1 / 24

Data and Applications Security Developments and Directions

Data and Applications Security Developments and Directions. Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #1 Introduction to Data and Applications Security January 11, 2005. Outline. Data and Applications Security Developments and Directions Secure Semantic Web

woodst
Download Presentation

Data and Applications Security Developments and Directions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #1 Introduction to Data and Applications Security January 11, 2005

  2. Outline • Data and Applications Security • Developments and Directions • Secure Semantic Web • XML Security; Other directions • Some Emerging Secure DAS Technologies • Secure Information Integration; Secure Sensor Information Management; Secure Dependable Information Management • Some Directions for Privacy • Data Mining for handling security problems; Privacy vs. National Security; Privacy Constraint Processing; Foundations of the Privacy Problem • What are the Challenges? • Outline of the Course

  3. Developments in Data and Applications Security: 1975 - Present • Access Control for Systems R and Ingres (mid 1970s) • Multilevel secure database systems (1980 – present) • Relational database systems: research prototypes and products; Distributed database systems: research prototypes and some operational systems; Object data systems; Inference problem and deductive database system; Transactions • Recent developments in Secure Data Management (1996 – Present) • Secure data warehousing, Role-based access control (RBAC); E-commerce; XML security and Secure Semantic Web; Data mining for intrusion detection and national security; Privacy; Dependable data management; Secure knowledge management and collaboration

  4. Developments in Data and Applications Security: Multilevel Secure Databases - I • Air Force Summer Study in 1982 • Early systems based on Integrity Lock approach • Systems in the mid to late 1980s, early 90s • E.g., Seaview by SRI, Lock Data Views by Honeywell, ASD and ASD Views by TRW • Prototypes and commercial products • Trusted Database Interpretation and Evaluation of Commercial Products • Secure Distributed Databases (late 80s to mid 90s) • Architectures; Algorithms and Prototype for distributed query processing; Simulation of distributed transaction management and concurrency control algorithms; Secure federated data management

  5. Developments in Data and Applications Security: Multilevel Secure Databases - II • Inference Problem (mid 80s to mid 90s) • Unsolvability of the inference problem; Security constraint processing during query, update and database design operations; Semantic models and conceptual structures • Secure Object Databases and Systems (late 80s to mid 90s) • Secure object models; Distributed object systems security; Object modeling for designing secure applications; Secure multimedia data management • Secure Transactions (1990s) • Single Level/ Multilevel Transactions; Secure recovery and commit protocols

  6. Some Directions and Challenges for Data and Applications Security - I • Secure semantic web • Single/multiple security models? • Different application domains • Secure Sensor Information Management • Fusing and managing data/information from distributed and autonomous sensors • Secure Dependable Information Management • Integrating Security, Real-time Processing and Fault Tolerance • Data Sharing vs. Privacy • Federated database architectures?

  7. Some Directions and Challenges for Data and Applications Security - II • Data mining and knowledge discovery for intrusion detection • Need realistic models; real-time data mining • Secure knowledge management • Protect the assets and intellectual rights of an organization • Information assurance, Infrastructure protection, Access Control • Insider cyber-threat analysis, Protecting national databases, Role-based access control for emerging applications • Security for emerging applications • Geospatial, Biomedical, E-Commerce, etc. • Other Directions • Trust and Economics, Trust Management/Negotiation, Secure Peer-to-peer computing, Biometrics

  8. TRUST P R I V A C Y Logic, Proof and Trust Rules/Query Other Services RDF, Ontologies XML, XML Schemas URI, UNICODE Secure Semantic Web • According to Tim Berners Lee, The Semantic Web supports • Machine readable and understandable web pages • Layers for the semantic web: Security cuts across all layers

  9. Steps to Securing the Semantic Web • Flexible Security Policy • One that can adapt to changing situations and requirements • Security Model • Access Control, Role-based security, Nonrepudiation, Authentication • Security Architecture and Design • Examine architectures for semantic web and identify security critical components • Securing the Layers of the Semantic Web • Secure agents, XML security, RDF security, secure semantic interoperabiolity, security properties for ontologies, Security issues for digital rights

  10. XML Security • Some ideas have evolved from research in secure multimedia/object data management • Access control and authorization models • Protecting entire documents, parts of documents, propagations of access control privileges; Protecting DTDs vs Document instances; Secure XML Schemas • Update Policies and Dissemination Policies • Secure publishing of XML documents • How do you minimize trust for third party publication • Use of Encryption • Inference problem for XML documents • Portions of documents taken together could be sensitive, individually not sensitive

  11. What are the Next Steps and Challenges for Secure Semantic Web? • We need to continue with XML security research as well as work with standards • W3C standards are advancing rapidly; security research, prototypes and products must keep up with the developments • Researchers, vendors and standards organizations must work together • Secure XML Database Systems (query, transactions, storage, - - -) • RDF Security • When you bring in semantics, many challenges for security • Need to develop security models for RDF documents • Secure Ontologies • Two aspects; one is to develop protection models for Ontology databases; other is to use ontologies for ensuring security and privacy

