Last updated 08.29.2010 1000
MIDTERM | FINAL | PAPER | ADJ TOT | ||
---|---|---|---|---|---|
TOT | |||||
AVG | |||||
HI |
UNOFFICIAL DROP DATES
Last day to drop with no tuition liability: Sep. 14
Last day to drop with 33% tuition penalty: Sep. 21
Last day to drop with 67% tuition penalty: Oct. 1
Last day to drop with no academic liability: Oct. 1
Course Catalog: Science and study of methods of protecting data: discretionary and mandatory access controls, secure database design, data integrity, secure architectures, secure transaction processing, information flow controls, inference controls, and auditing. Covers security models for relational and object-oriented databases; security of databases in distributed environment; statistical database security; and survey of commercial systems and research prototypes.
ISA 614 - Database Management
ISA 562 - Information Security Theory and Practice
The following concepts will be used in the course with minimum or no instruction:
WEEK | TOPIC | READING |
---|---|---|
9/2 | DB Security Introduction Slides | |
9/9 |
DB Discretionary Access Control
Slides
|
1. Griffiths, Patricia P. and Bradford W. Wade. "An authorization mechanism for a relational database system." ACM Transactions on Database Systems,Vol.1, No. 3. Sep. 1976. pp. 242-255.
2. Fagin, Ronald. "On an authorization mechanism."ACM Transactions on Database Systems, Vol. 3 No. 3. Sep. 1978. pages 310-319. 3. Bertino, E., P. Samarati, and S. Jajodia, "An extended authorization model for relational databases," IEEE Transactions on Knowledge and Data Engineering, Vol 9, No. 1. Jan.-Feb. 1997, pages 85-101. 4. Bertino, E., P. Samarati, and S. Jajodia, "A Flexible Authorization Mechanism for Relational Data Management Systems." ACM Transactions on Information Systems, Vol. 17, No. 2, April 1999, Pages 101–140. |
9/16 |
DB Mandatory Access Control
Slides
|
1. Abrams, Jajodia and Podell - Essay 2 by Brinkley and Schell
2. Rjaibi, W. and P. Bird. "A Multi-Purpose Implementation of Mandatory Access Control in Relational Database Management Systems" Proceedings of the 30th VLDB Conference, Toronto, Canada, 2004. |
9/23 |
Covert Channels
Slides
|
1. Proctor, Norman E., and Peter G. Neumann.
"Architectural Implications of Covert Channels." Fifteenth National Computer Security Conference, Baltimore, 13-16 October 1992. pp 28-43.
2. Cabuk, Serdar, Carla Brodley, and Clay Shields. "IP Covert Timing Channels: Design and Detection." Computer and Communications Security Conference CCS'04. ACM. October 25-29, 2004. |
9/30 |
Multi Level Secure Relational Model
Slides
|
1. Sandhu, Ravi and Sushil Jajodia.
"RESTRICTED POLYINSTANTIATION or How to Close Signaling Channels Without Duplicity." Proc. 3rd RADC Workshop on Multilevel Database Security. 1990.
2. Abrams, Jajodia and Podell - Essay 20 by Jajodia and Sandhu and Essay 21 by Jajodia, Sandhu and Blaustein. |
10/7 |
Multi Level Secure DB Architectures
Slides
|
1. Abrams, Jajodia and Podell - Essay 19 by Notargiacomo |
10/14 | MIDTERM
|
|
10/21 | Auditing in Relational DBs
Slides
|
Abrams, Jajodia and Podell - Essay 25 by Jajodia, Gadia and Bhargava |
10/28 | Inferencing in DBs Slides |
1. Adam, N. R. and J. C. Wortmann. "Security-control methods for statistical databases: A comparative study," ACM Computing Surveys, 21(4):515-556, December 1989.
2. Brodsky, Alexander , Csilla Farkas, Duminda Wijesekera, Xiaoyang Sean Wang "Constraints, Inference Channels and Secure Databases" , CP 2000: 98-113. |
11/4 |
Privacy and Linking to External DBs Slides |
1.Sweeney,Latanya. "k-anonymity: A model for protecting privacy” International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 10 (5), 2002;
2. P. Samarati, "Protecting respondents' identities in microdata release," IEEE Trans. On Knowledge and Data Engineering, Vol. 13, No. 6, 2001, pages 1010-1027. |
11/11 |
Encrypted DB
Slides
|
1. Hacigumus, Hakan, Bala Iyer, Chen Li, Sharad Mehrotra. "Executing SQL over Encrypted Data in the Database-Service-Provider Model." ACM SIGMOD. June 4-6, 2002. pp 216-227.
2. Hacigumus, Hakan, Bala Iyer, Sharad Mehrotra. "Efficient Execution of Aggregation Queries over Encrypted Relational Databases." Database Systems for Advanced Applications (DASFAA). 2004. Lecture Notes in Computer Science (LNCS) 2973, pp. 125–136. Springer-Verlag. 2004. |
11/18 | Information Warfare Attacks on a DB
Slides
|
1. Ammann, P, S. Jajodia, C. D. McCollum, and B. T. Blaustein, "Surviving information warfare attacks on databases." Proc. IEEE Symp. on Research in Security and Privacy, Oakland, Calif., May 1997, pages 164-174.
2. Jajodia, S., P. Ammann, and C. D. McCollum, "Surviving information warfare attacks," IEEE Computer, Vol. 32, No. 4, April 1999, pages 57-63. 3. Jajodia, Sushil, Catherine D. McCollum, and Paul Ammann, "Trusted recovery," Communications of the ACM, Vol. 42, No. 7, July 1999, pages 71-75. |
11/25 | THANKSGIVING
|
|
12/2 | Presenetations | |
12/9 | Presenetations | |
12/16 | FINAL 7:30-9:30 |
Pertinence of the article to DB security | |
Quality of the article | |
Student's grasp of the presented material | |
Thoroughness | |
Questions/Answers and class discussion | |
Presentation Skills | |
TOTAL |
Presentation Schedule
Example: Suppose your grade on the midterm is 50/60=83.3%, your grade on the final is 54/70 = 77.1%, and your grade on the paper is 74/75 = 98.6 . Let the highest scores in the class on each exam be 58 (58/60=96.6%), 62 (62/70=88.5%), and 75/75=100% respectively. Normalizing your percentile scores by the highest percentile scores yields 83.3/96.6 = 86.2%, 77.1/88.5 = 87.1%, and 98.6/100 = 98.6. Averaging these scores is 90.6% which would be an A.
There will NOT be an option for extra credit.
GRADING:
Grades will be calculated as follows:
Project
Midterm
33.3%
Final
33.3%
Paper
33.3%
A: 90% -100%
B: 70% - 90%
C: 60% - 70%
F: Below 60%
EXAMS:
GMU Honor Code.
University Finals Schedule
You can NOT make up the exams, and you must take the final during the registrar's official scheduled timeslot
ABSOLUTELY NO EXCEPTIONS!! - Coordinate your travel accordingly.