Computer Science 9616a

Database Security and Privacy

Fall 2015

 

No class Nov. 11.

 

Classes start Wed., Sept. 16, 2015, in MC 316, at 2:30.

The class will move to 3:30 to 5:30 starting Sept. 23It will still be in MC316 for that one week.

Starting Sept. 30, we will meet in MC320, from 3:30 to 5:50 on Wednesdays until the end of term.

 

 

Professor: Sylvia Osborn,   MC 378

email: sylvia at csd dot uwo dot ca  

phone: 519-661-3992

 

Some confidential course information is posted on owl. 

Go to owl.uwo.ca and log in with your Western username and password.

 

Course Outline

Project Suggestions

 

 


Lecture Notes

·        Set 1, Introduction and DAC for relations

·         Readings:

·         Harrison, Ruzzo and Ullman

·         Griffiths and Wade

·        Set 2  MAC and MAC for relations

·         Readings:

·         Sandhu’s Lattice-based access control paper

·         Orange book

·         Seaview Model

·         Jajodia/Sandhu Model

·         Smith/Winslett Model

·        Set 3, Role-based Access Control (RBAC)

·         Readings

·         Sandhu et al. RBAC model

·         Nyanchama and Osborn on the Role Graph Model

·         ANSI RBAC Standard

·         Simulating MAC and DAC with RBAC

·        Set 4, DAC for OODB

·         Readings

·         Rabitti, Bertino, Kim and Woelk paper

·         Samarati, Bertino, Ciampichetti and Jajodia paper

·        Set 5, MAC for OODB

·         Readings

·         Thuraisingham paper

·         Millen and Lunt paper

·        Set 6, Statistical DB security

·         Readings

·         Tracker Paper

·         Statistical Database Security survey

·         Comparison of ideas

·        Set 7, Access control for XML

·         Readings

·         Damiani et al.

·        Set 8, Privacy

·         Readings

·         Hippocratic Databases Paper

·         Barker et al. Taxonomy

·         Byun and Li, Purpose-Based ...

·         Mixing labels with RBAC

·         Storage of Privacy Labels

 

 

 


Takehome Test

 

Part 1  (updated Oct. 13) (updated again Oct. 20)

Part 2

 

 


Schedule for presentations

 

 

 


Some web sites/Books:

 

DBLP Bibliography Server

Security, Privacy and Trust in Modern Data Management, Springer book available on-line through the library.

Security and Trust in On-line Social Networks – a short book in the Morgan & Claypool

          series on Information Security, Privacy & Trust

Short book by Elena Ferrari, “Access Control in Data Management Systems”,

          downloadable from Morgan & Claypool Publishers

Database Security, Castano, et al., ACM Press.  There is a copy in the Taylor Library

Handbook of Database Security

 

 

 


Some Overview Papers:

 

Overview paper by Bertino and Sandhu

Overview paper by Samarati and de Capitani di Vimercati

Survey on Statistical Database Security by Adam and Wortmann

 

Assignment from 2010 (good model for test questions)

 

 


Journals specializing in Security and Privacy (list adapted from Cipher) - not necessarily Database Security and Privacy

 

Journal of Privacy Technology (JOPT),   Editor-in-Chief:  Latanya Sweeney, http://www.jopt.org/.

IEEE Security and Privacy Magazine,   Editor-in-Chief: Carl E. Landwehr, http://computer.org/security/.

ACM Transactions on Information and System Security,   Editor-in-Chief: Gene Tsudik, http://www.acm.org/tissec

IEEE Transactions on Dependable and Secure Computing,   Editor-in-Chief: Virgil D. Gligor, http://www.computer.org/tdsc/

The Kluwer International Series on ADVANCES IN INFORMATION SECURITY. (Book Series)

Journal of Computer Security,   Editor-in-Chief: Sushil Jadodia and Jonathan Millen, http://www.mitre.org/jcs.

Computers & Security,   Editor-in-Chief: Dimitris Gritzalis, http://www.elsevier.com/locate/issn/01674048

International Journal of Information Security,   Editors-in-Chief: D. Gollmann; J. Lopez; E. Okamoto, http://link.springer.de/link/service/journals/10207/index.htm.

International Journal of Network Security,   Editors-in-Chief: Min-Shiang Hwang, http://ijns.nchu.edu.tw/

International Journal of Security and Networks,   Editors-in-Chief: Yang Xiao, http://www.inderscience.com/ijsn/

International Journal of Critical Infrastructure Protection,   Editors-in-Chief: Sujeet Shenoi,  http://www.elsevier.com/locate/ijcip

IEEE Transactions on Information Forensics and Security,   Editors-in-Chief: Nasir D. Memon, http://www.ieee.org/organizations/society/sp/tifs.html

 

 


Conferences relevant to Database Security (list far from complete)

 

IFIP Database Security, known as DBSEC on DBLP:  http://spdp.di.unimi.it/~ifip113/conferences

ACM SACMAT, Symposium on Access Control Models and Technologies: http://www.sacmat.org/2015/history.php

ESORICS, European Symposium on Research in Computer Security:  http://dblp.uni-trier.de/db/conf/esorics/index.html

CODASPY, ACM Conference on Data and Application Security and Privacy:  http://codaspy.org