Last updated 8.27.2008 2300
| MIDTERM | FINAL | |||
|---|---|---|---|---|
| TOT | ||||
| AVG | ||||
| HI |
UNOFFICIAL DROP DATES
Last day to drop with no tuition liability: Sept 9
Last day to drop with 33% tuition liability: Sept 16
Last day to drop with 67% tuition liability: Sept 26
Last day to drop with no academic liability: Sept 26
Course Catalog: Science and study of methods of protecting data: discretionary and mandatory access controls, secure database design, data integrity, secure architectures, secure transaction processing, information flow controls, inference controls, and auditing. Covers security models for relational and object-oriented databases; security of databases in distributed environment; statistical database security; and survey of commercial systems and research prototypes.
ISA 614 - Database Management
ISA 562 - Information Security Theory and Practice
The following concepts will be used in the course with minimum or no instruction:
| WEEK | TOPIC | Reading |
|---|---|---|
| 8/28 |
DB Security Introduction
Slides
Minor updates 8/27 |
|
| 9/4 | DB Discretionary Access Control Slides |
1. Griffiths, Patricia P. and Bradford W. Wade. "An authorization mechanism for a relational database system." ACM Transactions on Database Systems,Vol.1, No. 3. Sep. 1976. pp. 242-255.
2. Fagin, Ronald. "On an authorization mechanism."ACM Transactions on Database Systems, Vol. 3 No. 3. Sep. 1978. pages 310-319. 3. Bertino, E., P. Samarati, and S. Jajodia, "An extended authorization model for relational databases," IEEE Transactions on Knowledge and Data Engineering, Vol 9, No. 1. Jan.-Feb. 1997, pages 85-101. 4. Bertino, E., P. Samarati, and S. Jajodia, "A Flexible Authorization Mechanism for Relational Data Management Systems." ACM Transactions on Information Systems, Vol. 17, No. 2, April 1999, Pages 101–140. |
| 9/11 | DB Mandatory Access Control Slides |
1. Abrams, Jajodia and Podell - Essay 2 by Brinkley and Schell
2. Rjaibi, W. and P. Bird. "A Multi-Purpose Implementation of Mandatory Access Control in Relational Database Management Systems" Proceedings of the 30th VLDB Conference, Toronto, Canada, 2004. |
| 9/18 | Covert Channels Slides Multi Level Secure Relational Model Slides |
1. Proctor, Norman E., and Peter G. Neumann.
"Architectural Implications of Covert Channels." Fifteenth National Computer Security Conference, Baltimore, 13-16 October 1992. pp 28-43.
2. Cabuk, Serdar, Carla Brodley, and Clay Shields. "IP Covert Timing Channels: An Initial Exploration." Computer and Communications Security Conference CCS'04. ACM. October 25-29, 2004. 3. Handbook for the Computer Security Certification of Trusted Systems U.S. Naval Research Laboratory 1996 report on covert channels. |
| 9/25 | Multi Level Secure Relational Model (Cont'd) |
1. Sandhu, Ravi and Sushil Jajodia.
"RESTRICTED POLYINSTANTIATION or How to Close Signaling Channels Without Duplicity." [PS only] Proc. 3rd RADC Workshop on Multilevel Database Security. 1990.
2. Abrams, Jajodia and Podell - Essay 20 by Jajodia and Sandhu and Essay 21 by Jajodia, Sandhu and Blaustein. |
| 10/2 | Multi Level Secure DB Architectures Slides |
1. Abrams, Jajodia and Podell - Essay 19 by Notargiacomo |
| 10/9 | Information Warfare Attacks on a DB Slides |
1. Ammann, P, S. Jajodia, C. D. McCollum, and B. T. Blaustein, "Surviving information warfare attacks on databases." Proc. IEEE Symp. on Research in Security and Privacy, Oakland, Calif., May 1997, pages 164-174.
