1. Data and Applications Security Developments and Directions
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
Introduction to the Course
August 24, 2011

2. Objective of the Unit
This unit provides an overview of the course. The course describes concepts, developments, challenges, and directions in data and applications security. Topics include
database security, distributed data management security, object security, data warehouse security, data mining for security applications, privacy, secure semantic web, secure digital libraries, secure knowledge management and secure sensor information management, biometrics

3. Outline of the Unit Outline of Course Course Work Course Rules Contact
Appendix

4. Outline of the Course Unit #1: Introduction to Data and Applications
Part I: Background
Unit #2: Data Management
Unit #3: Information Security
Unit #4: Information Management
Part II: Discretionary Security
Unit #5: Concepts
Unit #6: Policy Enforcement
Part III: Mandatory Security
Unit #7: Concepts
Unit #8: Architectures

5. Outline of the Course (Continued)
Part IV: Secure Relational Data Management
Unit #9: Data Model
Unit #10: Functions
Unit #11: Prototypes and Products
Part V: Inference Problem
Unit #12: Concepts
Unit #13: Constraint Processing
Unit #14: Conceptual Structures
Part VI: Secure Distributed Data Management
Unit #15: Secure Distributed data management
Unit #16: Secure Heterogeneous Data Integration
Unit #17: Secure Federated Data Management

6. Outline of the Course (Continued)
Part VII: Secure Object Data Management
Unit #18: Secure Object Management
Unit #19: Secure Distributed Objects and Modeling Applications
Unit #20: Secure Multimedia Systems
Part VIII: Data Warehousing, Data Mining and Security
Unit #21: Secure Data Warehousing
Unit #22: Data Mining for Security Applications
Unit #23: Privacy
Part IX: Secure Information Management
Unit #24: Secure Digital Libraries
Unit #25: Secure Semantic Web (web services, XML security)
Unit #26: Secure Information and Knowledge Management

7. Outline of the Course (Continued)
Part X: Emerging Technologies
Unit #27: Secure Dependable Data Management
Unit #28: Secure Sensor and Wireless Data Management
Unit #29: Other Emerging Technologies
Unit #30 Conclusion to the Course
Guest Lectures Some guest lectures may be included
Some other topics
Review for finals

8. Course Work One term paper; each worth 10 points November 16
Two exams each worth 20 points
Exam #1: October 19
Exam #2: As scheduled by UTD; December 9, 2011
Programming project worth 12 points: December 5
Four homework assignments each worth 6 points
September 28; October 12; November 9; November 30
Total 86 points
May be given a surprise quiz (4 points)
Total 90

9. Course Work
Course Book: Database and Applications Security: Integration Data Management and Information Security, Bhavani Thuraisingham, CRC Press, 2005
Will also include papers as reading material

10. Some Topics for Papers XML Security Inference Problem Privacy
Secure Biometrics
Intrusion Detection
E-Commerce Security
Secure Sensor Information Management
Secure Distributed Systems
Secure Semantic Web
Secure Data Warehousing
Insider Threat Analysis
Secure Multimedia Systems

11. Term Papers: Example Format
Abstract
Introduction
Background on the Topic
Survey of various techniques, designs etc,
Analyze the techniques, designs etc. and give your opinions
Directions for further work
Summary and Conclusions
References

12. Term Papers: Example Format - II
Abstract
Introduction
Background on the Topic and Related Work
Discuss strengths and weaknesses of your work and others’ work
Give your own design
Directions for further work
Summary and Conclusions
References

13. Project Report Format Overview of the Project Design of the System
Input/Output
Future Enhancements
References

14. Some Project Topics Quivery Modification on XML Documents
Access control for web systems
Intrusion detection system
Access control for multimedia systems
E.g., access control for image, video
Role-based access control system
Access control for object systems
Secure data warehouse

