260 likes | 777 Views
Data and Applications Security Developments and Directions. Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #25 Secure Knowledge Management: and Web Security April 20, 2009. Outline of the Unit. Background on Knowledge Management Secure Knowledge Management
E N D
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #25 Secure Knowledge Management: and Web Security April 20, 2009
Outline of the Unit • Background on Knowledge Management • Secure Knowledge Management • Confidentiality, Privacy and Trust • Integrated System • Secure Knowledge Management Technologies • Web Security • Digital Libraries • Directions
References • Proceedings Secure Knowledge Management Workshop • Secure Knowledge Management Workshop, Buffalo, NY, September 2004 • http://www.cse.buffalo.edu/caeiae/skm2004/ • Secure Knowledge Management • Bertino, Khan, Sandhu and Thuraisingham • IEEE Transactions on Systems man and Cybernetics • This lecture is based on the above paper
What is Knowledge Management • Knowledge management, or KM, is the process through which organizations generate value from their intellectual property and knowledge-based assets • KM involves the creation, dissemination, and utilization of knowledge • Reference: http://www.commerce-database.com/knowledge-management.htm?source=google
Knowledge Management Components Knowledge Components of Management: Components, Cycle and Technologies Cycle: Technologies: Components: Knowledge, Creation Expert systems Strategies Sharing, Measurement Collaboration Processes And Improvement Training Metrics Web
Organizational Learning Process Diffusion - Tacit, Explicit Integration Modification Identification Creation Metrics Action Incentives Source: Reinhardt and Pawlowsky
Aspects of Secure Knowledge Management (SKM) • Protecting the intellectual property of an organization • Access control including role-based access control • Security for process/activity management and workflow • Users must have certain credentials to carry out an activity • Composing multiple security policies across organizations • Security for knowledge management strategies and processes • Risk management and economic tradeoffs • Digital rights management and trust negotiation
SKM: Strategies, Processes, Metrics, Techniques • Security Strategies: • Policies and procedures for sharing data • Protecting intellectual property • Should be tightly integrated with business strategy • Security processes • Secure workflow • Processes for contracting, purchasing, order management, etc. • Metrics • What is impact of security on number of documents published and other metrics gathered • Techniques • Access control, Trust management
Security Impact on Organizational Learning Process Diffusion - Tacit, Explicit Integration Modification Identification Creation Metrics Action Incentives What are the restrictions On knowledge sharing By incorporating security
Security Policy Issues for Knowledge Management • Defining Policies during Knowledge Creation • Representing policies during knowledge management • Enforcing policies during knowledge manipulation and dissemination
SKM for Coalitions • Organizations for federations and coalitions work together to solve a problem • Universities, Commercial corporation, Government agencies • Challenges is to share data/information and at the same time ensure security and autonomy for the individual organizations • How can knowledge be shared across coalitions?
SKM Coalition Architecture Knowledge for Coalition Export Export Knowledge Knowledge Export Knowledge Component Component Knowledge for Knowledge for Agency A Agency C Component Knowledge for Agency B
SKM Technologies • Data Mining • Mining the information and determine resources without violating security • Secure Semantic Web • Secure knowledge sharing • Secure Annotation Management • Managing annotations about expertise and resources • Secure content management • Markup technologies and related aspects for managing content • Secure multimedia information management
Directions for SKM • We have identified high level aspects of SKM • Strategies, Processes. Metrics, techniques, Technologies, Architecture • Need to investigate security issues • RBAC, UCON, Trust etc. • CS departments should collaborate with business schools on KM and SKM
Web Security • End-to-end security • Need to secure the clients, servers, networks, operating systems, transactions, data, and programming languages • The various systems when put together have to be secure • Composable properties for security • Access control rules, enforce security policies, auditing, intrusion detection • Verification and validation • Security solutions proposed by W3C and OMG • Java Security • Firewalls • Digital signatures and Message Digests, Cryptography
E-Commerce Transactions • E-commerce functions are carried out as transactions • Banking and trading on the internet • Each data transaction could contain many tasks • Database transactions may be built on top of the data transaction service • Database transactions are needed for multiuser access to web databases • Need to enforce concurrency control and recovery techniques
Types of Transaction Systems • Stored Account Payment • e.g., Credit and debit card transactions • Electronic payment systems • Examples: First Virtual, CyberCash, Secure Electronic Transaction • Stored Value Payment • Uses bearer certificates • Modeled after hard cash • Goal is to replace hard cash with e-cash • Examples: E-cash, Cybercoin, Smart cards
Building Database Transactions Database Transaction Protocol Payments Protocol HTTP Protocol Socket Protocol TCP/IP Protocol
Secure Digital Libraries • Digital libraries are e-libraries • Several communities have developed digital libraries • Medical, Social, Library of Congress • Components technologies • Web data management, Multimedia, information retrieval, indexing, browsing, -- - - • Security has to be incorporated into all aspects • Secure models for digital libraries, secure functions
Secure Web Databases • Database access through the web • JDBC and related technologies • Query, indexing and transaction management • E.g., New transaction models for E-commerce applications • Index strategies for unstructured data • Query languages and data models • XML has become the standard document interchange language • Managing XML databases on the web • XML-QL, Extensions to XML, Query and Indexing strategies • Integrating heterogeneous data sources on the web • Information integration and ontologies are key aspects • Mining the data on the web • Web content, usage, structure and content mining
Directions for Web Security • End-to-end security • Secure networks, clients, servers, middleware • Secure Web databases, agents, information retrieval systems, browsers, search engines, - - - • As technologies evolve, more security problems • Data mining, intrusion detection, encryption are some of the technologies for security • Next steps • Secure semantic web, Secure knowledge management • Building trusted applications from untrusted components