Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #22 Secure Web Information.

Slides:



Advertisements
Similar presentations
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Advertisements

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #26 Emerging Technologies.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.
EMTM 553 Electronic Commerce Systems
Architecture & Data Management of XML-Based Digital Video Library System Jacky C.K. Ma Michael R. Lyu.
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
EMTM 553 Electronic Commerce Systems
Building E-Commerce and E-Learning Models Hassanin M. Al-Barhamtoshy
Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Secure Knowledge Management: and.
장홍예 Telecommunication Engineer Lab E-COMMERCE: TECHNICAL AND MARKET APPROACH.
Conceptual Design of an E- commerce System Min Ding Smeal College of Business Administration Pennsylvania State University.
Safeguarding and Charging for Information on the Internet Hector Garcia-Molina, Steven P.Ketchpel, Narayanan Shivakumar Stanford University ICDE 1998.
Building Trustworthy Semantic Webs Dr. Bhavani Thuraisingham The University of Texas at Dallas Semantic web technologies for secure interoperability and.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Web-based E-commerce Architecture
Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.
Chapter 4 Getting Paid. Objectives Understand electronic payment systems Know why you need a merchant account Know how to get a merchant account Explain.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Chapter 18: Doing Business on the Internet Business Data Communications, 4e.
Chapter 18: Doing Business on the Internet Business Data Communications, 4e.
Data and Applications Security Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #1 Introduction to Data and Applications Security August.
Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.
Chapter 30 - Electronic Commerce and Business Introduction E-Commerce is Big Business –all commercial transactions conducted over the Internet shopping,
E-commerce 24/12/ Electronic Commerce (E-Commerce) Commerce refers to all the activities the purchase and sales of goods or services. Marketing,
Introduction to Biometrics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #2 Information Security August 24, 2005.
CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
Trustworthy Semantic Webs Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #4 Vision for Semantic Web.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #15 Secure Multimedia Data.
Building Trustworthy Semantic Webs Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #2 Supporting Technologies August 27, 2008.
Introduction to Biometrics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #1 Biometrics and Other Emerging Technologies in Applications.
WEB SERVER SOFTWARE FEATURE SETS
CIS-325: Data Communications1 CIS-325 Data Communications Dr. L. G. Williams, Instructor.
EbXML Registry and Repository Dept of Computer Engineering Khon Kaen University.
Erik Jonsson School of Engineering and Computer Science The University of Texas at Dallas Cyber Security Research on Engineering Solutions Dr. Bhavani.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #25 Dependable Data Management.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #19 Digital Libraries, Semantic.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #3 Supporting Technologies:
Data and Applications Security
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Server Concepts Dr. Charles W. Kann.
Lecture #11: Ontology Engineering Dr. Bhavani Thuraisingham
Data and Applications Security
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
EMTM 553 Electronic Commerce Systems
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security
Data and Applications Security Developments and Directions
Data and Applications Security Developments and Directions
Data and Applications Security
Data and Applications Security
Presentation transcript:

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #22 Secure Web Information Management and Digital Libraries March 31, 2005

Outline l Web Security l Secure Web Data Management l Secure Digital Libraries

Web Security l End-to-end security - Need to secure the clients, servers, networks, operating systems, transactions, data, and programming languages - The various systems when put together have to be secure l Composable properties for security l Access control rules, enforce security policies, auditing, intrusion detection l Verification and validation l Security solutions proposed by W3C and OMG l Java Security l Firewalls l Digital signatures and Message Digests, Cryptography

Attacks to Web Security

Secure Web Components

E-Commerce Transactions l E-commerce functions are carried out as transactions - Banking and trading on the internet - Each data transaction could contain many tasks l Database transactions may be built on top of the data transaction service - Database transactions are needed for multiuser access to web databases - Need to enforce concurrency control and recovery techniques

Types of Transaction Systems l Stored Account Payment - e.g., Credit and debit card transactions - Electronic payment systems - Examples: First Virtual, CyberCash, Secure Electronic Transaction l Stored Value Payment - Uses bearer certificates - Modeled after hard cash l Goal is to replace hard cash with e-cash - Examples: E-cash, Cybercoin, Smart cards

What is E-Cash? l Electronic Cash is stored in a hardware token l Token may be loaded with money - Digital cash from the bank l Buyer can make payments to seller’s token (offline) l Buyer can pay to seller’s bank (online) l Both cases agree upon protocols l Both parties may use some sort of cryptographic key mechanism to improve security

Building Database Transactions Payments Protocol TCP/IP Protocol Socket Protocol Database Transaction Protocol HTTP Protocol

Secure Web databases l Secure data models - Secure XML, RDF, Relational, object-oriented, text, images, video, etc. l Secure data management functions - Secure query, transactions, storage, metadata l Key components for secure digital libraries and information retrieval/browsing

Secure Web Database Functions

Secure Query Management: Language Issues l Query language to access the databases - SQL extensions are being examined - XML-based query languages combined with SQL are emerging - Example: XML-QL l XML extensions for Multimedia databases such as SMIL (Synchronized Multimedia Interface Language) l Mappings between multiple languages l Web rules and query languages developed by W3C l Security should be incorporated into all aspects

Secure Transaction Management l Example transaction on the web - Multiple users attempting to buy a product - Wait for a certain period to get the highest bid l i.e., objects are not locked immediately l Flexible transaction models for the various types of transactions - Long duration transactions, short transactions, workflow-based transactions - Electronic commerce is a major application l Concurrency control protocols - Weak/strict serializability - Fine grained/coarse grained locking l Cover channels analysis; E-Commerce Security

Security/Integrity Management l Support for flexible security policies l Negotiations between different database administrators l Authorization and access control models such as role- based access control l Identification and authentication l Privacy Control l Copyright protection / Plagiarism l Multilevel security: Trusted Computing Base? l Maintaining the quality of the data coming from foreign sources

Attacks to Web Databases

Secure Web Database Techniques

Secure Digital Libraries l Digital libraries are e-libraries - Several communities have developed digital libraries l Medical, Social, Library of Congress l Components technologies - Web data management, Multimedia, information retrieval, indexing, browsing, l Security has to be incorporated into all aspects - Secure models for digital libraries, secure functions

Secure Digital Libraries

Secure Information Retrieval

Secure Browsing l Browser augments a multimedia system to develop a hypermedia system l Search space consist of nodes and links with different access control rules and/or classification levels l Can a user traverse a link or access the contents of a node? - What authorization does he/she have?

Secure Search Engines

Secure Markup Languages

Secure Question Answering

Summary and Directions l End-to-end security - Secure networks, clients, servers, middleware - Secure Web databases, agents, information retrieval systems, browsers, search engines, l As technologies evolve, more security problems - Data mining, intrusion detection, encryption are some of the technologies for security l Next steps - Secure semantic web, Secure knowledge management