csci5939 Database Security

CSCI5939 Independent Study
Database Security

Fall 2002

Objectives: The focus of this class is the study of security issues related to database management systems and applications, and the development of projects that integrate database security technologies.

Evaluation: Three software development projects + a final report + participation.

Final report: The final report should summarize the projects, including how the systems were set up, problem descriptions of the projects, design of the applications, source codes of the applications, screen snapshots, lessons learned, and possible future extension of the work.

How to cite published work in your papers?

Important! Read the above before writing your papers or reports.

To obtain articles from the ACM Digital Library:

Use any of the lab computers in the campus to download the articles from http://www.acm.org/dl .

Meeting Time & Place: Thursday 5-6pm (Delta 106)

Study list & due dates

Projects

References & links

Study list & due dates

Note: The schedule will continue to be updated until it is complete.

For students enrolled in the class: Feel free to send your suggestions or comments to me (at yang@uhcl.edu) concerning the selected articles. It is expected that each individual in the class would present 2~3 articles within the semester. If you happen to find an interesting, related article and would like to present it to the class, please let me know.

Week (Date)	Papers	Due
1 (8/29)	Handout for next week
2 (9/5)	RSA Security. Securing Data At Rest: Developing a Database Encryption Strategy . A white paper.
3 (9/12)	Encoding schemes: Base64	presentation slides
4 (9/19)	Charles P. Pfleeger. Security in Computing . (Chapter 8).	slides for 8.4-8.8
5 (9/26)	Wayne Rash. "Encrypt your database? You bet" . ZDNet Tech Update. August 21, 2002. Protegrity's secure.data suite
6 (10/3)	Sun Solaris Data Encryption - Data encryption and security for the Solaris 8 Operating Environment.. ZDNet Tech Update (PRODUCT INFO).	Project 1
7 (10/10)	nCipher solution: Securing databases (a hardware solution)	Design of project 2
8 (10/17)	Kevin Strange. "Data warehouses: A security disaster" . ZDNet Tech Update. August 29, 2002.
9 (10/24)	Nabil R. Adam , John C. Worthmann. "Security-control methods for statistical databases: a comparative study" . ACM Computing Surveys (CSUR). Volume 21 Issue 4. December 1989.	Project 2
10 (10/31)	Hua Wang , Jinli Cao , Yanchuan Zhang. "Ticket-based service access scheme for mobile users" . Proceedings of the twenty-fifth Australasian conference on Computer science - Volume 4. January 2002.
11 (11/7)	Enhanced privacy and authentication for the global system for mobile communications Chii-Hwa Lee , Min-Shiang Hwang , Wei-Pang Yang Wireless Networks July 1999 Volume 5 Issue 4	Design of project 3
12 (11/14)	Bertino, E., E. Ferrari, etc. "Data Security" . Proceedings of the 22nd International Computer Software and Application Conference. August 1998.
13 (11/21)	Kirkgöze, Remzi, Nevena Katic, Mladen Stolba, A. Min Tjoa. "A Security Concept for OLAP" . Proceedings of the 8th International Workshop on Database and Expert Systems Applications (DEXA '97). September 1997. -- A data warehouse collects and integrates data from multiple, autonomous, heterogeneous sources with the purpose of efficiently implementing decision support or OLAP queries. Much work in data warehousing has been performed on view materialization and...	Project 3
14 (11/28)	Thanksgiving holiday. No meeting.
15 (12/5)	Baldwin, Robert W. "Naming and Grouping Privileges to Simplify Security Management in Large Databases" . Proceedings of the 1990 IEEE Symposium on Security and Privacy . May, 1990.	Demo & Final report

PROJECTS

Project 1: Initial Survey

A. (50 pts) Identify a sample database application into which you plan to integrate security technologies. Design the overall architecture of the application using UML. Hand in the following items:

A description of the application. Clearly describe the nature of the application, what you plan to accomplish in this class, what would be the major challenges of developing the application, and what technologies and tools you plan to use to answer those challenges .

A high level application architecture using UML. Clearly identify the classes, their attributes/methods, and the associations among the classes. Include an inheritance hierarchy if necessary.

For each of the technologies that would be employed in your project (J2EE, J2BC, SSL, et. al.), describe its fundamental mechanism (50 words) and its role in the application.

Break the development of the project into two parts: Part 1 shall be completed in project 2, and part 2 in project 3. Describe the outcome from each of the two parts, in terms of functionalities of the application.

B. (50 pts) Based on the development and security technologies that you plan to employ in your projects, find six to 10 relevant articles that you plan to study in this class. The articles may come from computer magazines, ACM digital library, and other references. For each of the articles, briefly (50 words) describe its significance and why you think it should be included in the study list. Rank the papers based on the order of presentation.

Project 2: Part 1 of your project.

Project 3: Part 2 of your project.

REFERENCES

Inference Control

Dorothy E. Denning , Peter J. Denning. "Data Security" . ACM Computing Surveys (CSUR). Volume 11 Issue 3. September 1979.
Steven P. Reiss. "Security in Databases: A Combinatorial Study" . Journal of the ACM (JACM). Volume 26 Issue 1. January 1979.

Security Models

By Timothy Dyck. "Row-Level Security Set for SQL Server" . eWeek. November 11, 2002.