1. Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course August 24, 2009

2. Objective of the Unit l This unit provides an overview of the course. The course describes concepts, developments, challenges, and directions in data and applications security. Topics include - database security, distributed data management security, object security, data warehouse security, data mining for security applications, privacy, secure semantic web, secure digital libraries, secure knowledge management and secure sensor information management, biometrics

3. Outline of the Unit l Outline of Course l Course Work l Course Rules l Contact l Appendix

4. Outline of the Course l Unit #1: Introduction to Data and Applications l Part I: Background - Unit #2: Data Management - Unit #3: Information Security - Unit #4: Information Management l Part II: Discretionary Security - Unit #5: Concepts - Unit #6: Policy Enforcement l Part III: Mandatory Security - Unit #7: Concepts - Unit #8: Architectures

5. Outline of the Course (Continued) l Part IV: Secure Relational Data Management - Unit #9: Data Model - Unit #10: Functions - Unit #11: Prototypes and Products l Part V: Inference Problem - Unit #12: Concepts - Unit #13: Constraint Processing - Unit #14: Conceptual Structures l Part VI: Secure Distributed Data Management - Unit #15: Secure Distributed data management - Unit #16: Secure Heterogeneous Data Integration - Unit #17: Secure Federated Data Management

6. Outline of the Course (Continued) l Part VII: Secure Object Data Management - Unit #18: Secure Object Management - Unit #19: Secure Distributed Objects and Modeling Applications - Unit #20: Secure Multimedia Systems MIDTERM l Part VIII: Data Warehousing, Data Mining and Security l (Oct 19-Oct 26) - Unit #21: Secure Data Warehousing - Unit #22: Data Mining for Security Applications - Unit #23: Privacy l Part IX: Secure Information Management - Unit #24: Secure Digital Libraries (Nov 9, 11) - Unit #25: Secure Semantic Web (web services, XML security) (Oct 28, Nov 2, Nov 4) - Unit #26: Secure Information and Knowledge Management

7. Outline of the Course (Continued) l Part X: Emerging Technologies - Unit #27: Secure Dependable Data Management (Nov 16) - Unit #28: Secure Sensor and Wireless Data Management - Unit #29: Other Emerging Technologies (Nov 18) - Extra Topics (Nov 23, 25) l Social network l Unit #30 Conclusion to the Course l Guest Lectures Some guest lectures may be included l Some other topics (Nov 30) l Review for finals (Dec 2)

8. Course Work l Three term papers; each worth 9 points l Two exams each worth 15 points - Mid-term and Final exams l Programming project worth 15 points - Due day; the day of the final exam l Four homework assignments each worth 7 points - Due dates: will be announced l Total 100 points l Course Book: Database and Applications Security: Integration Data Management and Information Security, Bhavani Thuraisingham, CRC Press, 2005 l Will also include papers as reading material

9. Some Topics for Papers l XML Security l Inference Problem l Privacy l Secure Biometrics l Intrusion Detection l E-Commerce Security l Secure Sensor Information Management l Secure Distributed Systems l Secure Semantic Web l Secure Data Warehousing l Insider Threat Analysis l Secure Multimedia Systems

10. Term Papers: Example Format l Abstract l Introduction l Background on the Topic l Survey of various techniques, designs etc, l Analyze the techniques, designs etc. and give your opinions l Directions for further work l Summary and Conclusions l References

11. Term Papers: Example Format - II l Abstract l Introduction l Background on the Topic and Related Work l Discuss strengths and weaknesses of your work and others’ work l Give your own design l Directions for further work l Summary and Conclusions l References

12. Project Report Format l Overview of the Project l Design of the System l Input/Output l Future Enhancements l References

13. Some Project Topics l Quivery Modification on XML Documents l Access control for web systems l Intrusion detection system l Access control for multimedia systems - E.g., access control for image, video l Role-based access control system l Access control for object systems l Secure data warehouse

14. Course Rules l Unless special permission is obtained from the instructor, each student will work individually l Late assignments will not be accepted. All assignments have to be turned in just after the lecture on the due date l No make up exams unless student can produce a medical certificate or give evidence of close family emergency l Copying material from other sources will not be permitted unless the source is properly referenced l Any student who plagiarizes from other sources will be reported to the Computer Science department and any other committees as advices by the department l Students must attend every class. If a student is unable to attend, approval from the instructor is needed unless it is an emergency. If this is no followed, a student can either be dismissed from class or points deducted from the scores. Exact policy will be announced by August 31 in class

