ISA 765 - Databases and Distributed System Security

George Mason University

Department Of Computer Science

Fall 2008

ISA 765 - Databases and Distributed System Security

Thursday 4:30 p.m. - 7:10 p.m.
Robinson B 113
Professor: Dr. Michael Smeltzer
msmeltze at gmu dot edu
Office Hours: By Appointment

DESCRIPTION : ISA 765 Course Web Page

Course Catalog: Science and study of methods of protecting data: discretionary and mandatory access controls, secure database design, data integrity, secure architectures, secure transaction processing, information flow controls, inference controls, and auditing. Covers security models for relational and object-oriented databases; security of databases in distributed environment; statistical database security; and survey of commercial systems and research prototypes.

PREREQUISITES :

ISA 614 - Database Management
ISA 562 - Information Security Theory and Practice

The following concepts will be used in the course with minimum or no instruction:

DB replication
DB accounts
Relations, attributes, tuples
Atomicity
Schema
Simple SQL (select, join)
Views
First normal form
Primary keys
Reference monitors
Referential integrity
Functional dependencies
DB consistency
DB indices
DB relational algebra
PKI
Digital signatures
Encryption
DAC and MAC

TEXT:
Marshall D. Abrams, Sushil Jajodia, and Harold J. Podell, eds. Information Security: An Integrated Collection of Essays, IEEE Computer Society Press, 1995. Available on line from Information Security Bookshelf

We will also read papers from the GMU Digital Library, and some found on the Internet. Since there are several papers associated with the lectures, students always ask if the papers will be covered on the exams. The answer is some of the papers are the basis of the lecture material, some present other views for clarification of the lecture content, and some leverage ideas in the lectures. <

ADMINISTRATIVE:
Finals Schedule
Academic Calendar
Activating your Mason e-mail

UNOFFICIAL DROP DATES
Last day to drop with no tuition liability: Sept 9
Last day to drop with 33% tuition liability: Sept 16
Last day to drop with 67% tuition liability: Sept 26
Last day to drop with no academic liability: Sept 26

LECTURES:

WEEK	TOPIC
8/28	DB Security Introduction
9/4	DB Discretionary Access Control
9/11	DB Mandatory Access Control
9/18	Covert Channels
9/25	Multi Level Secure Relational Model & Polyinstantiation
10/2	Multi Level Secure DB Architectures
10/9	Recovery From Information Warfare Attacks on a DB
10/16	MIDTERM
10/23	Auditing
10/30	Inferencing in DBs
11/6	Database Privacy
11/13	Privacy, Linking to External DBs & k-anonymity
11/20	Encrypted DB
11/27	Thanksgiving Holiday
12/4	XML DB encryption and security
12/11	FINAL 4:30-7:15

GRADING:

Grades will be calculated as follows:

Normalize the scores so that point totals carry these exact weights:

Midterm 50%

Final 50%
Calculate the 100 percentile using the highest score in the class.
Assign grades
A: 90% -100%
B: 70% - 90%
C: 60% - 70%
F: Below 60%

Example: Suppose your grade on the midterm is 45/60 and the final is 50/70. Then there are 60+70 = 130 total points. Dividing by two each of the components is worth 65 points. So the factors applied at the end of the term will be 65/60 = 1.08 and 65/70 = .93. So your score would be adjusted accordingly. 45*1.08 + 50*.93 = 95.1. If the highest score in the class is 120, your result would be 95.1/120 = 79.5% which would be a B.

EXAMS:

One Midterm
Final

GMU Honor Code.
University Finals Schedule

You can NOT make up the exams, and you must take the final during the registrar's official scheduled timeslot
ABSOLUTELY NO EXCEPTIONS!! - Coordinate your travel accordingly.

There will NOT be an option for extra credit projects or papers

Midterm	50%
Final	50%