Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #22 Secure Web Information.

Published byDora Paul Modified over 9 years ago

Similar presentations

Presentation on theme: "Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #22 Secure Web Information."— Presentation transcript:

1 Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #22 Secure Web Information Management and Digital Libraries March 31, 2005

2 Outline l Web Security l Secure Web Data Management l Secure Digital Libraries

3 Web Security l End-to-end security - Need to secure the clients, servers, networks, operating systems, transactions, data, and programming languages - The various systems when put together have to be secure l Composable properties for security l Access control rules, enforce security policies, auditing, intrusion detection l Verification and validation l Security solutions proposed by W3C and OMG l Java Security l Firewalls l Digital signatures and Message Digests, Cryptography

4 Attacks to Web Security

5 Secure Web Components

6 E-Commerce Transactions l E-commerce functions are carried out as transactions - Banking and trading on the internet - Each data transaction could contain many tasks l Database transactions may be built on top of the data transaction service - Database transactions are needed for multiuser access to web databases - Need to enforce concurrency control and recovery techniques

7 Types of Transaction Systems l Stored Account Payment - e.g., Credit and debit card transactions - Electronic payment systems - Examples: First Virtual, CyberCash, Secure Electronic Transaction l Stored Value Payment - Uses bearer certificates - Modeled after hard cash l Goal is to replace hard cash with e-cash - Examples: E-cash, Cybercoin, Smart cards

8 What is E-Cash? l Electronic Cash is stored in a hardware token l Token may be loaded with money - Digital cash from the bank l Buyer can make payments to seller’s token (offline) l Buyer can pay to seller’s bank (online) l Both cases agree upon protocols l Both parties may use some sort of cryptographic key mechanism to improve security

9 Building Database Transactions Payments Protocol TCP/IP Protocol Socket Protocol Database Transaction Protocol HTTP Protocol

10 Secure Web databases l Secure data models - Secure XML, RDF, - - - - - Relational, object-oriented, text, images, video, etc. l Secure data management functions - Secure query, transactions, storage, metadata l Key components for secure digital libraries and information retrieval/browsing

11 Secure Web Database Functions

12 Secure Query Management: Language Issues l Query language to access the databases - SQL extensions are being examined - XML-based query languages combined with SQL are emerging - Example: XML-QL l XML extensions for Multimedia databases such as SMIL (Synchronized Multimedia Interface Language) l Mappings between multiple languages l Web rules and query languages developed by W3C l Security should be incorporated into all aspects

13 Secure Transaction Management l Example transaction on the web - Multiple users attempting to buy a product - Wait for a certain period to get the highest bid l i.e., objects are not locked immediately l Flexible transaction models for the various types of transactions - Long duration transactions, short transactions, workflow-based transactions - Electronic commerce is a major application l Concurrency control protocols - Weak/strict serializability - Fine grained/coarse grained locking l Cover channels analysis; E-Commerce Security

14 Security/Integrity Management l Support for flexible security policies l Negotiations between different database administrators l Authorization and access control models such as role- based access control l Identification and authentication l Privacy Control l Copyright protection / Plagiarism l Multilevel security: Trusted Computing Base? l Maintaining the quality of the data coming from foreign sources

15 Attacks to Web Databases

16 Secure Web Database Techniques

17 Secure Digital Libraries l Digital libraries are e-libraries - Several communities have developed digital libraries l Medical, Social, Library of Congress l Components technologies - Web data management, Multimedia, information retrieval, indexing, browsing, -- - - l Security has to be incorporated into all aspects - Secure models for digital libraries, secure functions

18 Secure Digital Libraries

19 Secure Information Retrieval

20 Secure Browsing l Browser augments a multimedia system to develop a hypermedia system l Search space consist of nodes and links with different access control rules and/or classification levels l Can a user traverse a link or access the contents of a node? - What authorization does he/she have?

21 Secure Search Engines

22 Secure Markup Languages

23 Secure Question Answering

24 Summary and Directions l End-to-end security - Secure networks, clients, servers, middleware - Secure Web databases, agents, information retrieval systems, browsers, search engines, - - - l As technologies evolve, more security problems - Data mining, intrusion detection, encryption are some of the technologies for security l Next steps - Secure semantic web, Secure knowledge management

Download ppt "Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #22 Secure Web Information."

Similar presentations

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #26 Emerging Technologies.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #26 Emerging Technologies.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.

Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.
EMTM 553 Electronic Commerce Systems

EMTM 553 Electronic Commerce Systems
Architecture & Data Management of XML-Based Digital Video Library System Jacky C.K. Ma Michael R. Lyu.

Architecture & Data Management of XML-Based Digital Video Library System Jacky C.K. Ma Michael R. Lyu.
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
EMTM 553 Electronic Commerce Systems

EMTM 553 Electronic Commerce Systems
Building E-Commerce and E-Learning Models Hassanin M. Al-Barhamtoshy

Building E-Commerce and E-Learning Models Hassanin M. Al-Barhamtoshy
Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.

Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Secure Knowledge Management: and.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Secure Knowledge Management: and.
장홍예 Telecommunication Engineer Lab 2001.9.19 1 E-COMMERCE: TECHNICAL AND MARKET APPROACH.

장홍예 Telecommunication Engineer Lab E-COMMERCE: TECHNICAL AND MARKET APPROACH.
Conceptual Design of an E- commerce System Min Ding Smeal College of Business Administration Pennsylvania State University.

Conceptual Design of an E- commerce System Min Ding Smeal College of Business Administration Pennsylvania State University.
Safeguarding and Charging for Information on the Internet Hector Garcia-Molina, Steven P.Ketchpel, Narayanan Shivakumar Stanford University ICDE 1998.

Safeguarding and Charging for Information on the Internet Hector Garcia-Molina, Steven P.Ketchpel, Narayanan Shivakumar Stanford University ICDE 1998.
Building Trustworthy Semantic Webs Dr. Bhavani Thuraisingham The University of Texas at Dallas Semantic web technologies for secure interoperability and.

Building Trustworthy Semantic Webs Dr. Bhavani Thuraisingham The University of Texas at Dallas Semantic web technologies for secure interoperability and.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Web-based E-commerce Architecture

Web-based E-commerce Architecture
Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.

Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.
Chapter 4 Getting Paid. Objectives Understand electronic payment systems Know why you need a merchant account Know how to get a merchant account Explain.

Chapter 4 Getting Paid. Objectives Understand electronic payment systems Know why you need a merchant account Know how to get a merchant account Explain.

Similar presentations

Ads by Google