1. Data and Applications Security Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #1 Introduction to Data and Applications Security August 29, 2014

2. Outline l Data and Applications Security - Developments and Directions l Secure Semantic Web - XML Security; Other directions l Some Emerging Secure DAS Technologies - Secure Sensor Information Management; Secure Dependable Information Management l Some Directions for Privacy Research - Data Mining for handling security problems; Privacy vs. National Security; Privacy Constraint Processing; Foundations of the Privacy Problem l What are the Challenges?

3. Developments in Data and Applications Security: 1975 - Present l Access Control for Systems R and Ingres (mid 1970s) l Multilevel secure database systems (1980 – present) - Relational database systems: research prototypes and products; Distributed database systems: research prototypes and some operational systems; Object data systems; Inference problem and deductive database system; Transactions l Recent developments in Secure Data Management (1996 – Present) - Secure data warehousing, Role-based access control (RBAC); E- commerce; XML security and Secure Semantic Web; Data mining for intrusion detection and national security; Privacy; Dependable data management; Secure knowledge management and collaboration

4. Developments in Data and Applications Security: Multilevel Secure Databases - I l Air Force Summer Study in 1982 l Early systems based on Integrity Lock approach l Systems in the mid to late 1980s, early 90s - E.g., Seaview by SRI, Lock Data Views by Honeywell, ASD and ASD Views by TRW - Prototypes and commercial products - Trusted Database Interpretation and Evaluation of Commercial Products l Secure Distributed Databases (late 80s to mid 90s) - Architectures; Algorithms and Prototype for distributed query processing; Simulation of distributed transaction management and concurrency control algorithms; Secure federated data management

5. Developments in Data and Applications Security: Multilevel Secure Databases - II l Inference Problem (mid 80s to mid 90s) - Unsolvability of the inference problem; Security constraint processing during query, update and database design operations; Semantic models and conceptual structures l Secure Object Databases and Systems (late 80s to mid 90s) - Secure object models; Distributed object systems security; Object modeling for designing secure applications; Secure multimedia data management l Secure Transactions (1990s) - Single Level/ Multilevel Transactions; Secure recovery and commit protocols

6. Some Directions and Challenges for Data and Applications Security - I l Secure semantic web - Security models l Secure Information Integration - How do you securely integrate numerous and heterogeneous data sources on the web and otherwise l Secure Sensor Information Management - Fusing and managing data/information from distributed and autonomous sensors l Secure Dependable Information Management - Integrating Security, Real-time Processing and Fault Tolerance l Data Sharing vs. Privacy - Federated database architectures?

7. Some Directions and Challenges for Data and Applications Security - II l Data mining and knowledge discovery for intrusion detection - Need realistic models; real-time data mining l Secure knowledge management - Protect the assets and intellectual rights of an organization l Information assurance, Infrastructure protection, Access Control - Insider cyber-threat analysis, Protecting national databases, Role-based access control for emerging applications l Security for emerging applications - Geospatial, Biomedical, E-Commerce, etc. l Other Directions - Trust and Economics, Trust Management/Negotiation, Secure Peer-to-peer computing,

8. Coalition Data and Policy Sharing Export Data/Policy Component Data/Policy for Agency A Data/Policy for Federation Export Data/Policy Component Data/Policy for Agency C Component Data/Policy for Agency B Export Data/Policy

9. Other topics to be covered by course l Secure Cloud Computing l Secure Social Media l Mobile code security l Vulnerability Analysis l Infrastructure security l Healthcare Security l Financial Security