15. Index to Lectures
Lecture 1: August 24, 2011; This lecture gives an introduction to data and applications security
Lecture 2: August 29: Secure data storage and retrieval in a cloud (skip for exam 1)
Lecture 3: Aug 31: Cyber Security
Lecture 4: Sept 7: Access control in data management systems
Lecture 5: Sept 7: Policies
Lecture 6: Sept 12: Data mining for malware detection
Lecture 7: Sept 14: Multilevel secure data management
Lecture 8: Sept 14: Assignment #1
Lecture 9: Sept 19: Completed lecture 7; started on Inference Problem – 1
Lecture 10: Sept 21: Novel class detection

16. Index to Lectures
Sept 26th Continuation of Inference problem (Lecture 9)
Lecture 11: Sept 28: NIST NVD lecture was given that day; but lecture posted is Inference problem – II which was covered on Oct 3
Lecture 12: Sept 28, Assignment #2
Oct 3 lecture: Gave the lecture posted under Lecture 11 which is inference problem - II
Lecture 13: Oct 5: Secure Distributed Data Management (skip the part on single sign and identity mgmt on for exam #1)
Lecture 14: Oct 10: Malware (pages 4-29 for exam #1)
Lecture 15: This lecture was given on Sept 28; NIST NVD Lecture
Lecture 16: Oct 10: Attacks to databases
October 12: Lecture 17: SQL Injection

17. Index to Lectures for Exam 2
October 17: Lecture 18 Secure publishing of XML Data (1)
October 19: Exam #1 (no lectures posted)
October 24: Lecture 19: Trustworthy semantic web (2)
October 26: Lecture 20 Introduction to semantic web (not included in exam)
October 31: Lecture 21: Assignment #3
November 2: Lecture 22: Secure web services and SOA (3)
November 7: Lecture 23: Scalable access control (Dr. Cadenhead) – Optional – will not be included in exam

18. Index to Lectures for Exam 2
November 9: Lecture 24: Secure object systems (4)
November 14:Lecture 25: Data warehousing, security (5)
November 14: Lecture 26: Privacy (6)
November 16: Lecture 27: Assignment #4
November 16: Lecture 28 Insider threat detection (7)
November 21: Lecture 29: Secure knowledge management (8)
November 23: Lecture 30 Social Network Security (9)
November 28: Lecture 31: Secure Dependable Data (10)
November 30: Lecture 32: Secure Cloud (extra credit - i)
December 5: Lecture 33: Emerging security technologies (extra credit – ii)

19. Papers to read for exam #1
RBAC: Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, Charles E. Youman: Role-Based Access Control Models. IEEE Computer 29(2): (1996)
UCON: Jaehong Park, Ravi S. Sandhu: The UCONABC usage control model. ACM Trans. Inf. Syst. Secur. 7(1): (2004) - Read the first 20 pages
DCON: Roshan K. Thomas, Ravi S. Sandhu: Towards a Multi-dimensional Characterization of Dissemination Control. POLICY 2004: (IEEE)
Bhavani M. Thuraisingham, William Ford: Security Constraints in a Multilevel Secure Distributed Database Management System. IEEE Trans. Knowl. Data Eng. 7(2): (1995) – applicable both for inference problem 1 and for distributed inference control

20. Papers to read for exam #2
XML security
ROWLBAC paper
Social Network security

21. Course Rules
Course attendance is mandatory; unless permission is obtained from instructor for missing a class with a valid reason (documentation needed for medical emergency for student or a close family member – e.g., spouse, parent, child). Attendance will be collected every lecture. 5 points will be deducted out of 100 for each lecture missed without approval.
Each student will work individually
Late assignments will not be accepted. All assignments have to be turned in just after the lecture on the due date
No make up exams unless student can produce a medical certificate or give evidence of close family emergency
Copying material from other sources will not be permitted unless the source is properly referenced
Any student who plagiarizes from other sources will be reported to the appropriate UTD authroities

22. Contact For more information please contact Dr. Bhavani Thuraisingham
Professor of Computer Science and
Director of Cyber Security Research Center Erik Jonsson School of Engineering and Computer Science EC31, The University of Texas at Dallas Richardson, TX 75080
Phone:
Fax:
URL: