1. Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course August 31, 2012

2. Objective of the Unit l This unit provides an overview of the course. The course describes concepts, developments, challenges, and directions in data and applications security. Topics include - database security, distributed data management security, object security, data warehouse security, data mining for security applications, privacy, secure semantic web, secure digital libraries, secure knowledge management and secure sensor information management, biometrics

3. Outline of the Unit l Outline of Course l Course Work l Course Rules l Contact l Appendix

4. Outline of the Course l Unit #1: Introduction to Data and Applications l Part I: Background - Unit #2: Data Management - Unit #3: Information Security - Unit #4: Information Management l Part II: Discretionary Security - Unit #5: Concepts - Unit #6: Policy Enforcement l Part III: Mandatory Security - Unit #7: Concepts - Unit #8: Architectures

5. Outline of the Course (Continued) l Part IV: Secure Relational Data Management - Unit #9: Data Model - Unit #10: Functions - Unit #11: Prototypes and Products l Part V: Inference Problem - Unit #12: Concepts - Unit #13: Constraint Processing - Unit #14: Conceptual Structures l Part VI: Secure Distributed Data Management - Unit #15: Secure Distributed data management - Unit #16: Secure Heterogeneous Data Integration - Unit #17: Secure Federated Data Management

6. Outline of the Course (Continued) l Part VII: Secure Object Data Management - Unit #18: Secure Object Management - Unit #19: Secure Distributed Objects and Modeling Applications - Unit #20: Secure Multimedia Systems l Part VIII: Data Warehousing, Data Mining and Security - Unit #21: Secure Data Warehousing - Unit #22: Data Mining for Security Applications - Unit #23: Privacy l Part IX: Secure Information Management - Unit #24: Secure Digital Libraries - Unit #25: Secure Semantic Web (web services, XML security) - Unit #26: Secure Information and Knowledge Management

7. Outline of the Course (Continued) l Part X: Emerging Technologies - Unit #27: Secure Dependable Data Management - Unit #28: Secure Sensor and Wireless Data Management - Unit #29: Other Emerging Technologies l Unit #30 Conclusion to the Course l Guest Lectures Some guest lectures may be included Insider Threat l Additional Topics including l Secure Web Services l Social network security and privacy l Secure cloud computing l Review for finals

8. Tentative Schedule l August 31: Introduction l September 7: Policies and Access Control l September 14: Multilevel Data Management l September 21: Inference Problem l September 28: Secure Distributed and Object Data Management l October 5: Data Warehousing, Data Mining, Security and Privacy l October 12: Secure Web Services and Review for Exam l October 19: Exam #1 l October 26: Secure semantic web and XML security l November 2: Secure Cloud Computing l November 9: Secure Knowledge Management and Social Networking l November 16: Secure Dependable Data Management, Digital Forensics l November 23: Holiday l November 30: Mobile phone security and special topics l December 7: Selected project presentations and review l December 14: Exam #2

9. Tentative Schedule l Assignment #1 due date: September 21, 2012 l Assignment #2: due date: September 28, 2012 l Term #1: October 12, 2012 l Exam #1: October 19, 2012 l Assignment #3: October 26, 2012 l Assignment #4: November 2, 2012 (due date: November 16, 2012) l Term paper #2: November 9, 2012 l Project: November 30, 2012 l Exam #2: December 14, 2012

10. Course Work l Two term papers; each worth 8 points l Two exams each worth 24 points l Programming project worth 12 points l Four homework assignments each worth 6 points l Total 100 points l Course Book: Database and Applications Security: Integration Data Management and Information Security, Bhavani Thuraisingham, CRC Press, 2005 l Will also include papers as reading material

11. Some Topics for Papers l XML Security l Inference Problem l Privacy l Secure Biometrics l Intrusion Detection l E-Commerce Security l Secure Sensor Information Management l Secure Distributed Systems l Secure Semantic Web l Secure Data Warehousing l Insider Threat Analysis l Secure Multimedia Systems

