CSCE 824 – Secure Database Systems

Course Syllabus

Spring 2005

Photos from May 3^rd picnic. Thanks Radhika!

Professor: Csilla Farkas

Office: Swearingen 3A59

E-mail: farkas@cse.sc.edu

Class URL: http://www.cse.sc.edu/~farkas/csce824-2005/csce824.htm

Class hours: Tuesday, Thursday 11:00 – 12:15

Office hours: Tuesday, Thursday 12:15 – 1:15 pm or by appointment

Prerequisites: CSCE 520 and CSCE 522 or permission of instructor

Recommended Course Materials:

Conference Proceedings and journals:

Transactions on Knowledge and Data Engineering
ACM Transactions on Information and System Security (TISSEC)
Computers and Security
Research Directions In Data And Applications Security, IFIP TC 11/WG 11.3 Annual Conference On Data And Applications Security, since 1986
Secure Data Management: VLDB Workshop, 2004

Books:

Castano, Fugini, Martella, Samarati: Database Security, Addison-Wesley, 1995
Abrams, Jajodia, Podell, eds.: Information Security: An Integrated Collection of Essays, IEEE Computer Society Press, 1995 (online http://www.acsac.org/secshelf/book001/book001.html)
S. Abiteboul, P. Buneman, D. Suciu: Data on the Web, Morgan Kaufmann Publisher, 2000
S. Abiteboul, R. Hull, V. Vianu: Foundation of Databases, Addison-Wesley, 1995

Syllabus

All groups – Project websites need to be updated to contain:

1. All submitted documents (proposals)

2. Complete list to reference materials

3. Presentation slides

4. Versions of the project documentation (including date of update)

Lecture Notes

Jan. 13 Introduction (slides)

Jan. 18 Relational Data Model (class handout Foundation of Databases: Chapter 2 and 3)

Jan. 20 Query Languages and Database Constraints (class handout Foundation of Databases: Chapter 4 and 8)

Jan. 25 Multilevel Secure Relational Data Model (S. Jajodia, R. S. Sandhu. Toward a Multilevel Secure Relational Data Model. Proc.

- 27 1991 ACM Int'l. Conf. on Management of Data (SIGMOD), 50-59. http://citeseer.ist.psu.edu/jajodia91toward.html )

Febr. 1 Polyinstantiation (Sushil Jajodia, Ravi S. Sandhu, and Barbara T. Blaustein, Solutions to the Polyinstantiation Problem,http://www.acsac.org/secshelf/book001/21.pdf)

MLS/RDMS Architectures (LouAnna Notargiacomo, Architectures for MLS Database Management Systems http://www.acsac.org/secshelf/book001/19.pdf ; MLS database schemes, http://www.sei.cmu.edu/str/descriptions/mlsdms_body.html )

Febr. 3 Role-Based Access Control Models (David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn and Ramaswamy Chandramouli, Proposed NIST Standard for Role-Based Access Control, ACM Transactions on Information and Systems Security (TISSEC), Volume 4, Number 3, August 2001 – slides

Febr. 8 Duminda Wijesekera, Sushil Jajodia, ``A propositional policy algebra for access control,'' ACM Trans. on Information and System Security, Vol. 6, No. 2, May 2003, pages 286-325. (http://portal.acm.org/citation.cfm?id=762481 )

Slide on access control

Febr. 10 Sushil Jajodia, Pierangela Samarati, Maria Luisa Sapino, V. S. Subrahmanian, ``Flexible support for multiple access control policies,'' ACM Trans. on Database Systems, Vol. 26, No. 2, June 2001, pages 214-260, http://portal.acm.org/citation.cfm?id=383894 )

Febr. 15 Project Topic Presentations

-22

Febr. 24 Sushil Jajodia, Pierangela Samarati, Maria Luisa Sapino, V. S. Subrahmanian, ``Flexible support for multiple access control policies,'' ACM Trans. on Database Systems, Vol. 26, No. 2, June 2001, pages 214-260, http://portal.acm.org/citation.cfm?id=383894 )

Febr. 29 C. Bettini, S. Jajodia, X. S. Wang and D. Wijesekera, “Provisions and Obligations in Policy Rule Management and Security Applications,”

28th VLDB Conference, Hong-Kong, China, 2002. http://www.vldb.org/conf/2002/S14P03.pdf , Slides from D. Wijesekera

Sushil Jajodia, Michiharu Kudo, V. S. Subrahmanian, “Provisional Authorizations,”

Proc. 1st Workshop on Security and Privacy in E-Commerce, Athens, Greece, November 2000, http://www.trl.ibm.com/projects/xml/xacl/wspec2k-kudo.pdf

March 1 A. Brodsky, C. Farkas, S. Jajodia, “Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures,” IEEE Transactions on Knowledge and Data Engineering , 2000, Pages: 900 – 919; slides http://portal.acm.org/citation.cfm?id=628099&coll=GUIDE&dl=GUIDE&CFID=39858956&CFTOKEN=53456014 ;

C. Farkas, S. Jajodia, “The Inference Problem: a Survey,” ACM SIGKDD Explorations Newsletter, 2002, Pages: 6 – 11, http://portal.acm.org/citation.cfm?id=772864

March 15 N. R. Adam, J.C. Worthmann, “Security-control methods for statistical databases: a comparative study,” ACM Computing Surveys, Volume 21, Issue 4, 1989, http://portal.acm.org/citation.cfm?id=76895&dl=GUIDE&coll=GUIDE&CFID=40486231&CFTOKEN=8132616

R. Agrawal, R. Srikant, “Privacy-preserving data mining,” In Proceedings of of the 2000 ACM SIGMOD International Conference on Management of Data, pp. 439--450, 2000, http://citeseer.ist.psu.edu/agrawal00privacypreserving.html ;

A. Evfimievski, J. Gehrke, R. Srikant, ”Limiting Privacy Breaches in Privacy Preserving Data Mining,” http://citeseer.ist.psu.edu/evfimievski03limiting.html

March 17 B.M. Thuraisingham, “Security issues for data warehousing and data mining,” Proceedings of the tenth annual IFIP TC11/WG11.3 international conference on Database security: volume X : status and prospects: status and prospects, 1997, http://portal.acm.org/citation.cfm?id=268534 ;

A. Rosenthal, E. Sciore, “View Security as the Basis for Data Warehouse Security ,” CAiSE Workshop on Design and Management of Data Warehouses, Stockholm, 2000, http://citeseer.ist.psu.edu/rosenthal00view.html ;

Elisa Bertino, Elena Ferrari, Andrea Perego: Ma X : An Access Control System for Digital Libraries and the Web. COMPSAC 2002: 945-950, http://semioweb.msh-paris.fr/euforbia/download/max.pdf

Take Home EXAM: MArch 31 (thursday) – april 5 (Tuesday)

Tentative Group Lectures -- Evaluation Form

March 22 (30 min) Imprecise queries (Kamana) Group 5 – slide

§          Answering Imprecise Queries, http://www.public.asu.edu/~mallu/pubs/p126-nambiar.pdf

(30 min) security risks of imprecise queries (Kanoth) Group 5 – slide

§          Deep Web, http://www.cs.cornell.edu/people/jai/papers/DeepWebIndex.pdf

http://www.brightplanet.com/pdf/deepwebwhitepaper.pdf

March 24 (30 min) XML & RDF basics (Farkas) – slide

§ Extensible Markup Language (XML) 1.0 (Third Edition), http://www.w3.org/TR/REC-xml/

§ Resource Description Framework (RDF), http://www.w3.org/RDF/

§ TAX: A Tree Algebra for XML, H. V. Jagadish, Laks V. S. Lakshmanan, Divesh Srivastava, Keith Thompson, 8th International Workshop on Database Programming Languages, DBLP 2001, pp. 149-164

(30 min) XML update (Roy) Group 2 – slide

§ Updating XML, Igor Tatarinov , Zachary G. Ives , Alon Y. Haley , Daniel S. Weld , SIGMOD 2001.

