Computer Science 9616a

Database Security and Privacy

Fall 2015


No class Nov. 11.


Classes start Wed., Sept. 16, 2015, in MC 316, at 2:30.

The class will move to 3:30 to 5:30 starting Sept. 23It will still be in MC316 for that one week.

Starting Sept. 30, we will meet in MC320, from 3:30 to 5:50 on Wednesdays until the end of term.



Professor: Sylvia Osborn,   MC 378

email: sylvia at csd dot uwo dot ca  

phone: 519-661-3992


Some confidential course information is posted on owl. 

Go to and log in with your Western username and password.


Course Outline

Project Suggestions



Lecture Notes

·        Set 1, Introduction and DAC for relations

·         Readings:

·         Harrison, Ruzzo and Ullman

·         Griffiths and Wade

·        Set 2  MAC and MAC for relations

·         Readings:

·         Sandhu’s Lattice-based access control paper

·         Orange book

·         Seaview Model

·         Jajodia/Sandhu Model

·         Smith/Winslett Model

·        Set 3, Role-based Access Control (RBAC)

·         Readings

·         Sandhu et al. RBAC model

·         Nyanchama and Osborn on the Role Graph Model

·         ANSI RBAC Standard

·         Simulating MAC and DAC with RBAC

·        Set 4, DAC for OODB

·         Readings

·         Rabitti, Bertino, Kim and Woelk paper

·         Samarati, Bertino, Ciampichetti and Jajodia paper

·        Set 5, MAC for OODB

·         Readings

·         Thuraisingham paper

·         Millen and Lunt paper

·        Set 6, Statistical DB security

·         Readings

·         Tracker Paper

·         Statistical Database Security survey

·         Comparison of ideas

·        Set 7, Access control for XML

·         Readings

·         Damiani et al.

·        Set 8, Privacy

·         Readings

·         Hippocratic Databases Paper

·         Barker et al. Taxonomy

·         Byun and Li, Purpose-Based ...

·         Mixing labels with RBAC

·         Storage of Privacy Labels




Takehome Test


Part 1  (updated Oct. 13) (updated again Oct. 20)

Part 2



Schedule for presentations




Some web sites/Books:


DBLP Bibliography Server

Security, Privacy and Trust in Modern Data Management, Springer book available on-line through the library.

Security and Trust in On-line Social Networks – a short book in the Morgan & Claypool

          series on Information Security, Privacy & Trust

Short book by Elena Ferrari, “Access Control in Data Management Systems”,

          downloadable from Morgan & Claypool Publishers

Database Security, Castano, et al., ACM Press.  There is a copy in the Taylor Library

Handbook of Database Security




Some Overview Papers:


Overview paper by Bertino and Sandhu

Overview paper by Samarati and de Capitani di Vimercati

Survey on Statistical Database Security by Adam and Wortmann


Assignment from 2010 (good model for test questions)



Journals specializing in Security and Privacy (list adapted from Cipher) - not necessarily Database Security and Privacy


Journal of Privacy Technology (JOPT),   Editor-in-Chief:  Latanya Sweeney,

IEEE Security and Privacy Magazine,   Editor-in-Chief: Carl E. Landwehr,

ACM Transactions on Information and System Security,   Editor-in-Chief: Gene Tsudik,

IEEE Transactions on Dependable and Secure Computing,   Editor-in-Chief: Virgil D. Gligor,

The Kluwer International Series on ADVANCES IN INFORMATION SECURITY. (Book Series)

Journal of Computer Security,   Editor-in-Chief: Sushil Jadodia and Jonathan Millen,

Computers & Security,   Editor-in-Chief: Dimitris Gritzalis,

International Journal of Information Security,   Editors-in-Chief: D. Gollmann; J. Lopez; E. Okamoto,

International Journal of Network Security,   Editors-in-Chief: Min-Shiang Hwang,

International Journal of Security and Networks,   Editors-in-Chief: Yang Xiao,

International Journal of Critical Infrastructure Protection,   Editors-in-Chief: Sujeet Shenoi,

IEEE Transactions on Information Forensics and Security,   Editors-in-Chief: Nasir D. Memon,



Conferences relevant to Database Security (list far from complete)


IFIP Database Security, known as DBSEC on DBLP:

ACM SACMAT, Symposium on Access Control Models and Technologies:

ESORICS, European Symposium on Research in Computer Security:

CODASPY, ACM Conference on Data and Application Security and Privacy: