Data and Applications Security Developments and Directions

Slides:



Advertisements
Similar presentations
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #26 Emerging Technologies.
Advertisements

Week 6 Lecture Part 2 Databases in Electronic Commerce Samuel Conn, Asst. Professor.
Secure Knowledge Management Dr. Bhavani Thuraisingham The National Science Foundation September 2004.
Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Secure Knowledge Management: and.
Building Trustworthy Semantic Webs Dr. Bhavani Thuraisingham The University of Texas at Dallas Semantic web technologies for secure interoperability and.
Trustworthy Semantic Web Knowledge Management + E-Business + Semantic Web = Semantic E-Business Dr. Bhavani Thuraisingham March 2010.
The Internetworked E-Business Enterprise
Data and Applications Security Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #1 Introduction to Data and Applications Security August.
Data and Applications Security Developments and Directions Guest Lecture Dr. Kevin Hamlen Given in February 2012.
Information Security Analytics Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course.
Dr. Bhavani Thuraisingham August 2006 Building Trustworthy Semantic Webs Unit #1: Introduction to The Semantic Web.
E-commerce 24/12/ Electronic Commerce (E-Commerce) Commerce refers to all the activities the purchase and sales of goods or services. Marketing,
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #22 Secure Web Information.
Introduction to Biometrics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #2 Information Security August 24, 2005.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #16 Knowledge Management.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #1 Introduction to Data.
Dr. Bhavani Thuraisingham September 2006 Building Trustworthy Semantic Webs Lecture #5 ] XML and XML Security.
Introduction to Biometrics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #1 Biometrics and Other Emerging Technologies in Applications.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #1 Introduction to Data and Applications Security and Digital Forensics.
Dr. Bhavani Thuraisingham January 14, 2011 Building Trustworthy Semantic Webs Lecture #1: Introduction to Trustworthy Semantic Web.
Data Security and Integrity Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas June 2009.
Erik Jonsson School of Engineering and Computer Science The University of Texas at Dallas Cyber Security Research on Engineering Solutions Dr. Bhavani.
Secure Knowledge Management and Trustworthy Semantic Web Technologies Dr. Bhavani Thuraisingham The University of Texas at Dallas December 2008.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #19 Digital Libraries, Semantic.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #18 Secure Knowledge Management:
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #11 Secure Heterogeneous.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #3 Supporting Technologies:
Data and Applications Security
Data and Applications Security Developments and Directions
Building Trustworthy Semantic Webs
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Knowledge Management Tools
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Lecture #11: Ontology Engineering Dr. Bhavani Thuraisingham
Data and Applications Security
Data and Applications Security Developments and Directions
EMTM 553 Electronic Commerce Systems
Data and Applications Security Developments and Directions
Unit# 5: Internet and Worldwide Web
Data and Applications Security Developments and Directions
Trustworthy Semantic Web
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Module 4 System and Application Security
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security
Data and Applications Security Developments and Directions
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Data and Applications Security
Presentation transcript:

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Secure Knowledge Management: and Web Security November 2012

Outline of the Unit Background on Knowledge Management Secure Knowledge Management Confidentiality, Privacy and Trust Integrated System Secure Knowledge Management Technologies Web Security Digital Libraries Directions

References Proceedings Secure Knowledge Management Workshop Secure Knowledge Management Workshop, Buffalo, NY, September 2004 http://www.cse.buffalo.edu/caeiae/skm2004/ Secure Knowledge Management Bertino, Khan, Sandhu and Thuraisingham IEEE Transactions on Systems man and Cybernetics This lecture is based on the above paper

What is Knowledge Management Knowledge management, or KM, is the process through which organizations generate value from their intellectual property and knowledge-based assets KM involves the creation, dissemination, and utilization of knowledge Reference: http://www.commerce-database.com/knowledge- management.htm?source=google

Knowledge Management Components Components of Management: Components, Cycle and Technologies Cycle: Technologies: Components: Knowledge, Creation Expert systems Strategies Sharing, Measurement Collaboration Processes And Improvement Training None of these things were endorsed by military acquisitions, but all have gradually started happening out of necessity and user requirements. Metrics Web

Organizational Learning Process Diffusion - Tacit, Explicit Incentives Integration Modification Identification Creation Metrics Action Overall focus is on learning actionable knowledge Organizations successful at KM Generate and Generalize knowledge Generate - Create new knowledge and Identify knowledge that exists inside and outside the organization Generalize - Transfer Knowledge from person to person, group to group, organization to organization Diffusion - tacit/explicit - Tacit - Dialogue, Explicit - someone creates an external representation of their understanding (Word, e-mail, PowerPoint) Integration - Knowledge transfer only matters to the receiver. Person knowledge is transferred to must be open to new ideas, able to challenge assumptions to integrate into their mental model. Modification - Knowledge is never received “pure”, typically the receiver takes out the pieces that work for him/her. Action - Important experiential knowledge is built through action. Wouldn’t expect someone to be able to <choose example> by reading a book or paper. Need tacit knowledge built up in action. Need metrics to determine success in each area and to provide incentive. Not measured it won’t get done. Focus of this MSR is on metrics and incentives for the diffusion process. Examine available tools and develop tools for each area. (I.e. Expert Finder (identification), CVW - diffusion, Invention Machine (integration), PowerSim (Action) Source: Reinhardt and Pawlowsky

Aspects of Secure Knowledge Management (SKM) Protecting the intellectual property of an organization Access control including role-based access control Security for process/activity management and workflow Users must have certain credentials to carry out an activity Composing multiple security policies across organizations Security for knowledge management strategies and processes Risk management and economic tradeoffs Digital rights management and trust negotiation

SKM: Strategies, Processes, Metrics, Techniques Security Strategies: Policies and procedures for sharing data Protecting intellectual property Should be tightly integrated with business strategy Security processes Secure workflow Processes for contracting, purchasing, order management, etc. Metrics What is impact of security on number of documents published and other metrics gathered Techniques Access control, Trust management

SKM: Strategies, Processes, Metrics, Techniques

Security Impact on Organizational Learning Process Diffusion - Tacit, Explicit Incentives Integration Modification Identification Creation Metrics Action Overall focus is on learning actionable knowledge Organizations successful at KM Generate and Generalize knowledge Generate - Create new knowledge and Identify knowledge that exists inside and outside the organization Generalize - Transfer Knowledge from person to person, group to group, organization to organization Diffusion - tacit/explicit - Tacit - Dialogue, Explicit - someone creates an external representation of their understanding (Word, e-mail, PowerPoint) Integration - Knowledge transfer only matters to the receiver. Person knowledge is transferred to must be open to new ideas, able to challenge assumptions to integrate into their mental model. Modification - Knowledge is never received “pure”, typically the receiver takes out the pieces that work for him/her. Action - Important experiential knowledge is built through action. Wouldn’t expect someone to be able to <choose example> by reading a book or paper. Need tacit knowledge built up in action. Need metrics to determine success in each area and to provide incentive. Not measured it won’t get done. Focus of this MSR is on metrics and incentives for the diffusion process. Examine available tools and develop tools for each area. (I.e. Expert Finder (identification), CVW - diffusion, Invention Machine (integration), PowerSim (Action) What are the restrictions On knowledge sharing By incorporating security

Security Policy Issues for Knowledge Management Defining Policies during Knowledge Creation Representing policies during knowledge management Enforcing policies during knowledge manipulation and dissemination

Secure Knowledge Management Architecture

SKM for Coalitions Organizations for federations and coalitions work together to solve a problem Universities, Commercial corporation, Government agencies Challenges is to share data/information and at the same time ensure security and autonomy for the individual organizations How can knowledge be shared across coalitions?

SKM Coalition Architecture Knowledge for Coalition Export Export Knowledge Knowledge Export Knowledge Component Component Knowledge for Knowledge for Agency A Agency C Component Knowledge for Agency B

SKM Technologies Data Mining Mining the information and determine resources without violating security Secure Semantic Web Secure knowledge sharing Secure Annotation Management Managing annotations about expertise and resources Secure content management Markup technologies and related aspects for managing content Secure multimedia information management This is about knowledge management and security

Directions for SKM We have identified high level aspects of SKM Strategies, Processes. Metrics, techniques, Technologies, Architecture Need to investigate security issues RBAC, UCON, Trust etc. CS departments should collaborate with business schools on KM and SKM

Web Security End-to-end security? Need to secure the clients, servers, networks, operating systems, transactions, data, and programming languages The various systems when put together have to be secure Composable properties for security Secure system from untrusted components Access control rules, enforce security policies, auditing, intrusion detection Security solutions proposed by W3C and OASIS Java Security Firewalls Digital signatures and Message Digests, Cryptography

Attacks to Web Security

Secure Web Components

E-Commerce Transactions E-commerce functions are carried out as transactions Banking and trading on the internet Each data transaction could contain many tasks Database transactions may be built on top of the data transaction service Database transactions are needed for multiuser access to web databases Need to enforce concurrency control and recovery techniques

Types of Transaction Systems Stored Account Payment e.g., Credit and debit card transactions Electronic payment systems Examples: First Virtual, CyberCash, Secure Electronic Transaction Stored Value Payment Uses bearer certificates Modeled after hard cash Goal is to replace hard cash with e-cash Examples: E-cash, Cybercoin, Smart cards

Building Database Transactions Database Transaction Protocol Payments Protocol HTTP Protocol Socket Protocol TCP/IP Protocol

Secure Digital Libraries Digital libraries are e-libraries Several communities have developed digital libraries Medical, Social, Library of Congress Components technologies Web data management, Multimedia, information retrieval, indexing, browsing, -- - - Security has to be incorporated into all aspects Secure models for digital libraries, secure functions

Secure Web Databases Database access through the web JDBC and related technologies Query, indexing and transaction management E.g., New transaction models for E-commerce applications Index strategies for unstructured data Query languages and data models XML has become the standard document interchange language Managing XML databases on the web XQuery, Extensions to XML, Query and Indexing strategies Integrating heterogeneous data sources on the web Information integration and ontologies are key aspects Mining the data on the web Web content, usage, structure and content mining

Directions for Web Security End-to-end security Secure networks, clients, servers, middleware Secure Web databases, agents, information retrieval systems, browsers, search engines, - - - As technologies evolve, more security problems Data mining, intrusion detection, encryption are some of the technologies for security Next steps Secure semantic web, Secure knowledge management Building trusted applications from untrusted components