Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
CSCE 824 Secure and Distributed Database Management Systems Farkas CSCE 824 1 Course Aim Advanced understanding of DBMS concepts – From relation to un- and semistructured data models – New type of applications – Security needs Farkas CSCE 824 2 Reference Materials Required text book: – T. Ozsu and P. Valduriez, Principles of Distributed Database Systems, Springer; 3rd Edition. edition (March 2, 2011), ISBN-10: 1441988335 Recommended: – M. Gertz, S. Jajodia, Handbook of database security: applications and trend, Springer 2008 – Castano, Fugini, Martella, Samarati: Database Security, Addison-Wesley, 1995 Farkas CSCE 824 3 Conference Proceedings and Journals Farkas Proceedings of Secure Data Management Workshop, links: 2012 http://www.hitech-projects.com/sdmworkshop/sdm12.html , 2011 http://www.hitechprojects.com/sdm-workshop/sdm11.html Proceedings of IFIP WG 11.3 Data and Application Security and Privacy, links: 2012 http://conferences.telecom-bretagne.eu/dbsec2012/ , 2011 http://www.egr.vcu.edu/dbsec2011/ Proceedings of International Conference of Very Large Databases (VLDB), links: 2012 http://www.vldb2012.org/ , 2011 http://www.vldb.org/2011/ CSCE 824 4 Journals and Books Farkas IEEE Transactions on Knowledge and Data Engineering (TKDE) ACM Transactions on Information and System Security (TISSEC) M. Gertz, S. Jajodia, Handbook of database security: applications and trend, Springer 2008 CSCE 824 5 Challenge Farkas Research project: there will be one individual student research project. Students must present the related work and their results to the class in the last lectures of the semester. Homework assignments. There will be several homework exercises and reading for the lectures. Tests: there will be two tests covering the course materials. Both tests are open book, in-class tests. The second test (final exam) is comprehensive. CSCE 824 6 Grading Farkas Research project: 40%, Test 1 : 20%, Test 2: 25%, Homework assignment: 20% 90 < A; 87 < B+ <= 90; 80 < B <= 87; 76 < C+ <=80; 65 < C <= 76; 60 < D+ <= 65; 50 <D <= 60 CSCE 824 7 Topics Covered Farkas Weeks 1-4: Distributed Databases Weeks 5-7: Non-traditional databases Weeks 7-11: Database Security Weeks 12-15: Student Presentations CSCE 824 8 Students’ Introduction Farkas CSCE 824 9 Database Management System (DBMS) Collection of – interrelated data and – set of programs to access the data Convenient and efficient processing of data Database Application Software Farkas CSCE 824 10 Evolution of Database Systems Farkas Early days: customized applications built on top of file systems Drawbacks of using file systems to store data: – Data redundancy and inconsistency – Difficulty in accessing data – Atomicity of updates – Concurrency control – Security – Data isolation — multiple files and formats – Integrity problems CSCE 824 11 Abstraction View level: different perspectives – Application programs hide irrelevant data Logical level: data models – Logical representation of data – Different approaches: hierarchical, network, object oriented, semi-structured, etc. – Data independence principle Farkas Physical level: how data is stored CSCE 824 12 Data Models A collection of tools for describing – – – – Farkas Data Relationships among data items Semantics of stored data Database constraints CSCE 824 13 Database Management Systems Smaller and smaller systems – Past: large and expensive DBMS – Present: DBMS in most personal computers More and more data stored – BIG DATA – Past: few MB – Present: terabyte (1012 bytes), petabyte (1015 bytes) Farkas Functionality: from physical to view level Optimization CSCE 824 14 Data Definition Language (DDL) Farkas Defines the database schema and constraints DDL compiler data dictionary Metadata – data about data CSCE 824 15 Data Manipulation Language (DML) Accessing and manipulating the data Query Languages – Procedural – user specifies what data is required and how to get those data – Nonprocedural – user specifies what data is required without specifying how to get those data Farkas CSCE 824 16 Current Demands Farkas Efficient data processing of large data sets Long running transactions Real-time demand Usability for specific applications … CSCE 824 17 Data Security Security Objectives Farkas Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper modification of information Availability: prevent/detect/deter improper denial of access to services CSCE 824 19 Security Threats Farkas Poor design Insufficient quality control Accidents Attacks CSCE 824 20 Achieving Security Policy – What to protect? Mechanism – How to protect? Assurance – How good is the protection? Farkas CSCE 824 21 Database Security Farkas Security Policy Access control models Inference control Integrity protection Privacy problems Fault tolerance and recovery Auditing and intrusion detection CSCE 824 22 Next Class Relational data model Farkas CSCE 824 23