csce 824 secure (and distributed) database management systems farkascsce 824 1
DESCRIPTION
Reference Materials Recommended: Recommended: –T. Ozsu and P. Valduriez, Principles of Distributed Database Systems, Springer; 3rd Edition. edition (March 2, 2011), ISBN-10: –M. Gertz, S. Jajodia, Handbook of database security: applications and trend, Springer 2008 –Online materials FarkasCSCE 824 3TRANSCRIPT
CSCE 824CSCE 824
Secure (and Distributed) Database Secure (and Distributed) Database Management SystemsManagement Systems
FarkasFarkas CSCE 824 CSCE 824 11
Course AimCourse Aim Advanced understanding of Advanced understanding of
DBMS conceptsDBMS concepts– From relation to un- and semi-From relation to un- and semi-
structured data modelsstructured data models– New type of applicationsNew type of applications– Security needsSecurity needs
FarkasFarkas CSCE 824 CSCE 824 22
Reference Materials Reference Materials Recommended: Recommended:
– T. Ozsu and P. Valduriez, Principles of T. Ozsu and P. Valduriez, Principles of Distributed Database Systems, Springer; Distributed Database Systems, Springer; 3rd Edition. edition (March 2, 2011), ISBN-3rd Edition. edition (March 2, 2011), ISBN-10: 144198833510: 1441988335
– M. Gertz, S. Jajodia, Handbook of database M. Gertz, S. Jajodia, Handbook of database security: applications and trend, Springer security: applications and trend, Springer 20082008
– Online materialsOnline materials
FarkasFarkas CSCE 824 CSCE 824 33
Conference Conference Proceedings and Proceedings and Journals Journals Proceedings of Secure Data Management Workshop, Proceedings of Secure Data Management Workshop,
links: 2012 http://www.hitech-projects.com/sdm-links: 2012 http://www.hitech-projects.com/sdm-workshop/sdm12.html , 2011 http://www.hitech-workshop/sdm12.html , 2011 http://www.hitech-projects.com/sdm-workshop/sdm11.html projects.com/sdm-workshop/sdm11.html
Proceedings of IFIP WG 11.3 Data and Application Proceedings of IFIP WG 11.3 Data and Application Security and Privacy, links: 2012 Security and Privacy, links: 2012 http://conferences.telecom-bretagne.eu/dbsec2012/ http://conferences.telecom-bretagne.eu/dbsec2012/ , 2011 http://www.egr.vcu.edu/dbsec2011/ , 2011 http://www.egr.vcu.edu/dbsec2011/
Proceedings of International Conference of Very Proceedings of International Conference of Very Large Databases (VLDB), links: 2012 Large Databases (VLDB), links: 2012 http://www.vldb2012.org/ , 2011 http://www.vldb2012.org/ , 2011 http://www.vldb.org/2011/http://www.vldb.org/2011/
FarkasFarkas CSCE 824 CSCE 824 44
Journals and BooksJournals and Books IEEE Transactions on Knowledge IEEE Transactions on Knowledge
and Data Engineering (TKDE)and Data Engineering (TKDE) ACM Transactions on Information ACM Transactions on Information
and System Security (TISSEC)and System Security (TISSEC) M. Gertz, S. Jajodia, Handbook of M. Gertz, S. Jajodia, Handbook of
database security: applications database security: applications and trend, Springer 2008and trend, Springer 2008
FarkasFarkas CSCE 824 CSCE 824 55
ChallengeChallenge Research projectResearch project: there will be one group : there will be one group
research project. Students must present research project. Students must present the related work and their results to the the related work and their results to the class in the last lectures of the semester. class in the last lectures of the semester.
Homework assignmentsHomework assignments. There will be . There will be several homework exercises and reading several homework exercises and reading for the lectures. for the lectures.
TestsTests: there will be two tests covering the : there will be two tests covering the course materials. Both tests are open course materials. Both tests are open book, in-class tests. book, in-class tests.