March 29 (30 min) XML data model (Alexandrou) Group 3.a – slide

§ E. Bertino, S. Castano, E. Ferrari, Securing XML documents with Author-X, IEEE Internet Computing, 2001. http://www.oasis-open.org/committees/xacml/docs/w3ferr.lo1.pdf

(30 min) XML Semantics and Ontologies (Starrenburg) Group 3.b – slide

§ E. Cruz, H. Xiao, F. Hsu, An Ontology-based Framework for XML Semantic Integration (IDEAS 2004), http://www.cs.uic.edu/~fhsu/publications/cruz-ideas2004.pdf

March 31 (30 min) RDF Inferencing (Jain) Group 4 – slide

§ W#C Recommendation (2004): RDF Semantics, http://www.w3.org/TR/rdf-mt/

(30 min) Policy compliance (Gowadia) Group 11

§ Arosha K. Bandara, Using Event Calculus to Formalise Policy Specification and Analysis,

o Slides: http://www.doc.ic.ac.uk/~bandara/research/ECPolicyAnalysis-Policy2003.ppt

o Paper: http://www.doc.ic.ac.uk/~bandara/research/BandaraLupuRusso_ECPolicySpecification.pdf

April 5 (30 min) Trust management (Raju) Group 7 – slide

· M.A. Patton and A. Josang, Technologies for Trust in E-Commerce, http://security.dstc.edu.au/papers/PJ2004-ECRJ.pdf

(30 min) Technologies (Ragunathan) Group 7 – slide

· K.E. Seamons, M. Winslett, T. Yu, L. Yu, and R. Jarvis, Protecting Privacy during On-line Trust Negotiation, http://isrl.cs.byu.edu/pubs/pet2002.pdf

April 7 (30 min) Anonymity in P2P (Huenefeld) Group 9 – slide

§ Sepandar D. Kamvar, Mario T. Schlosser, Hector Garcia-Molina, "The EigenTrust Algorithm for Reputation Management in P2P Networks", Proc. of the Twelfth International World Wide Web Conference, May, 2003. http://www.cs.sfu.ca/~mhefeeda/Courses/05/P2P/Papers/KSG03.pdf

(30 min) Trust model for P2P (Jafari-Lafti) Group 9 – slide

· M.J. Freedman and R. Morris,Tarzan: A Peer-to-Peer Anonymizing Network Layer, www.pdos.lcs.mit.edu/papers/tarzan:ccs9/tarzan:ccs9.pdf

April 12 (30 min) Cyber auditing (Alexandrov) Group 6 – slide

· Carlo Blundo, Stelvio Cimato, A Software Infrastructure for Authenticated Web Metering, http://csdl.computer.org/comp/mags/co/2004/04/r4028abs.htm

(30 min) Economical Modeling (Mendoza) Group 6 – slide

· Yan Zheng Wei, Luc Moreau, Nicholas R. Jennings, Recommender Systems: A

Market-Based Design, Proc. 2nd International Joint Conference on Autonomous

Agents and Multi Agent Systems (AAMAS03), http://citeseer.ist.psu.edu/582700.html

April 14 (30 min) Cyber attacks taxonomy (Kodur) Group 8 – slide

(30 min) Cyber damage and insurance (Saxena) Group 8 – slide

April 19 (30 min) Digital copyright (Farkas)

· Deputy Assistant Attorney General John G. Malcolm's Testimony before the Subcommittee on Courts, the Internet, and Intellectual Property of the House Committee on the Judiciary (March 13, 2003), http://www.usdoj.gov/criminal/cybercrime/malcolmTestimony.htm

(30 min) DVD copyright protection (Vu) Group 10

April 21 (30 min) PSTN basics (Cathey) Group 1

(30 min) Voice security over PSTN (Sodisetti) Group 1

FINAL MEETING – Project report due: May 3, 2005 9:00 am