Building Trustworthy Semantic Webs Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #3 Supporting Technologies: Databases, Information Management and Information Security August 2006
Database System l Consists of database, hardware, Database Management System (DBMS), and users l Database is the repository for persistent data l Hardware consists of secondary storage volumes, processors, and main memory l DBMS handles all users’ access to the database l Users include application programmers, end users, and the Database Administrator (DBA) l Need: Reduced redundancy, avoids inconsistency, ability to share data, enforce standards, apply security restrictions, maintain integrity, balance conflicting requirements l We have used the definition of a database management system given in C. J. Date’s Book (Addison Wesley, 1990)
An Example Database System Adapted from C. J. Date, Addison Wesley, 1990
Metadata l Metadata describes the data in the database - Example: Database D consists of a relation EMP with attributes SS#, Name, and Salary l Metadatabase stores the metadata - Could be physically stored with the database l Metadatabase may also store constraints and administrative information l Metadata is also referred to as the schema or data dictionary
Functional Architecture User Interface Manager Query Manager Transaction Manager Schema (Data Dictionary) Manager (metadata) Security/ Integrity Manager File Manager Disk Manager Data Management Storage Management
DBMS Design Issues l Query Processing - Optimization techniques l Transaction Management - Techniques for concurrency control and recovery l Metadata Management - Techniques for querying and updating the metadatabase l Security/Integrity Maintenance - Techniques for processing integrity constraints and enforcing access control rules l Storage management - Access methods and index strategies for efficient access to the database
Relational Database: Example Relation S: S# SNAME STATUS CITY S1 Smith 20 London S2 Jones 10 Paris S3 Blake 30 Paris S4 Clark 20 London S5 Adams 30 Athens Relation P: P# PNAME COLOR WEIGHT CITY P1 Nut Red 12 London P2 Bolt Green 17 Paris P3 Screw Blue 17 Rome P4 Screw Red 14 London P5 Cam Blue 12 Paris P6 Cog Red 19 London Relation SP: S# P# QTY S1 P1 300 S1 P2 200 S1 P3 400 S1 P4 200 S1 P5 100 S1 P6 100 S2 P1 300 S2 P2 400 S3 P2 200 S4 P2 200 S4 P4 300 S4 P5 400
Concepts in Object Database Systems l Objects- every entity is an object - Example: Book, Film, Employee, Car l Class - Objects with common attributes are grouped into a class l Attributes or Instance Variables - Properties of an object class inherited by the object instances l Class Hierarchy - Parent-Child class hierarchy l Composite objects - Book object with paragraphs, sections etc. l Methods - Functions associated with a class
A Definition of a Distributed Database System l A collection of database systems connected via a network l The software that is responsible for interconnection is a Distributed Database Management System (DDBMS) l Each DBMS executes local applications and should be involved in at least one global application (Ceri and Pelagetti) l Homogeneous environment
Architecture Communication Network Distributed Processor 1 DBMS 1 Data- base 1 Data- base 3 Data- base 2 DBMS 2 DBMS 3 Distributed Processor 2 Distributed Processor 3 Site 1 Site 2 Site 3
Data Distribution EMP1 SS#NameSalary 1John20 2Paul30 3James40 4Jill Mary 6Jane70 D# DnameD#MGR Jane David Peter DEPT1 SITE 1 SITE 2 EMP2 SS#NameSalary 9Mathew 70 D# 50 Dname D#MGR 50 Math John Physics DEPT2 David Peter C. Sci. English French 20 Paul
Interoperability of Heterogeneous Database Systems Database System A Database System B Network Database System C (Legacy) Transparent access to heterogeneous databases - both users and application programs; Query, Transaction processing (Relational) (Object- Oriented)
Federated Database Management Database System A Database System B Database System C Cooperating database systems yet maintaining some degree of autonomy Federation F1 Federation F2
Federated Data and Policy Management Export Data/Policy Component Data/Policy for Agency A Data/Policy for Federation Export Data/Policy Component Data/Policy for Agency C Component Data/Policy for Agency B Export Data/Policy
Current Status and Directions l Developments - Several prototypes and some commercial products - Tools for schema integration and transformation - Standards for interoperable database systems l Challenges being addressed - Semantic heterogeneity - Autonomy and federation - Global transaction management - Integrity and Security l New challenges - Scale - Web data management
What is Information Management? l Information management essentially analyzes the data and makes sense out of the data l Several technologies have to work together for effective information management - Data Warehousing: Extracting relevant data and putting this data into a repository for analysis - Data Mining: Extracting information from the data previously unknown - Multimedia: managing different media including text, images, video and audio - Web: managing the databases and libraries on the web
Data Warehouse Oracle DBMS for Employees Sybase DBMS for Projects Informix DBMS for Medical Data Warehouse: Data correlating Employees With Medical Benefits and Projects Could be any DBMS; Usually based on the relational data model Users Query the Warehouse
Multidimensional Data Model
Data Mining Knowledge Mining Knowledge Discovery in Databases Data Archaeology Data Dredging Database Mining Knowledge Extraction Data Pattern Processing Information Harvesting Siftware The process of discovering meaningful new correlations, patterns, and trends by sifting through large amounts of data, often previously unknown, using pattern recognition technologies and statistical and mathematical techniques (Thuraisingham 1998)
Multimedia Information Management Video Source Scene Change Detection Speaker Change Detection Silence Detection Commercial Detection Key Frame Selection Story Segmentation Named Entity Tagging Broadcast News Editor (BNE) Broadcast News Navigator (BNN) Video and Metadata Multimedia Database Management System Web-based Search/Browse by Program, Person, Location,... Imagery Audio Closed Caption Text Segregate Video Streams Analyze and Store Video and Metadata Story GIST Theme Frame Classifier Closed Caption Preprocess Correlation Token Detection Broadcast Detection
