ISA 765 - Databases and Distributed System Security

George Mason University

Department Of Computer Science

Spring 2009

ISA 765 - Databases and Distributed System Security

Thursday 7:20 p.m. - 10:00 p.m.
Science and Technology I Room 122
Dr. Michael Smeltzer
msmeltze at gmu dot edu
Office Hours: By Appointment

DESCRIPTION : ISA 765 Course Web Page

Course Catalog: Science and study of methods of protecting data: discretionary and mandatory access controls, secure database design, data integrity, secure architectures, secure transaction processing, information flow controls, inference controls, and auditing. Covers security models for relational and object-oriented databases; security of databases in distributed environment; statistical database security; and survey of commercial systems and research prototypes.

PREREQUISITES :

ISA 614 - Database Management
ISA 562 - Information Security Theory and Practice

The following concepts will be used in the course with minimum or no instruction:

DB replication
DB accounts
Relations, attributes, tuples
Atomicity
Schema
Simple SQL (select, join)
Views
First normal form
Primary keys
Reference monitors
Referential integrity
Functional dependencies
DB consistency
DB indices
DB relational algebra
PKI
Digital signatures
Encryption
DAC and MAC

TEXT:
Marshall D. Abrams, Sushil Jajodia, and Harold J. Podell, eds. Information Security: An Integrated Collection of Essays, IEEE Computer Society Press, 1995. Available on line from Information Security Bookshelf

We will also read papers from the GMU Digital Library, and some found on the Internet. Since there are several papers associated with the lectures, students always ask if the papers will be covered on the exams. The answer is some of the papers are the basis of the lecture material, some present other views for clarification of the lecture content, and some leverage ideas in the lectures.

ADMINISTRATIVE:
Finals Schedule
Academic Calendar
Activating your Mason e-mail

UNOFFICIAL DROP DATES
Last day to drop with no tuition liability: Feb. 4
Last day to drop with 33% tuition penalty: Feb. 10
Last day to drop with 67% tuition penalty: Feb. 20
Last day to drop with no academic liability: Feb. 20

LECTURES:

WEEK	TOPIC
1/22	DB Security Introduction
1/29	DB Discretionary Access Control
2/5	DB Mandatory Access Control
2/12	Covert Channels
2/19	Multi Level Secure Relational Model & Polyinstantiation
2/26	Multi Level Secure DB Architectures
3/5	MIDTERM
3/12	SPRING BREAK
3/19	Recovery From Information Warfare Attacks on a DB
3/26	Auditing & Infrencing in DBs
4/2	Inferencing in DBs & Database Privacy
4/9	Privacy, Linking to External DBs & k-anonymity
4/16	Encrypted DB
4/23	Student Presentations
4/30	Student Presentations
5/7	FINAL 7:30 - 9:30

OPTIONAL PROJECT:

You have the option of doing a project on DB security. This option is provided for those students who are not comfortable having their grade based on only two exams: a midterm and a final. If you would like to exercise this option, you must do so by January 30. Team size will depend on how may students choose to do a project. The project will consist of some research on an aspect of database security, a 30 minute presentation to the class and an annotated version of the presentation turned in to me on the day of your presentation. Presentations can be done any time during the term.

GRADING:

Grades will be calculated as follows, depending on whether or not you choose to do a project:

Normalize the 100 percentile for each component using the highest score in the class.
Average the individaul percentage scores which alllocates points as follows:

Project No Project

Midterm 33.3% 50%

Final 33.3% 50%

Project 33.3%
Assign grades
A: 90% -100%
B: 70% - 90%
C: 60% - 70%
F: Below 60%

Example 1: Suppose you choose not to do a project. Suppose your grade on the midterm is 50/60=83.3%, and your grade on the final is 54/70 = 77.1%. Let the highest score on each exam be 58 (96.6%) and 62 (88.5%) respectively. Normalizing your percentile scores by the highest percentile scores yields 86.2% and 87.1%. Averaging these scores is 86.6% which would be a B.

Example 2: Suppose your grades are the same as in the first example, but you decide to do a project, and your grade on the presentation is 95/100 = 95%. If the high grade in the class on the project is 100 (100%), your final score would be the average: (86.2% + 87.1% + 95%)/3 = 89.4%which would be an A- or an A

EXAMS:

One Midterm
Final

GMU Honor Code.
University Finals Schedule

You can NOT make up the exams, and you must take the final during the registrar's official scheduled timeslot
ABSOLUTELY NO EXCEPTIONS!! - Coordinate your travel accordingly.

There will NOT be an option for extra credit.

	Project	No Project
Midterm	33.3%	50%
Final	33.3%	50%
Project	33.3%