80 likes | 93 Views
Explore the evolution of data security from the 1970s to present, including multilevel secure databases, XML security, privacy research, and more. Learn about emerging technologies and directions in securing data applications.
E N D
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #1 Introduction to Data and Applications Security January 7, 2008
Outline • Data and Applications Security • Developments and Directions • Secure Semantic Web • XML Security; Other directions • Some Emerging Secure DAS Technologies • Secure Sensor Information Management; Secure Dependable Information Management • Some Directions for Privacy Research • Data Mining for handling security problems; Privacy vs. National Security; Privacy Constraint Processing; Foundations of the Privacy Problem • What are the Challenges?
Developments in Data and Applications Security: 1975 - Present • Access Control for Systems R and Ingres (mid 1970s) • Multilevel secure database systems (1980 – present) • Relational database systems: research prototypes and products; Distributed database systems: research prototypes and some operational systems; Object data systems; Inference problem and deductive database system; Transactions • Recent developments in Secure Data Management (1996 – Present) • Secure data warehousing, Role-based access control (RBAC); E-commerce; XML security and Secure Semantic Web; Data mining for intrusion detection and national security; Privacy; Dependable data management; Secure knowledge management and collaboration
Developments in Data and Applications Security: Multilevel Secure Databases - I • Air Force Summer Study in 1982 • Early systems based on Integrity Lock approach • Systems in the mid to late 1980s, early 90s • E.g., Seaview by SRI, Lock Data Views by Honeywell, ASD and ASD Views by TRW • Prototypes and commercial products • Trusted Database Interpretation and Evaluation of Commercial Products • Secure Distributed Databases (late 80s to mid 90s) • Architectures; Algorithms and Prototype for distributed query processing; Simulation of distributed transaction management and concurrency control algorithms; Secure federated data management
Developments in Data and Applications Security: Multilevel Secure Databases - II • Inference Problem (mid 80s to mid 90s) • Unsolvability of the inference problem; Security constraint processing during query, update and database design operations; Semantic models and conceptual structures • Secure Object Databases and Systems (late 80s to mid 90s) • Secure object models; Distributed object systems security; Object modeling for designing secure applications; Secure multimedia data management • Secure Transactions (1990s) • Single Level/ Multilevel Transactions; Secure recovery and commit protocols
Some Directions and Challenges for Data and Applications Security - I • Secure semantic web • Security models • Secure Information Integration • How do you securely integrate numerous and heterogeneous data sources on the web and otherwise • Secure Sensor Information Management • Fusing and managing data/information from distributed and autonomous sensors • Secure Dependable Information Management • Integrating Security, Real-time Processing and Fault Tolerance • Data Sharing vs. Privacy • Federated database architectures?
Some Directions and Challenges for Data and Applications Security - II • Data mining and knowledge discovery for intrusion detection • Need realistic models; real-time data mining • Secure knowledge management • Protect the assets and intellectual rights of an organization • Information assurance, Infrastructure protection, Access Control • Insider cyber-threat analysis, Protecting national databases, Role-based access control for emerging applications • Security for emerging applications • Geospatial, Biomedical, E-Commerce, etc. • Other Directions • Trust and Economics, Trust Management/Negotiation, Secure Peer-to-peer computing,
Coalition Data and Policy Sharing Data/Policy for Federation Export Export Data/Policy Data/Policy Export Data/Policy Component Component Data/Policy for Data/Policy for Agency A Agency C Component Data/Policy for Agency B