210 likes | 220 Views
This course provides an overview of concepts, developments, and challenges in data and applications security. Topics include database security, object security, privacy, data mining for security applications, and more.
E N D
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course January 20, 2012
Objective of the Unit • This unit provides an overview of the course. The course describes concepts, developments, challenges, and directions in data and applications security. Topics include • database security, distributed data management security, object security, data warehouse security, data mining for security applications, privacy, secure semantic web, secure digital libraries, secure knowledge management and secure sensor information management, biometrics
Outline of the Unit • Outline of Course • Course Work • Course Rules • Contact
Outline of the Course • Unit #1: Introduction to Data and Applications • Part I: Background • Unit #2: Data Management • Unit #3: Information Security • Unit #4: Information Management • Part II: Discretionary Security • Unit #5: Concepts • Unit #6: Policy Enforcement • Part III: Mandatory Security • Unit #7: Concepts • Unit #8: Architectures
Outline of the Course (Continued) • Part IV: Secure Relational Data Management • Unit #9: Data Model • Unit #10: Functions • Unit #11: Prototypes and Products • Part V: Inference Problem • Unit #12: Concepts • Unit #13: Constraint Processing • Unit #14: Conceptual Structures • Part VI: Secure Distributed Data Management • Unit #15: Secure Distributed data management • Unit #16: Secure Heterogeneous Data Integration • Unit #17: Secure Federated Data Management
Outline of the Course (Continued) • Part VII: Secure Object Data Management • Unit #18: Secure Object Management • Unit #19: Secure Distributed Objects and Modeling Applications • Unit #20: Secure Multimedia Systems • Part VIII: Data Warehousing, Data Mining and Security • Unit #21: Secure Data Warehousing • Unit #22: Data Mining for Security Applications • Unit #23: Privacy • Part IX: Secure Information Management • Unit #24: Secure Digital Libraries • Unit #25: Secure Semantic Web (web services, XML security) • Unit #26: Secure Information and Knowledge Management
Outline of the Course (Continued) • Part X: Emerging Technologies • Unit #27: Secure Dependable Data Management • Unit #28: Secure Sensor and Wireless Data Management • Unit #29: Other Emerging Technologies • Unit #30 Conclusion to the Course • Guest Lectures Some guest lectures may be included • Some other topics • Review for exams
Course Work • 2 Exams: 20 points each • Exam #1: March 9; Exam #2: May 4 • Programming Project and demonstration, 16 points • April 27 • Term Paper and presentation: 12 points • April 13 • 4 Homework assignments: 8 points each • February 17, March 2, March 30, April 20
Some Topics for Papers • XML Security • Inference Problem • Privacy • Secure Biometrics • Intrusion Detection • E-Commerce Security • Secure Sensor Information Management • Secure Distributed Systems • Secure Semantic Web • Secure Data Warehousing • Insider Threat Analysis • Secure Multimedia Systems
Term Papers: Example Format • Abstract • Introduction • Background on the Topic • Survey of various techniques, designs etc, • Analyze the techniques, designs etc. and give your opinions • Directions for further work • Summary and Conclusions • References
Term Papers: Example Format - II • Abstract • Introduction • Background on the Topic and Related Work • Discuss strengths and weaknesses of your work and others’ work • Give your own design • Directions for further work • Summary and Conclusions • References
Project Report Format • Overview of the Project • Design of the System • Input/Output • Future Enhancements • References
Some Project Topics • Quivery Modification on XML Documents • Access control for web systems • Intrusion detection system • Access control for multimedia systems • E.g., access control for image, video • Role-based access control system • Access control for object systems • Secure data warehouse
Course Rules • Course attendance is mandatory; unless permission is obtained from instructor for missing a class with a valid reason (documentation needed for medical emergency for student or a close family member – e.g., spouse, parent, child). Attendance will be collected every lecture. 5 points will be deducted out of 100 for each lecture missed without approval. • Each student will work individually • Late assignments will not be accepted. All assignments have to be turned in just after the lecture on the due date • No make up exams unless student can produce a medical certificate or give evidence of close family emergency • Copying material from other sources will not be permitted unless the source is properly referenced • Any student who plagiarizes from other sources will be reported to the appropriate UTD authroities