FarkasFarkas CSCE 824 CSCE 824 66
GradingGrading Research project: 35%, Test 1 : Research project: 35%, Test 1 :
20%, Test 2: 25%, Homework 20%, Test 2: 25%, Homework assignment: 20%assignment: 20%
90 < A; 90 < A; 87 < B+ <= 90; 87 < B+ <= 90; 80 < B <= 87; 80 < B <= 87; 76 < C+76 < C+ <=80; <=80;
65 < C <= 76; 65 < C <= 76; 60 < D+60 < D+ <= <= 65; 65; 50 <D <= 6050 <D <= 60
FarkasFarkas CSCE 824 CSCE 824 77
Topics CoveredTopics Covered Weeks 1-5: Distributed and Non-Weeks 1-5: Distributed and Non-
traditional Databasestraditional Databases Weeks 6-11: Database SecurityWeeks 6-11: Database Security Weeks 12-15: Student Weeks 12-15: Student
PresentationsPresentations
FarkasFarkas CSCE 824 CSCE 824 88
• Students’ Students’ IntroductionIntroduction
NameMajorInterest in class
FarkasFarkas CSCE 824 CSCE 824 99
CSCE 727 - FarkasCSCE 727 - Farkas 1010
Information Assurance Studies
IA SpecializationIA Specialization Graduate levelGraduate level Core Requirement (3 Hours)Core Requirement (3 Hours)
– CSCE 522: Information Security CSCE 522: Information Security Principles (3 credits) – meets CNSS 4011 Principles (3 credits) – meets CNSS 4011 standardstandard
Additional Requirements:Additional Requirements:– Elective IA course (3 credit)Elective IA course (3 credit)– 22ndnd elective course (3 credits) or 500- elective course (3 credits) or 500-
level or above CSCE course with IA level or above CSCE course with IA project componentproject component
1111
1212
CNSS CNSS CertificationsCertifications
Old criteria: National Training Standard for Information
Systems Security Professionals, CNSSI No. 4011
National Training Standard for System Administrators in Information Systems Security, CNSSI No. 4013
National Training Standard for Information Systems Security Officers, CNSSI No. 4014
New criteria: Knowledge Units
1313
IA&S CoursesIA&S Courses Offered since 2000 12 new courses
– 4 undergraduate and graduate – 8 graduate students only
Approved by USC Accredited by the Committee on National Security
Systems (CNSS)
1414
IA&S Certificate ProgramIA&S Certificate Program
http://www.cse.sc.edu/isl/education/iaands http://www.cse.sc.edu/isl/education/iaands (modifications are approved, starting (modifications are approved, starting
Fall 2016)Fall 2016)
1515
12 hours of graduate study with B average – 6 hours core courses– 6 hours of elective courses
Graduation requirementsGraduation requirements
1616
Core CoursesCore Courses
CSCE 522 – Information Systems Security Principles – offered every Fall semester -- APOGEE
CSCE 715– Network Security– offered every Fall semester
1717
Elective CoursesElective Courses CSCE 517 – Computer Crime and Forensics CSCE 557 – Introduction to Cryptography CSCE 548 – Secure Software Construction CSCE 716 – Design for Reliability CSCE 717 – Comp. Systems Performance• CSCE 727 – Information Warfare CSCE 813 – Internet Security CSCE 814 – Distributed Systems SecurityCSCE 824 – Secure Databases
1818
Center for Information Center for Information Assurance Engineering Assurance Engineering (CIAE) (CIAE)
http://www.cse.sc.edu/isl http://www.cse.sc.edu/isl Information about:Information about:
– ResearchResearch– EducationEducation– PublicationsPublications– PeoplePeople– Useful linksUseful links
Questions?Questions?