  12. Secure Sensor Information Management • Sensor network consists of a collection of autonomous and interconnected sensors that continuously sense and store information about some local phenomena • May be employed in battle fields, seismic zones, pavements • Data streams emanate from sensors; for geospatial applications these data streams could contain continuous data of maps, images, etc. Data has to be fused and aggregated • Continuous queries are posed, responses analyzed possibly in real-time, some streams discarded while rest may be stored • Recent developments in sensor information management include sensor database systems, sensor data mining, distributed data management, layered architectures for sensor nets, storage methods, data fusion and aggregation • Secure sensor data/information management has received very little attention; need a research agenda

  13. Secure Sensor Information Management: Directions • Individual sensors may be compromised and attacked; need techniques for detecting, managing and recovering from such attacks • Aggregated sensor data may be sensitive; need secure storage sites for aggregated data; variation of the inference and aggregation problem? • Security has to be incorporated into sensor database management • Policies, models, architectures, queries, etc. • Evaluate costs for incorporating security especially when the sensor data has to be fused, aggregated and perhaps mined in real-time

  14. Secure Dependable Information Management • Dependable information management includes • secure information management • fault tolerant information • High integrity and high assurance computing • Real-time computing • Conflicts between different features • Security, Integrity, Fault Tolerance, Real-time Processing • E.g., A process may miss real-time deadlines when access control checks are made • Trade-offs between real-time processing and security • Need flexible security policies; real-time processing may be critical during a mission while security may be critical during non-operational times

  15. Secure Dependable Information Management Example: Next Generation AWACS Technology provided by the project Navigation Display Consoles Data Analysis Programming Processor Data Links (14) Group (DAPG) & Sensors Refresh Channels Sensor Multi-Sensor • Security being considered after • the system has been designed • and prototypes implemented • Challenge: Integrating real-time • processing, security and • fault tolerance Detections Tracks Future Future Future App App App Data MSI Mgmt. App Data Xchg. Infrastructure Services Real-time Operating System Hardware

  16. Directions for Privacy • Why this interest now on privacy? • Data Mining for National Security • Data Mining is a threat to privacy • Balance between data sharing/mining and privacy • Is federated data management a solution • Privacy Preserving Data Mining • Inference Problem as a Privacy Problem • Handling privacy constraints; Foundations • Web/Semantic Web will have to address privacy • Federated Architectures for Data Sharing?

  17. Data Mining to Handle Security Problems • Data mining tools could be used to examine audit data and flag abnormal behavior • Much recent work in Intrusion detection • e.g., Neural networks to detect abnormal patterns • Tools are being examined to determine abnormal patterns for national security • Classification techniques, Link analysis • Fraud detection • Credit cards, calling cards, identity theft etc.

  18. Data Mining as a Threat to Privacy • Data mining gives us “facts” that are not obvious to human analysts of the data • Enables inspection and analysis of huge amounts of data • Possible threats: • Predict information about classified work from correlation with unclassified work • Mining “Open Source” data to determine predictive events (e.g., Pizza deliveries to the Pentagon) It isn’t the data we want to protect, but correlations among data items Initial ideas presented at the IFIP 11.3 Database Security Conference, July 1996 in Como, Italy Data Sharing/Mining vs. Privacy: Federated Data Management Architecture for the Department of Homeland Security?

  19. What can we do?: Privacy Preserving Data Mining • Prevent useful results from mining • limit data access to ensure low confidence and support • Extra data (“cover stories”) to give “false” results with Providing only samples of data can lower confidence in mining results; • Idea: If adversary is unable to learn a good classifier from the data, then adversary will be unable to learn good • rules, predictive functions • Approach: Only make a sample of data available • Limits ability to learn good classifier • Several recent research efforts have been reported

  20. Privacy Constraints • Simple Constraints - an attribute of a document is private • Content-based constraints: If document contains information about XXX, then it is private • Association-based Constraints: Two or more documents together is private; individually they are public • Dynamic constraints: After some event, the document is private or becomes public • Several challenges: Specification and consistency of constraints is a Challenge; How do you take into consideration external knowledge? Managing history information

  21. Architecture for Privacy Constraint Processing User Interface Manager Privacy Constraints Constraint Manager Database Design Tool Constraints during database design operation Update Processor: Constraints during update operation Query Processor: Constraints during query and release operations DBMS Database

  22. Federated Data and Policy Management Data/Policy for Federation Export Export Data/Policy Data/Policy Export Data/Policy Component Component Data/Policy for Data/Policy for Agency A Agency C Component Data/Policy for Agency B

  23. Some Key Directions • Transfer security technology to operational systems; need to develop systems that are flexible, usable and secure • Bring human computer interaction and people aspects into system design • Security for emerging applications • E.g., medical informatics, bioinformatics, scientific and engineering informatics, and other areas • Data mining for security (e.g., intrusion detection, insider cyber threat); cannot forget about Privacy • Interdisciplinary research in information security • Emerging areas include Secure semantic web, Secure Information Integration, Secure Sensors, Trust Management/Negotiation, Economics, - - - - -

  24. Outline of Course • Supporting Technologies • Discretionary Security • Multilevel Security • Inference Problem • Secure Distributed Databases • Secure Object Systems • Secure Data warehouses • Data Mining and security • Privacy • Secure Multimedia and Information Management • Secure Knowledge Management • Secure Semantic Web • Secure Dependable Information Management • Special Topics: Biometrics, Digital identity, - - -

More Related