ISA 765 - Databases and Distributed System Security

George Mason University

Department Of Computer Science

Fall 2010

ISA 765 - Databases and Distributed System Security

Thursday 7:20 p.m. - 10:00 p.m.
Art and Design 2026
Dr. Michael Smeltzer
msmeltze at gmu dot edu
Office Hours: By Appointment

DESCRIPTION : ISA 765 Course Web Page

Course Catalog: Science and study of methods of protecting data: discretionary and mandatory access controls, secure database design, data integrity, secure architectures, secure transaction processing, information flow controls, inference controls, and auditing. Covers security models for relational and object-oriented databases; security of databases in distributed environment; statistical database security; and survey of commercial systems and research prototypes.

PREREQUISITES :

ISA 614 - Database Management
ISA 562 - Information Security Theory and Practice

The following concepts will be used in the course with minimum or no instruction:

DB replication
DB accounts
Relations, attributes, tuples
Atomicity
Schema
Simple SQL (select, join)
Views
First normal form
Primary keys
Reference monitors
Referential integrity
Functional dependencies
DB consistency
DB indices
DB relational algebra
PKI
Digital signatures
Encryption
DAC and MAC

TEXT:
Marshall D. Abrams, Sushil Jajodia, and Harold J. Podell, eds. Information Security: An Integrated Collection of Essays, IEEE Computer Society Press, 1995. Available on line from Information Security Bookshelf

We will also read papers from the GMU Digital Library, and some found on the Internet. Since there are several papers associated with the lectures, students always ask if the papers will be covered on the exams. The answer is some of the papers are the basis of the lecture material, some present other views for clarification of the lecture content, and some leverage ideas in the lectures.

ADMINISTRATIVE:

Finals Schedule

Academic Calendar

Activating your Mason e-mail

UNOFFICIAL DROP DATES
Last day to drop with no tuition liability: Sep. 14
Last day to drop with 33% tuition penalty: Sep. 21
Last day to drop with 67% tuition penalty: Oct 1
Last day to drop with no academic liability: Oct 1

LECTURES:

WEEK	TOPIC
1	DB Security Introduction
2	DB Discretionary Access Control
3	DB Mandatory Access Control
4	Covert Channels
5	Multi Level Secure Relational Model & Polyinstantiation
6	Multi Level Secure DB Architectures
7	MIDTERM
8	Auditing in Relational DBs
9	Infrencing in DBs
10	Privacy, Linking to External DBs, and k-anonymity
11	Encrypted DB
12	Information Warfare Attacks on a DB
13	THANKSGIVING
14	Presentations
15	Presentations
16	FINAL 7:30 - 9:30

PROJECT:
You will also be required to review and present the results of a peer reviewed academic paper regarding database or distributerd system security. Depending on class size, this will either be done individually or as a member of a team.

GRADING:

Grades will be calculated as follows:

Normalize the 100 percentile for each component using the highest score in the class.
Average the individaul percentage scores which alllocates points as follows:

Project

Midterm 33.3%

Final 33.3%

Project 33.3%
Assign grades
A: 90% -100%
B: 70% - 90%
C: 60% - 70%
F: Below 60%

Example: Suppose your grade on the midterm is 50/60=83.3%, your grade on the final is 54/70 = 77.1%, and your grade on the presentation is 74/75 = 98.6 . Let the highest scores in the class on each exam be 58 (58/60=96.6%), 62 (62/70=88.5%), and 75/75=100% respectively. Normalizing your percentile scores by the highest percentile scores yields 83.3/96.6 = 86.2%, 77.1/88.5 = 87.1%, and 98.6/100 = 98.6. Averaging these scores is 90.6% which would be an A.

EXAMS:

One Midterm

Final

GMU Honor Code.
University Finals Schedule

You can NOT make up the exams, and you must take the final during the registrar's official scheduled timeslot
ABSOLUTELY NO EXCEPTIONS!! - Coordinate your travel accordingly.

There will NOT be an option for extra credit.

	Project
Midterm	33.3%
Final	33.3%
Project	33.3%