FarkasFarkas CSCE 824 CSCE 824 1919
FarkasFarkas CSCE 824 CSCE 824 2020
Database Management Database Management System (DBMS)System (DBMS)
Collection of Collection of – interrelated data andinterrelated data and– set of programs to access the data set of programs to access the data
ConvenientConvenient and and efficientefficient processing of dataprocessing of data
Database Application SoftwareDatabase Application Software
FarkasFarkas CSCE 824 CSCE 824 2121
Evolution of Evolution of Database SystemsDatabase Systems
Early daysEarly days: customized applications built on top : customized applications built on top of file systemsof file systems
Drawbacks of using file systems to store data:Drawbacks of using file systems to store data:– Data redundancy and inconsistencyData redundancy and inconsistency– Difficulty in accessing dataDifficulty in accessing data– Atomicity of updates Atomicity of updates – Concurrency controlConcurrency control– SecuritySecurity– Data isolation — multiple files and formatsData isolation — multiple files and formats– Integrity problemsIntegrity problems
FarkasFarkas CSCE 824 CSCE 824 2222
AbstractionAbstraction View levelView level: different perspectives: different perspectives
– Application programs hide irrelevant Application programs hide irrelevant datadata
Logical levelLogical level: data models: data models– Logical representation of dataLogical representation of data– Different approaches: hierarchical, Different approaches: hierarchical,
network, object oriented, semi-network, object oriented, semi-structured, etc.structured, etc.
– Data independence principleData independence principle Physical levelPhysical level: how data is stored: how data is stored
FarkasFarkas CSCE 824 CSCE 824 2323
Data ModelsData Models
A collection of tools for describing A collection of tools for describing – Data Data – Relationships among data itemsRelationships among data items– Semantics of stored dataSemantics of stored data– Database constraintsDatabase constraints
FarkasFarkas CSCE 824 CSCE 824 2424
Database Database Management SystemsManagement Systems Smaller and smaller systemsSmaller and smaller systems
– Past: large and expensive DBMSPast: large and expensive DBMS– Present: DBMS in most personal computersPresent: DBMS in most personal computers
More and more data stored – BIG DATAMore and more data stored – BIG DATA– Past: few MBPast: few MB– Present: terabyte (10Present: terabyte (101212 bytes), petabyte bytes), petabyte
(10(101515 bytes) bytes) Functionality: from physical to view Functionality: from physical to view
levellevel OptimizationOptimization
FarkasFarkas CSCE 824 CSCE 824 2525
Data Definition Data Definition Language (DDL)Language (DDL)
Defines the Defines the database schemadatabase schema and constraintsand constraints
DDL compiler DDL compiler data dictionary MetadataMetadata – data about data – data about data
FarkasFarkas CSCE 824 CSCE 824 2626
Data Manipulation Data Manipulation Language (DML)Language (DML)
Accessing and manipulating the Accessing and manipulating the datadata
Query Languages Query Languages – Procedural – user specifies what data is Procedural – user specifies what data is
required and how to get those data required and how to get those data – Nonprocedural – user specifies what Nonprocedural – user specifies what
data is required without specifying how data is required without specifying how to get those datato get those data
Current DemandsCurrent Demands Efficient data processing of large Efficient data processing of large
data setsdata sets Long running transactionsLong running transactions Real-time demandReal-time demand Usability for specific applicationsUsability for specific applications ……
FarkasFarkas CSCE 824 CSCE 824 2727
Data SecurityData Security
FarkasFarkas CSCE 824 CSCE 824 2929
Security ObjectivesSecurity Objectives Confidentiality:Confidentiality: prevent/detect/deter prevent/detect/deter
improper disclosure of informationimproper disclosure of information Integrity:Integrity: prevent/detect/deter prevent/detect/deter
improper modification of informationimproper modification of information Availability:Availability: prevent/detect/deter prevent/detect/deter
improper denial of access to improper denial of access to servicesservices
FarkasFarkas CSCE 824 CSCE 824 3030
Security ThreatsSecurity Threats Poor designPoor design Insufficient quality controlInsufficient quality control AccidentsAccidents AttacksAttacks
FarkasFarkas CSCE 824 CSCE 824 3131
Achieving SecurityAchieving Security PolicyPolicy
– What to protect?What to protect? MechanismMechanism
– How to protect?How to protect? AssuranceAssurance
– How good is the protection?How good is the protection?
FarkasFarkas CSCE 824 CSCE 824 3232
Database SecurityDatabase Security Security PolicySecurity Policy Access control modelsAccess control models Inference controlInference control Integrity protectionIntegrity protection Privacy problemsPrivacy problems Fault tolerance and recoveryFault tolerance and recovery Auditing and intrusion detectionAuditing and intrusion detection TOOLSTOOLS
FarkasFarkas CSCE 824 CSCE 824 3333
Next ClassNext ClassRelational data modelRelational data model