George Mason University

Department Of Computer Science

Fall 2009

ISA 765 - Databases and Distributed System Security

Thursday 7:20 p.m. - 10:00 p.m.
Robinson B222
Dr. Michael Smeltzer
msmeltze at gmu dot edu
Office Hours: By Appointment


DESCRIPTION :      ISA 765 Course Web Page

Course Catalog: Science and study of methods of protecting data: discretionary and mandatory access controls, secure database design, data integrity, secure architectures, secure transaction processing, information flow controls, inference controls, and auditing. Covers security models for relational and object-oriented databases; security of databases in distributed environment; statistical database security; and survey of commercial systems and research prototypes.



PREREQUISITES :

ISA 614 - Database Management
ISA 562 - Information Security Theory and Practice

The following concepts will be used in the course with minimum or no instruction:



TEXT:
Marshall D. Abrams, Sushil Jajodia, and Harold J. Podell, eds. Information Security: An Integrated Collection of Essays, IEEE Computer Society Press, 1995. Available on line from Information Security Bookshelf

We will also read papers from the GMU Digital Library, and some found on the Internet. Since there are several papers associated with the lectures, students always ask if the papers will be covered on the exams. The answer is some of the papers are the basis of the lecture material, some present other views for clarification of the lecture content, and some leverage ideas in the lectures.


ADMINISTRATIVE:

Finals Schedule

Academic Calendar

Activating your Mason e-mail

UNOFFICIAL DROP DATES
Last day to drop with no tuition liability: Sep. 15
Last day to drop with 33% tuition penalty: Sep. 22
Last day to drop with 67% tuition penalty: Oct 2
Last day to drop with no academic liability: Oct 2


LECTURES:

WEEK TOPIC
9/3 DB Security Introduction
9/10 DB Discretionary Access Control
9/17 DB Mandatory Access Control
9/24 Covert Channels
10/1 No Class  
10/8 Multi Level Secure Relational Model & Polyinstantiation    
10/15 MIDTERM
10/22 Multi Level Secure DB Architectures
10/29 Recovery From Information Warfare Attacks on a DB
11/5 Auditing & Infrencing in DBs
11/12 Inferencing in DBs & Database Privacy
11/19 Privacy, Linking to External DBs & k-anonymity
11/26 THANKSGIVING
12/3 Encrypted Databases
12/10 Project Discussions
12/17 FINAL 7:30 - 9:30


PROJECT:
You will also be required to complete a project regarding database security. Each student will develop a 10 page security plan to ease the CIO's concerns about data integrity, data privacy, and data confidentiality in a very simple 3-table database.

We will discuss the assignment details on October 22 after the lecture, and we will discuss students' solutions on December 10.
GRADING:

Grades will be calculated as follows:
  • Normalize the 100 percentile for each component using the highest score in the class.
  • Average the individaul percentage scores which alllocates points as follows:

      Project 
    Midterm 33.3%
    Final 33.3%
    Project 33.3%


  • Assign grades
    A: 90% -100%
    B: 70% - 90%
    C: 60% - 70%
    F: Below 60%

Example: Suppose your grade on the midterm is 50/60=83.3%, your grade on the final is 54/70 = 77.1%, and your grade on the presentation is 74/75 = 98.6 . Let the highest scores in the class on each exam be 58 (58/60=96.6%), 62 (62/70=88.5%), and 75/75=100% respectively. Normalizing your percentile scores by the highest percentile scores yields 83.3/96.6 = 86.2%, 77.1/88.5 = 87.1%, and 98.6/100 = 98.6. Averaging these scores is 90.6% which would be an A.




EXAMS:
  • One Midterm
  • Final
GMU Honor Code.
University Finals Schedule

You can NOT make up the exams, and you must take the final during the registrar's official scheduled timeslot
ABSOLUTELY NO EXCEPTIONS!! - Coordinate your travel accordingly.

There will NOT be an option for extra credit. b>