Data and Applications Security

Dr. Bhavani Thuraisingham

The University of Texas at Dallas

Lecture #1

Introduction to Data and Applications Security

August 29, 2014

Outline

Data and Applications Security

- Developments and Directions

Secure Semantic Web

- XML Security; Other directions

Some Emerging Secure DAS Technologies

- Secure Sensor Information Management; Secure Dependable Information Management

Some Directions for Privacy Research

- Data Mining for handling security problems; Privacy vs. National Security; Privacy Constraint Processing; Foundations of the Privacy Problem

What are the Challenges?

Developments in Data and Applications Security: 1975 - Present

Access Control for Systems R and Ingres (mid 1970s) Multilevel secure database systems (1980 – present)

- Relational database systems: research prototypes and products; Distributed database systems: research prototypes and some operational systems; Object data systems; Inference problem and deductive database system; Transactions

Recent developments in Secure Data Management (1996 – Present)

- Secure data warehousing, Role-based access control (RBAC); E-commerce; XML security and Secure Semantic Web; Data mining for intrusion detection and national security; Privacy; Dependable data management; Secure knowledge management and collaboration

Developments in Data and Applications Security: Multilevel Secure Databases - I

Air Force Summer Study in 1982 Early systems based on Integrity Lock approach Systems in the mid to late 1980s, early 90s

- E.g., Seaview by SRI, Lock Data Views by Honeywell, ASD and ASD Views by TRW

- Prototypes and commercial products

- Trusted Database Interpretation and Evaluation of Commercial Products

Secure Distributed Databases (late 80s to mid 90s)

- Architectures; Algorithms and Prototype for distributed query processing; Simulation of distributed transaction management and concurrency control algorithms; Secure federated data management

Developments in Data and Applications Security: Multilevel Secure Databases - II

Inference Problem (mid 80s to mid 90s)

- Unsolvability of the inference problem; Security constraint processing during query, update and database design operations; Semantic models and conceptual structures

Secure Object Databases and Systems (late 80s to mid 90s)

- Secure object models; Distributed object systems security; Object modeling for designing secure applications; Secure multimedia data management

Secure Transactions (1990s)

- Single Level/ Multilevel Transactions; Secure recovery and commit protocols

Some Directions and Challenges for Data and Applications Security - I

Secure semantic web - Security models

Secure Information Integration- How do you securely integrate numerous and

heterogeneous data sources on the web and otherwiseSecure Sensor Information Management- Fusing and managing data/information from distributed

and autonomous sensorsSecure Dependable Information Management- Integrating Security, Real-time Processing and Fault

ToleranceData Sharing vs. Privacy- Federated database architectures?

Some Directions and Challenges for Data and Applications Security - II

Data mining and knowledge discovery for intrusion detection

- Need realistic models; real-time data mining Secure knowledge management

- Protect the assets and intellectual rights of an organization Information assurance, Infrastructure protection, Access

Control

- Insider cyber-threat analysis, Protecting national databases, Role-based access control for emerging applications

Security for emerging applications

- Geospatial, Biomedical, E-Commerce, etc. Other Directions

- Trust and Economics, Trust Management/Negotiation, Secure Peer-to-peer computing,

Coalition Data and Policy Sharing

ExportData/Policy

ComponentData/Policy for

Agency A

Data/Policy for Federation

ExportData/Policy

ComponentData/Policy for

Agency C

ComponentData/Policy for

Agency B

ExportData/Policy

Other topics to be covered by course

Secure Cloud Computing Secure Social Media Mobile code security Vulnerability Analysis Infrastructure security Healthcare Security Financial Security