Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Secure Knowledge Management: and Web Security November 5, 2010
Outline of the Unit l Background on Knowledge Management l Secure Knowledge Management l Confidentiality, Privacy and Trust l Integrated System l Secure Knowledge Management Technologies l Web Security l Digital Libraries l Directions
References l Proceedings Secure Knowledge Management Workshop - Secure Knowledge Management Workshop, Buffalo, NY, September l Secure Knowledge Management - Bertino, Khan, Sandhu and Thuraisingham - IEEE Transactions on Systems man and Cybernetics - This lecture is based on the above paper
What is Knowledge Management l Knowledge management, or KM, is the process through which organizations generate value from their intellectual property and knowledge-based assets l KM involves the creation, dissemination, and utilization of knowledge l Reference: management.htm?source=google
Knowledge Management Components Components: Strategies Processes Metrics Cycle: Knowledge, Creation Sharing, Measurement And Improvement Technologies: Expert systems Collaboration Training Web Components of Knowledge Management: Components, Cycle and Technologies
IdentificationCreation Diffusion - Tacit, Explicit IntegrationModification Action Organizational Learning Process Metrics Source: Reinhardt and Pawlowsky Incentives
Aspects of Secure Knowledge Management (SKM) l Protecting the intellectual property of an organization l Access control including role-based access control l Security for process/activity management and workflow - Users must have certain credentials to carry out an activity l Composing multiple security policies across organizations l Security for knowledge management strategies and processes l Risk management and economic tradeoffs l Digital rights management and trust negotiation
SKM: Strategies, Processes, Metrics, Techniques l Security Strategies: - Policies and procedures for sharing data - Protecting intellectual property - Should be tightly integrated with business strategy l Security processes - Secure workflow - Processes for contracting, purchasing, order management, etc. l Metrics - What is impact of security on number of documents published and other metrics gathered l Techniques - Access control, Trust management
SKM: Strategies, Processes, Metrics, Techniques
IdentificationCreation Diffusion - Tacit, Explicit IntegrationModification Action Security Impact on Organizational Learning Process Metrics What are the restrictions On knowledge sharing By incorporating security Incentives
Security Policy Issues for Knowledge Management l Defining Policies during Knowledge Creation l Representing policies during knowledge management l Enforcing policies during knowledge manipulation and dissemination
Secure Knowledge Management Architecture
SKM for Coalitions l Organizations for federations and coalitions work together to solve a problem - Universities, Commercial corporation, Government agencies l Challenges is to share data/information and at the same time ensure security and autonomy for the individual organizations l How can knowledge be shared across coalitions?
SKM Coalition Architecture Export Knowledge Component Knowledge for Agency A Knowledge for Coalition Export Knowledge Component Knowledge for Agency C Component Knowledge for Agency B Export Knowledge
SKM Technologies l Data Mining - Mining the information and determine resources without violating security l Secure Semantic Web - Secure knowledge sharing l Secure Annotation Management - Managing annotations about expertise and resources l Secure content management - Markup technologies and related aspects for managing content l Secure multimedia information management
Directions for SKM l We have identified high level aspects of SKM - Strategies, Processes. Metrics, techniques, Technologies, Architecture l Need to investigate security issues - RBAC, UCON, Trust etc. l CS departments should collaborate with business schools on KM and SKM
Web Security l End-to-end security - Need to secure the clients, servers, networks, operating systems, transactions, data, and programming languages - The various systems when put together have to be secure l Composable properties for security l Access control rules, enforce security policies, auditing, intrusion detection l Verification and validation l Security solutions proposed by W3C and OMG l Java Security l Firewalls l Digital signatures and Message Digests, Cryptography
Attacks to Web Security
Secure Web Components
E-Commerce Transactions l E-commerce functions are carried out as transactions - Banking and trading on the internet - Each data transaction could contain many tasks l Database transactions may be built on top of the data transaction service - Database transactions are needed for multiuser access to web databases - Need to enforce concurrency control and recovery techniques
Types of Transaction Systems l Stored Account Payment - e.g., Credit and debit card transactions - Electronic payment systems - Examples: First Virtual, CyberCash, Secure Electronic Transaction l Stored Value Payment - Uses bearer certificates - Modeled after hard cash l Goal is to replace hard cash with e-cash - Examples: E-cash, Cybercoin, Smart cards
Building Database Transactions Payments Protocol TCP/IP Protocol Socket Protocol Database Transaction Protocol HTTP Protocol
Secure Digital Libraries l Digital libraries are e-libraries - Several communities have developed digital libraries l Medical, Social, Library of Congress l Components technologies - Web data management, Multimedia, information retrieval, indexing, browsing, l Security has to be incorporated into all aspects - Secure models for digital libraries, secure functions
Secure Digital Libraries
Secure Web Databases l Database access through the web - JDBC and related technologies l Query, indexing and transaction management - E.g., New transaction models for E-commerce applications - Index strategies for unstructured data l Query languages and data models - XML has become the standard document interchange language l Managing XML databases on the web - XML-QL, Extensions to XML, Query and Indexing strategies l Integrating heterogeneous data sources on the web - Information integration and ontologies are key aspects l Mining the data on the web - Web content, usage, structure and content mining
Directions for Web Security l End-to-end security - Secure networks, clients, servers, middleware - Secure Web databases, agents, information retrieval systems, browsers, search engines, l As technologies evolve, more security problems - Data mining, intrusion detection, encryption are some of the technologies for security l Next steps - Secure semantic web, Secure knowledge management - Building trusted applications from untrusted components