12. Term Papers: Example Format l Abstract l Introduction l Background on the Topic l Survey of various techniques, designs etc, l Analyze the techniques, designs etc. and give your opinions l Directions for further work l Summary and Conclusions l References

13. Term Papers: Example Format - II l Abstract l Introduction l Background on the Topic and Related Work l Discuss strengths and weaknesses of your work and others’ work l Give your own design l Directions for further work l Summary and Conclusions l References

14. Project Report Format l Overview of the Project l Design of the System l Input/Output l Future Enhancements l References

15. Some Project Topics l Quivery Modification on XML Documents l Access control for web systems l Intrusion detection system l Access control for multimedia systems - E.g., access control for image, video l Role-based access control system l Access control for object systems l Secure data warehouse

16. Course Rules l Course attendance is mandatory; unless permission is obtained from instructor for missing a class with a valid reason (documentation needed for medical emergency for student or a close family member – e.g., spouse, parent, child). Attendance will be collected every lecture. 3 points will be deducted out of 100 for each lecture missed without approval. l Each student will work individually l Late assignments will not be accepted. All assignments have to be turned in just after the lecture on the due date l No make up exams unless student can produce a medical certificate or give evidence of close family emergency l Copying material from other sources will not be permitted unless the source is properly referenced l Any student who plagiarizes from other sources will be reported to the appropriate UTD authroities

17. Assignment #1, 2, 3, 4 Assignment #1: Posted in Lecture #7 Assignment #2 Posted in Lecture #11 Assignment #3: Posted in Lecture #17 Assignment #4: Posted in Lecture # 22

18. Contact l For more information please contact - Dr. Bhavani Thuraisingham - Professor of Computer Science and - Director of Cyber Security Research Center Erik Jonsson School of Engineering and Computer Science EC31, The University of Texas at Dallas Richardson, TX 75080 - Phone: 972-883-4738 - Fax: 972-883-2399 - Email: bhavani.thuraisingham@utdallas.edu - URL: http://www.utdallas.edu/~bxt043000/ URL: http://www.utdallas.edu/~bxt043000/

19. Papers to Read for Exam #1 - RBAC: Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, Charles E. Youman: Role-Based Access Control Models. IEEE Computer 29(2): 38-47 (1996)Edward J. CoyneHal L. Feinstein Charles E. YoumanIEEE Computer 29 - UCON: Jaehong Park, Ravi S. Sandhu: The UCONABC usage control model. ACM Trans. Inf. Syst. Secur. 7(1): 128-174 (2004) - Read the first 20 pages (sections 1, 2, 3)Ravi S. SandhuACM Trans. Inf. Syst. Secur. 7 - DCON: Roshan K. Thomas, Ravi S. Sandhu: Towards a Multi- dimensional Characterization of Dissemination Control. POLICY 2004: 197-200 (IEEE)Ravi S. SandhuPOLICY 2004 - Pallabi Parveen, Jonathan Evans, Bhavani M. Thuraisingham, Kevin W. Hamlen, Latifur Khan: Insider Threat Detection Using Stream Mining and Graph Mining. SocialCom/PASSAT 2011: 1102-1110Jonathan EvansBhavani M. Thuraisingham Kevin W. HamlenLatifur KhanSocialCom/PASSAT 2011

20. Papers to Read for Exam #1 - Bhavani M. Thuraisingham: Mandatory Security in Object- Oriented Database Systems. OOPSLA 1989: 203-210OOPSLA 1989 - Bhavani M. Thuraisingham, William Ford: Security Constraints in a Multilevel Secure Distributed Database Management System. IEEE Trans. Knowl. Data Eng. 7(2): 274-293 (1995)William Ford IEEE Trans. Knowl. Data Eng. 7 - Rakesh Agrawal, Ramakrishnan Srikant: Privacy-Preserving Data Mining. SIGMOD Conference 2000: 439-450Ramakrishnan SrikantSIGMOD Conference 2000 - Optional paper l Mohammad M. Masud, Jing Gao, Latifur Khan, Jiawei Han, Bhavani M. Thuraisingham: Classification and Novel Class Detection in Concept-Drifting Data Streams under Time Constraints. IEEE Trans. Knowl. Data Eng. 23(6): 859-874 (2011) Mohammad M. MasudJing GaoLatifur KhanJiawei HanIEEE Trans. Knowl. Data Eng. 23