2. Jajodia, S., P. Ammann, and C. D. McCollum, "Surviving information warfare attacks," IEEE Computer, Vol. 32, No. 4, April 1999, pages 57-63. 3. Jajodia, Sushil, Catherine D. McCollum, and Paul Ammann, "Trusted recovery," Communications of the ACM, Vol. 42, No. 7, July 1999, pages 71-75. |
| 10/16 | MIDTERM
|
|
| 10/23 | Auditing in Relational DBs
Slides
|
Abrams, Jajodia and Podell - Essay 25 by Jajodia, Gadia and Bhargava |
| 10/30 | Inferencing in DBs Slides |
1. Adam, N. R. and J. C. Wortmann. "Security-control methods for statistical databases: A comparative study," ACM Computing Surveys, 21(4):515-556, December 1989.
2. Brodsky, Alexander , Csilla Farkas, Duminda Wijesekera, Xiaoyang Sean Wang "Constraints, Inference Channels and Secure Databases" , CP 2000: 98-113. 3. Brodsky, Alexander , Csilla Farkas, and Sushil Jajodia. "Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures." IEEE Transaction on Knowledge and Data Engineering, Vol. 12, No. 6. November/December2000. |
| 11/6 | Database Privacy Slides |
1. Jajodia, S. “Database security and privacy,” ACM Computing Surveys, 50th anniversary commemorative issue, Vol. 28, No. 1. March 1996. pp.129-131. 2. Agrawal, Rakesh, Jerry Kiernan, Ramakrishnan Srikant, and Yirong Xu, "Hippocratic Databases," Proc. VLDB Conf, 2002. |
| 11/13 | Privacy and Linking to External DBs Slides |
1.Sweeney,Latanya. “k-anonymity: A model for protecting privacy.” International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 10 (5), 2002; 557-570
2. P. Samarati, "Protecting respondents' identities in microdata release," IEEE Trans. On Knowledge and Data Engineering, Vol. 13, No. 6, 2001, pages 1010-1027. 3. Machanavajjhala, Gehrke, Kifer, and Venkitasubramaniam. “l-Diversity: Privacy Beyond k-Anonymity” http://www.cs.cornell.edu/~mvnak/pubs/ldiversity-icde06.pdf |
| 11/20 | Encrypted DB Slides |
1. Hacigumus, Hakan, Bala Iyer, Chen Li, Sharad Mehrotra. "Executing SQL over Encrypted Data in the Database-Service-Provider Model." ACM SIGMOD. June 4-6, 2002. pp 216-227.
2. Hacigumus, Hakan, Bala Iyer, Sharad Mehrotra. "Efficient Execution of Aggregation Queries over Encrypted Relational Databases." Database Systems for Advanced Applications (DASFAA). 2004. Lecture Notes in Computer Science (LNCS) 2973, pp. 125–136. Springer-Verlag. 2004. |
| 11/27 | Thanksgiving Holiday | |
| 12/4 | XML DB encryption and security Unfinished Slides |
1. Wang, Hui, and Laks Lakshmanan. "Efficient Secure Query Evaluation over Encrypted XML Databases." ACM Very Large Database '06. Sep. 12-15, 2006. Seoul, Korea. pp 127- 138
2. TBD |
| 12/11 | FINAL 4:30-7:15 |
| Midterm | 50% |
| Final | 50% |
Example: Suppose your grade on the midterm is 45/60 and the final is 50/70. Then there are 60+70 = 130 total points. Dividing by two each of the components is worth 65 points. So the factors applied at the end of the term will be 65/60 = 1.08 and 65/70 = .93. So your score would be adjusted accordingly. 45*1.08 + 50*.93 = 95.1. If the highest score in the class is 120, your result would be 95.1/120 = 79.5% which would be a B.
There will NOT be an option for extra credit projects or papers
EXAMS:
GMU Honor Code.
University Finals Schedule
You can NOT make up the exams, and you must take the final during the registrar's official scheduled timeslot
ABSOLUTELY NO EXCEPTIONS!! - Coordinate your travel accordingly.