15. Contact l For more information please contact - Dr. Bhavani Thuraisingham - Professor of Computer Science and - Director of Cyber Security Research Center Erik Jonsson School of Engineering and Computer Science EC31, The University of Texas at Dallas Richardson, TX 75080 - Phone: 972-883-4738 - Fax: 972-883-2399 - Email: bhavani.thuraisingham@utdallas.edu - URL: http://www.utdallas.edu/~bxt043000/ http://www.utdallas.edu/~bxt043000/

16. Due Dates of Assignments/Term papers, etc. September 2, 2009, Updated Oct 7, October 19 l Assignment #1: September 14, 2009 l Term Paper #1: September 21, 2009 l Assignment #2 will be given on September 14, 2009 and due date is September 28, 2009 - Assignment #2 was given on Sept 30 th and due date is October 12th l Mid-term exam – either October 5 or October 14 - Exam is October 14 l Term Paper #2 is due: Due November 2, Due November 9th l Term Paper #3: November 25 l Assignment #3: Given Oct 12 th, Due Oct 26 th (Given Oct 19, Due Nov 4) l Assignment #4: Given November 16, Due November 23rd l Final exam – will be determined around September 14 : December 7 th l Programming project: December 2nd

17. New Policy: Effective October 7, 2009 l A student must inform me if he/she is missing a class ahead of time l Otherwise the student must have a valid reason such as emergency illness. The student must then present a medical certificate from his/her physician l If a student misses class without a valid reason and/or does not inform me ahead of time, then for each class missed, the student has to write an extra term paper. l If the student does not write this term paper, or the term paper is not of the quality of the regular term paper the student submits, then 4 points will be detected from the final score for each term paper not written for missing a class.

18. Papers to Read for Mid-term exam - Vijayalakshmi Atluri, Soon Ae Chun: An Authorization Model for Geospatial Data. IEEE Trans. Dependable Sec. Comput. 1(4): 238-254 (2004)Soon Ae ChunIEEE Trans. Dependable Sec. Comput. 1 - Elisa Bertino, Bhavani M. Thuraisingham, Michael Gertz, Maria Luisa Damiani: Security and privacy for geospatial data: concepts and research directions. SPRINGL 2008:6-19 Elisa BertinoBhavani M. ThuraisinghamMichael GertzMaria Luisa DamianiSPRINGL 2008:6-19 - RBAC: Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, Charles E. Youman: Role-Based Access Control Models. IEEE Computer 29(2): 38-47 (1996)Edward J. CoyneHal L. FeinsteinCharles E. YoumanIEEE Computer 29 - UCON: Jaehong Park, Ravi S. Sandhu: The UCONABC usage control model. ACM Trans. Inf. Syst. Secur. 7(1): 128-174 (2004) - first 20 pagesRavi S. SandhuACM Trans. Inf. Syst. Secur. 7 - DCON: Roshan K. Thomas, Ravi S. Sandhu: Towards a Multi-dimensional Characterization of Dissemination Control. POLICY 2004: 197-200 (IEEE)Ravi S. SandhuPOLICY 2004 - Bhavani M. Thuraisingham, William Ford: Security Constraints in a Multilevel Secure Distributed Database Management System. IEEE Trans. Knowl. Data Eng. 7William FordIEEE Trans. Knowl. Data Eng. - Bhavani M. Thuraisingham: Mandatory Security in Object-Oriented Database Systems. OOPSLA 1989: 203-210OOPSLA 1989 - TNL: an XML-based language for trust negotiations Bertino, E.; Ferrari, E.; Squicciarini, A.; Policies for Distributed Systems and Networks, 2003. Proceedings. POLICY 2003. IEEE 4th International Workshop on, IEEE

19. Papers to Read for Exam #2 - Barbara Carminati, Elena Ferrari, Raymond Heatherly, Murat Kantarcioglu, Bhavani M. Thuraisingham: A semantic web based framework for social network access control. SACMAT 2009: 177- 186 Barbara CarminatiElena FerrariRaymond HeatherlyMurat KantarciogluSACMAT 2009 - Elisa Bertino, Barbara Carminati, Elena Ferrari, Bhavani M. Thuraisingham, Amar Gupta: Selective and Authentic Third-Party Distribution of XML Documents. IEEE Trans. Knowl. Data Eng. 16(10): 1263-1278 (2004) Elisa BertinoBarbara CarminatiElena FerrariAmar GuptaIEEE Trans. Knowl. Data Eng. 16