csce 824 secure (and distributed) database management systems farkascsce 824 1

CSCE 824CSCE 824

Secure (and Distributed) Database Secure (and Distributed) Database Management SystemsManagement Systems

FarkasFarkas CSCE 824 CSCE 824 11

Course AimCourse Aim Advanced understanding of Advanced understanding of

DBMS conceptsDBMS concepts– From relation to un- and semi-From relation to un- and semi-

structured data modelsstructured data models– New type of applicationsNew type of applications– Security needsSecurity needs


Reference Materials Reference Materials Recommended: Recommended:

– T. Ozsu and P. Valduriez, Principles of T. Ozsu and P. Valduriez, Principles of Distributed Database Systems, Springer; Distributed Database Systems, Springer; 3rd Edition. edition (March 2, 2011), ISBN-3rd Edition. edition (March 2, 2011), ISBN-10: 144198833510: 1441988335

– M. Gertz, S. Jajodia, Handbook of database M. Gertz, S. Jajodia, Handbook of database security: applications and trend, Springer security: applications and trend, Springer 20082008

– Online materialsOnline materials


Conference Conference Proceedings and Proceedings and Journals Journals Proceedings of Secure Data Management Workshop, Proceedings of Secure Data Management Workshop,

links: 2012 http://www.hitech-projects.com/sdm-links: 2012 http://www.hitech-projects.com/sdm-workshop/sdm12.html , 2011 http://www.hitech-workshop/sdm12.html , 2011 http://www.hitech-projects.com/sdm-workshop/sdm11.html projects.com/sdm-workshop/sdm11.html

Proceedings of IFIP WG 11.3 Data and Application Proceedings of IFIP WG 11.3 Data and Application Security and Privacy, links: 2012 Security and Privacy, links: 2012 http://conferences.telecom-bretagne.eu/dbsec2012/ http://conferences.telecom-bretagne.eu/dbsec2012/ , 2011 http://www.egr.vcu.edu/dbsec2011/ , 2011 http://www.egr.vcu.edu/dbsec2011/

Proceedings of International Conference of Very Proceedings of International Conference of Very Large Databases (VLDB), links: 2012 Large Databases (VLDB), links: 2012 http://www.vldb2012.org/ , 2011 http://www.vldb2012.org/ , 2011 http://www.vldb.org/2011/http://www.vldb.org/2011/


Journals and BooksJournals and Books IEEE Transactions on Knowledge IEEE Transactions on Knowledge

and Data Engineering (TKDE)and Data Engineering (TKDE) ACM Transactions on Information ACM Transactions on Information

and System Security (TISSEC)and System Security (TISSEC) M. Gertz, S. Jajodia, Handbook of M. Gertz, S. Jajodia, Handbook of

database security: applications database security: applications and trend, Springer 2008and trend, Springer 2008


ChallengeChallenge Research projectResearch project: there will be one group : there will be one group

research project. Students must present research project. Students must present the related work and their results to the the related work and their results to the class in the last lectures of the semester. class in the last lectures of the semester.

Homework assignmentsHomework assignments. There will be . There will be several homework exercises and reading several homework exercises and reading for the lectures. for the lectures.

TestsTests: there will be two tests covering the : there will be two tests covering the course materials. Both tests are open course materials. Both tests are open book, in-class tests. book, in-class tests.


GradingGrading Research project: 35%, Test 1 : Research project: 35%, Test 1 :

20%, Test 2: 25%, Homework 20%, Test 2: 25%, Homework assignment: 20%assignment: 20%

90 < A; 90 < A; 87 < B+ <= 90; 87 < B+ <= 90; 80 < B <= 87; 80 < B <= 87; 76 < C+76 < C+ <=80; <=80;

65 < C <= 76; 65 < C <= 76; 60 < D+60 < D+ <= <= 65; 65; 50 <D <= 6050 <D <= 60


Topics CoveredTopics Covered Weeks 1-5: Distributed and Non-Weeks 1-5: Distributed and Non-

traditional Databasestraditional Databases Weeks 6-11: Database SecurityWeeks 6-11: Database Security Weeks 12-15: Student Weeks 12-15: Student

PresentationsPresentations


• Students’ Students’ IntroductionIntroduction

NameMajorInterest in class


CSCE 727 - FarkasCSCE 727 - Farkas 1010

Information Assurance Studies

IA SpecializationIA Specialization Graduate levelGraduate level Core Requirement (3 Hours)Core Requirement (3 Hours)

– CSCE 522: Information Security CSCE 522: Information Security Principles (3 credits) – meets CNSS 4011 Principles (3 credits) – meets CNSS 4011 standardstandard

Additional Requirements:Additional Requirements:– Elective IA course (3 credit)Elective IA course (3 credit)– 22ndnd elective course (3 credits) or 500- elective course (3 credits) or 500-

level or above CSCE course with IA level or above CSCE course with IA project componentproject component

1111

1212

CNSS CNSS CertificationsCertifications

Old criteria: National Training Standard for Information

Systems Security Professionals, CNSSI No. 4011

National Training Standard for System Administrators in Information Systems Security, CNSSI No. 4013

National Training Standard for Information Systems Security Officers, CNSSI No. 4014

New criteria: Knowledge Units

1313

IA&S CoursesIA&S Courses Offered since 2000 12 new courses

– 4 undergraduate and graduate – 8 graduate students only

Approved by USC Accredited by the Committee on National Security

Systems (CNSS)