21. Index to Lectures for Exam #1 l Lecture 1: Data and Applications Security 8/31/2012 l Lecture 2: Cyber Security Modules 8/31/2012 (extra credit) l Lecture 3: Background on data management (no date) l Lecture 4: Access Control (9/7/2012) l Lecture 5: Policies (9/7/2012) l Lecture 6: Multilevel Secure Data Management (Taped, 9/14/2012) l Lecture 7: Assignment #1 l Lecture 8: Ms Parveen Lecture Insider threat (9/14/2012) l Lecture 9: Inference Problem 1 (9/21/2012) l Lecture 10: Inference Problem 2 (9/21/2012) l Lecture 11: Assignment #2 l Lecture 12: Secure Distributed Data Management (9/28/2012)

22. Index to Lectures for Exam #1 l Lecture 13: Secure Object System (9/28/2012) l Lecture 14: Secure Data Warehousing (10/5/2012) l Lecture 15: Data Mining for Malware Detection (10/12/2012) l Lecture 16: Privacy (10/5/2012) l Lecture 17: Assignment #3 l Questions: l Discretionary security, Policies, Multilevel Data Management, Security Constraint processing for inference control,, Semantic net for inference control, Secure distributed data management and information sharing, Secure object and geospatial data, Secure data warehousing with examples, Privacy including privacy preserving data mining, Data mining for malware detection including insider threat l Extra credit – Lecture #2

23. Papers to Read for Exam #2 l Abhijith Shastry, Murat Kantarcioglu, Yan Zhou, Bhavani M. Thuraisingham: Randomizing Smartphone Malware Profiles against Statistical Mining Techniques. DBSec 2012: 239-254 Abhijith ShastryMurat KantarciogluYan ZhouDBSec 2012 l Barbara Carminati, Elena Ferrari, Raymond Heatherly, Murat Kantarcioglu, Bhavani M. Thuraisingham: A semantic web based framework for social network access control. SACMAT 2009: 177-186 Barbara CarminatiElena FerrariRaymond HeatherlyMurat KantarciogluSACMAT 2009 l Elisa Bertino, Barbara Carminati, Elena Ferrari, Bhavani M. Thuraisingham, Amar Gupta: Selective and Authentic Third- Party Distribution of XML Documents. IEEE Trans. Knowl. Data Eng. 16(10): 1263-1278 (2004) Elisa BertinoElena FerrariBhavani M. ThuraisinghamAmar GuptaIEEE Trans. Knowl. Data Eng. 16

24. Index to Lectures for Exam #2 l What is in red will not be included in exam #2 l Lecture 18: Secure Web Services (10/12/2012) - 1 l Lecture 19: Trustworthy semantic web (10/26/2012?) - 1 l Lecture 20: XML security (10/26/2012?) - 1 l Lecture 21: Introduction to semantic web (10/26/2012?) l Lecture 22: Assignment #4 l Lecture 23: Secure cloud computing introduction (11/2/2012) – 0.5 l Lecture 24: Secure cloud computing prototypes at UTD (11/2) – 0.5 l * Lecture 25: Secure Knowledge Management and Web Security (11/9/2012) - 1 l Lecture 26: Secure Social Networks (11/9/2012) - 1

25. Index to Lectures for Exam #2 l Lecture 27: Dependable Data Management (11/16/2012) – 1 l Lecture 28: Digital Forensics and Biometrics (11/16/2012) - 1 l Lecture 29: Guest Lecture: Satyen Abrol (11/16/2012) l Lecture 30: Virtualization Security (11/30/2012) - 1 l Lecture 31: Smartphone malware and security (11/30/2012) - 1 l Lecture 32: Guest Lecture – Dr. Latifur Khan (12/7/2012) l Extra credit: any question from the lectures