Extracting Relations from Text for Mining: An Example Text Corpus Repository Concept Extraction Association Rule Product Goal: Find Cooperating/ Combating Leaders in a territory
Image Processing: Example: Change Detection: l Trained Neural Network to predict “new” pixel from “old” pixel - Neural Networks good for multidimensional continuous data - Multiple nets gives range of “expected values” l Identified pixels where actual value substantially outside range of expected values - Anomaly if three or more bands (of seven) out of range l Identified groups of anomalous pixels
Semantic Web 0 Some Challenges: Interoperability between Layers; Security and Privacy cut across all layers; Integration of Services; Composability XML, XML Schemas Rules/Query Logic, Proof and Trust TRUSTTRUST Other Services RDF, Ontologies URI, UNICODE PRIVACYPRIVACY 0 Adapted from Tim Berners Lee’s description of the Semantic Web
Semantic Web Technologies l Web Database/Information Management - Information retrieval and Digital Libraries l XML, RDF and Ontologies - Representation information l Information Interoperability - Integrating heterogeneous data and information sources l Intelligent agents - Agents for locating resources, managing resources, querying resources and understanding web pages l Semantic Grids - Integrating semantic web with grid computing technologies
Information Management for Collaboration
Some Emerging Information Management Technologies l Visualization - Visualization tools enable the user to better understand the information l Peer-to-Peer Information Management - Peers communicate with each other, share resources and carry out tasks l Sensor and Wireless Information Management - Autonomous sensors cooperating with one another, gathering data, fusing data and analyzing the data - Integrating wireless technologies with semantic web technologies
What is Knowledge Management? l Knowledge management, or KM, is the process through which organizations generate value from their intellectual property and knowledge-based assets l KM involves the creation, dissemination, and utilization of knowledge l Reference: management.htm?source=google
Knowledge Management Components Components: Strategies Processes Metrics Cycle: Knowledge, Creation Sharing, Measurement And Improvement Technologies: Expert systems Collaboration Training Web Components of Knowledge Management: Components, Cycle and Technologies
IdentificationCreation Diffusion - Tacit, Explicit IntegrationModification Action Organizational Learning Process Metrics Source: Reinhardt and Pawlowsky Incentives also see: Tools in Organizational Learning
Operating System Security l Access Control - Subjects are Processes and Objects are Files - Subjects have Read/Write Access to Objects - E.g., Process P1 has read acces to File F1 and write access to File F2 l Capabilities - Processes must presses certain Capabilities / Certificates to access certain files to execute certain programs - E.g., Process P1 must have capability C to read file F
Mandatory Security l Bell and La Padula Security Policy - Subjects have clearance levels, Objects have sensitivity levels; clearance and sensitivity levels are also called security levels - Unclassified < Confidential < Secret < TopSecret - Compartments are also possible - Compartments and Security levels form a partially ordered lattice l Security Properties - Simple Security Property: Subject has READ access to an object of the subject’s security level dominates that of the objects - Star (*) Property: Subject has WRITE access to an object if the subject’s security level is dominated by that of the objects\
Covert Channel Example l Trojan horse at a higher level covertly passes data to a Trojan horse at a lower level l Example: - File Lock/Unlock problem - Processes at Secret and Unclassified levels collude with one another - When the Secret process lock a file and the Unclassified process finds the file locked, a 1 bit is passed covertly - When the Secret process unlocks the file and the Unclassified process finds it unlocked, a 1 bit is passed covertly - Over time the bits could contain sensitive data
Network Security l Security across all network layers - E.g., Data Link, Transport, Session, Presentation, Application l Network protocol security - Ver5ification and validation of network protocols l Intrusion detection and prevention - Applying data mining techniques l Encryption and Cryptography l Access control and trust policies l Other Measures - Prevention from denial of service, Secure routing, - - -
Steps to Designing a Secure System l Requirements, Informal Policy and model l Formal security policy and model l Security architecture - Identify security critical components; these components must be trusted l Design of the system l Verification and Validation
Product Evaluation l Orange Book - Trusted Computer Systems Evaluation Criteria l Classes C1, C2, B1, B2, B3, A1 and beyond - C1 is the lowest level and A1 the highest level of assurance - Formal methods are needed for A1 systems l Interpretations of the Orange book for Networks (Trusted Network Interpretation) and Databases (Trusted Database Interpretation) l Several companion documents - Auditing, Inference and Aggregation, etc. l Many products are now evaluated using the federal Criteria
Security Threats to Web/E-commerce
Approaches and Solutions l End-to-end security - Need to secure the clients, servers, networks, operating systems, transactions, data, and programming languages - The various systems when put together have to be secure l Composable properties for security l Access control rules, enforce security policies, auditing, intrusion detection l Verification and validation l Security solutions proposed by W3C and OMG l Java Security l Firewalls l Digital signatures and Message Digests, Cryptography
Other Security Technologies l Data and Applications Security l Middleware Security l Insider Threat Analysis l Risk Management l Trust and Economics l Biometrics