Contact • For more information please contact • Dr. Bhavani Thuraisingham • Professor of Computer Science and • Director of Cyber Security Research Center Erik Jonsson School of Engineering and Computer Science EC31, The University of Texas at Dallas Richardson, TX 75080 • Phone: 972-883-4738 • Fax: 972-883-2399 • Email: bhavani.thuraisingham@utdallas.edu • URL:http://www.utdallas.edu/~bxt043000/
Papers to Read for Exam #1 • Multilevel Object Security • Bhavani M. Thuraisingham: Mandatory Security in Object-Oriented Database Systems. OOPSLA 1989: 203-210 • Distributed Inference Control • Bhavani M. Thuraisingham, William Ford: Security Constraints in a Multilevel Secure Distributed Database Management System. IEEE Trans. Knowl. Data Eng. 7(2): 274-293 (1995) • Secure Geospatial Systems • Elisa Bertino, Bhavani M. Thuraisingham, Michael Gertz, Maria Luisa Damiani: Security and privacy for geospatial data: concepts and research directions. SPRINGL 2008: 6-19 • Additional papers for assignment 1
Index to Lectures for Exam #1 • Lecture 1: Introduction (this unit) • Lecture 2: Security Modules • Lecture 3: Data, Info and Knowledge Management • Lecture 4: Access Control • Lecture 5: Policies • Lecture 6: Assignment #1 • Lecture 7: Multilevel Database Management • Lecture 8: Dr. Hamlen guest lecture • Lecture 9: Inference Problem 1 • Lecture 10: Inference Problem 2 • Lecture 11: Assignment #2 • Lecture 12: Secure distributed, heterogeneous, federated data • Lecture 13: Secure objects
Papers to Read for Exam #2 • Elisa Bertino, Barbara Carminati, Elena Ferrari, Bhavani M. Thuraisingham, Amar Gupta: Selective and Authentic Third-Party Distribution of XML Documents. IEEE Trans. Knowl. Data Eng. 16(10): 1263-1278 (2004) • Timothy W. Finin, Anupam Joshi, Lalana Kagal, Jianwei Niu, Ravi S. Sandhu, William H. Winsborough, Bhavani M. Thuraisingham: ROWLBAC: representing role based access control in OWL. SACMAT 2008: 73-82 • Barbara Carminati, Elena Ferrari, Raymond Heatherly, Murat Kantarcioglu, Bhavani M. Thuraisingham: A semantic web based framework for social network access control. SACMAT 2009: 177-186 • Jungin Kim, Bhavani M. Thuraisingham: Dependable and Secure TMO Scheme. ISORC 2006: 133-140
Index to Lectures for Exam #2 • Lecture 14: Data warehousing, data mining and security (March 2, 2012) • Lecture 15: Blank • Lecture 16: Privacy (March 9, 2012) • Lecture 17: Assignment #3 • Lecture 18: Lecture by Dr. Tahseen (March 23, 2012) • Lecture 19: Data Mining for Malware detection (March 23, 2012) • Lecture 20: Attacks to databases (March 23, 2012) • Lecture 21: Threats to info security by Dr. Goel (Module 1 only) • Lecture 22: Intro to semantic web (March 30, 2012) • Lecture 23: Trustworthy semantic web (March 30, 2012)
Index to Lectures for Exam #2 • Lecture 24: Secure Third Party Publication of XML data (April 6, 2012) • Lecture 25: NIST Project, Guest lecture Ms. Jyothsna (April 6) • Lecture 26: Security for web services (April 13, 2012) • Lecture 27: Secure Social Networks (April 13, 2012) • Lecture 28: Comprehensive overview of cloud computing (April 20, 2012) • Lecture 29: Secure knowledge management and web security (April 13, 2012) • Lecture 30: Assured Cloud Computing (April 20, 2012) • Lecture 31: Assignment #4 • Lecture 32: Dependable data management (April 27, 2012) • Lecture 33: Digital Forensics and Biometrics (April 27, 2012) • Lecture 34: Lecture by Dr. Neda (given on April 20, 2012)
What have we learned in the course? • Module 1: Cyber Security, Data management, Data Security Intro • Module 2: Discretionary security and policy management for data • Module 3: Multilevel secure data management • Module 4: Distributed, Heterogeneous and federated data management and Assured Information Sharing • Module 5: Secure object and multimedia management • Module 6: Data warehousing, Data Mining for security (malware) and Privacy Aspects • Module 7: Semantic Web and Security • Module 8:Secure web services, Secure Knowledge Management and Social networking • Module 9: Secure Cloud Data Management • Module 10: Secure Dependable and Real-time data management • Module 11: Misc topics: Digital Forensics, Biometric cs, etc.