1414

IA&S Certificate ProgramIA&S Certificate Program

http://www.cse.sc.edu/isl/education/iaands http://www.cse.sc.edu/isl/education/iaands (modifications are approved, starting (modifications are approved, starting

Fall 2016)Fall 2016)

1515

12 hours of graduate study with B average – 6 hours core courses– 6 hours of elective courses

Graduation requirementsGraduation requirements

1616

Core CoursesCore Courses

CSCE 522 – Information Systems Security Principles – offered every Fall semester -- APOGEE

CSCE 715– Network Security– offered every Fall semester

1717

Elective CoursesElective Courses CSCE 517 – Computer Crime and Forensics CSCE 557 – Introduction to Cryptography CSCE 548 – Secure Software Construction CSCE 716 – Design for Reliability CSCE 717 – Comp. Systems Performance• CSCE 727 – Information Warfare CSCE 813 – Internet Security CSCE 814 – Distributed Systems SecurityCSCE 824 – Secure Databases

1818

Center for Information Center for Information Assurance Engineering Assurance Engineering (CIAE) (CIAE)

http://www.cse.sc.edu/isl http://www.cse.sc.edu/isl Information about:Information about:

– ResearchResearch– EducationEducation– PublicationsPublications– PeoplePeople– Useful linksUseful links

Questions?Questions?



Database Management Database Management System (DBMS)System (DBMS)

Collection of Collection of – interrelated data andinterrelated data and– set of programs to access the data set of programs to access the data

ConvenientConvenient and and efficientefficient processing of dataprocessing of data

Database Application SoftwareDatabase Application Software


Evolution of Evolution of Database SystemsDatabase Systems

Early daysEarly days: customized applications built on top : customized applications built on top of file systemsof file systems

Drawbacks of using file systems to store data:Drawbacks of using file systems to store data:– Data redundancy and inconsistencyData redundancy and inconsistency– Difficulty in accessing dataDifficulty in accessing data– Atomicity of updates Atomicity of updates – Concurrency controlConcurrency control– SecuritySecurity– Data isolation — multiple files and formatsData isolation — multiple files and formats– Integrity problemsIntegrity problems


AbstractionAbstraction View levelView level: different perspectives: different perspectives

– Application programs hide irrelevant Application programs hide irrelevant datadata

Logical levelLogical level: data models: data models– Logical representation of dataLogical representation of data– Different approaches: hierarchical, Different approaches: hierarchical,

network, object oriented, semi-network, object oriented, semi-structured, etc.structured, etc.

– Data independence principleData independence principle Physical levelPhysical level: how data is stored: how data is stored


Data ModelsData Models

A collection of tools for describing A collection of tools for describing – Data Data – Relationships among data itemsRelationships among data items– Semantics of stored dataSemantics of stored data– Database constraintsDatabase constraints


Database Database Management SystemsManagement Systems Smaller and smaller systemsSmaller and smaller systems

– Past: large and expensive DBMSPast: large and expensive DBMS– Present: DBMS in most personal computersPresent: DBMS in most personal computers

More and more data stored – BIG DATAMore and more data stored – BIG DATA– Past: few MBPast: few MB– Present: terabyte (10Present: terabyte (101212 bytes), petabyte bytes), petabyte

(10(101515 bytes) bytes) Functionality: from physical to view Functionality: from physical to view

levellevel OptimizationOptimization


Data Definition Data Definition Language (DDL)Language (DDL)

Defines the Defines the database schemadatabase schema and constraintsand constraints

DDL compiler DDL compiler data dictionary MetadataMetadata – data about data – data about data


Data Manipulation Data Manipulation Language (DML)Language (DML)

Accessing and manipulating the Accessing and manipulating the datadata

Query Languages Query Languages – Procedural – user specifies what data is Procedural – user specifies what data is

required and how to get those data required and how to get those data – Nonprocedural – user specifies what Nonprocedural – user specifies what

data is required without specifying how data is required without specifying how to get those datato get those data

Current DemandsCurrent Demands Efficient data processing of large Efficient data processing of large

data setsdata sets Long running transactionsLong running transactions Real-time demandReal-time demand Usability for specific applicationsUsability for specific applications ……


Data SecurityData Security


Security ObjectivesSecurity Objectives Confidentiality:Confidentiality: prevent/detect/deter prevent/detect/deter

improper disclosure of informationimproper disclosure of information Integrity:Integrity: prevent/detect/deter prevent/detect/deter

improper modification of informationimproper modification of information Availability:Availability: prevent/detect/deter prevent/detect/deter

improper denial of access to improper denial of access to servicesservices


Security ThreatsSecurity Threats Poor designPoor design Insufficient quality controlInsufficient quality control AccidentsAccidents AttacksAttacks


Achieving SecurityAchieving Security PolicyPolicy

– What to protect?What to protect? MechanismMechanism

– How to protect?How to protect? AssuranceAssurance

– How good is the protection?How good is the protection?


Database SecurityDatabase Security Security PolicySecurity Policy Access control modelsAccess control models Inference controlInference control Integrity protectionIntegrity protection Privacy problemsPrivacy problems Fault tolerance and recoveryFault tolerance and recovery Auditing and intrusion detectionAuditing and intrusion detection TOOLSTOOLS


Next ClassNext ClassRelational data modelRelational data model

csce 824 secure (and distributed) database management systems farkascsce 824 1

Documents