Test 2: 25%, Homework assignment: 20% • 90 < A; 87 < B+ <= 90; 80 < B <= 87; 76 < C+ <=80; 65 < C <= 76; 60 < D+ <= 65; 50 <D <= 60 CSCE 824
Topics Covered • Weeks 1-4: Distributed Databases • Weeks 5-7: Non-traditional databases • Weeks 7-11: Database Security • Weeks 12-15: Student Presentations CSCE 824
Students’ Introduction CSCE 824
Database Management System (DBMS) • Collection of • interrelated data and • set of programs to access the data • Convenient and efficient processing of data • Database Application Software CSCE 824
Evolution of Database Systems • Early days: customized applications built on top of file systems • Drawbacks of using file systems to store data: • Data redundancy and inconsistency • Difficulty in accessing data • Atomicity of updates • Concurrency control • Security • Data isolation — multiple files and formats • Integrity problems CSCE 824
Abstraction • View level: different perspectives • Application programs hide irrelevant data • Logical level: data models • Logical representation of data • Different approaches: hierarchical, network, object oriented, semi-structured, etc. • Data independence principle • Physical level: how data is stored CSCE 824
Data Models • A collection of tools for describing • Data • Relationships among data items • Semantics of stored data • Database constraints CSCE 824
Database Management Systems • Smaller and smaller systems • Past: large and expensive DBMS • Present: DBMS in most personal computers • More and more data stored – BIG DATA • Past: few MB • Present: terabyte (1012 bytes), petabyte (1015 bytes) • Functionality: from physical to view level • Optimization CSCE 824
Data Definition Language (DDL) • Defines the database schema and constraints • DDL compiler data dictionary • Metadata – data about data CSCE 824
Data Manipulation Language (DML) • Accessing and manipulating the data • Query Languages • Procedural – user specifies what data is required and how to get those data • Nonprocedural – user specifies what data is required without specifying how to get those data CSCE 824
Current Demands • Efficient data processing of large data sets • Long running transactions • Real-time demand • Usability for specific applications • … CSCE 824
Security Objectives • Confidentiality: prevent/detect/deter improper disclosure of information • Integrity: prevent/detect/deter improper modification of information • Availability: prevent/detect/deter improper denial of access to services CSCE 824
Security Threats • Poor design • Insufficient quality control • Accidents • Attacks CSCE 824
Achieving Security • Policy • What to protect? • Mechanism • How to protect? • Assurance • How good is the protection? CSCE 824
Database Security • Security Policy • Access control models • Inference control • Integrity protection • Privacy problems • Fault tolerance and recovery • Auditing and intrusion detection CSCE 824
Next Class Relational data model CSCE 824