Download Lecture 28 - The University of Texas at Dallas

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
Document related concepts
no text concepts found
Transcript 
Data and Applications Security
Developments and Directions
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
Secure Knowledge Management:
and Web Security
November 5, 2010
Outline of the Unit
 Background on Knowledge Management
 Secure Knowledge Management
 Confidentiality, Privacy and Trust
 Integrated System
 Secure Knowledge Management Technologies
 Web Security
 Digital Libraries
 Directions
References
 Proceedings Secure Knowledge Management Workshop
- Secure Knowledge Management Workshop, Buffalo, NY,
September 2004
- http://www.cse.buffalo.edu/caeiae/skm2004/
 Secure Knowledge Management
- Bertino, Khan, Sandhu and Thuraisingham
- IEEE Transactions on Systems man and Cybernetics
- This lecture is based on the above paper
What is Knowledge Management
 Knowledge management, or KM, is the process through which
organizations generate value from their intellectual property and
knowledge-based assets
 KM involves the creation, dissemination, and utilization of
knowledge
 Reference: http://www.commerce-database.com/knowledge-
management.htm?source=google
Knowledge Management Components
Knowledge
Components of
Management:
Components,
Cycle and
Technologies
Components:
Strategies
Processes
Metrics
Cycle:
Knowledge, Creation
Sharing, Measurement
And Improvement
Technologies:
Expert systems
Collaboration
Training
Web
Organizational Learning Process
Diffusion Tacit, Explicit
Identification
Creation
Source:
Reinhardt and Pawlowsky
Metrics
Action
Integration
Modification
Aspects of Secure Knowledge Management
(SKM)
 Protecting the intellectual property of an organization
 Access control including role-based access control
 Security for process/activity management and workflow
- Users must have certain credentials to carry out an activity
 Composing multiple security policies across organizations
 Security for knowledge management strategies and processes
 Risk management and economic tradeoffs
 Digital rights management and trust negotiation
SKM: Strategies, Processes, Metrics, Techniques
 Security Strategies:
- Policies and procedures for sharing data
- Protecting intellectual property
- Should be tightly integrated with business strategy
 Security processes
- Secure workflow
- Processes for contracting, purchasing, order
management, etc.
 Metrics
- What is impact of security on number of documents
published and other metrics gathered
 Techniques
Access control, Trust management
-
SKM: Strategies, Processes, Metrics, Techniques
Aspects of
Secure
Knowledge
Components
Managementof
Security
Strategies:
Policies,
Plans, and
Procedures
Security
Processes:
Processes for
Workflow, Order
Management,
Contracting, - - -
Technologies:
Privacy Preserving
Data Mining,
Secure Semantic
Web
Security
Metrics:
Security
Techniques:
Security impact on
Metrics gathered
for data sharing
Access Control,
Trust Management,
----
Security Impact on
Organizational Learning Process
Diffusion Tacit, Explicit
Identification
Creation
What are the restrictions
On knowledge sharing
By incorporating security
Metrics
Action
Integration
Modification
Security Policy Issues for Knowledge
Management
 Defining Policies during Knowledge Creation
 Representing policies during knowledge
management
 Enforcing policies during knowledge manipulation
and dissemination
Secure Knowledge Management Architecture
Define Security Policies
Knowledge
Creation and
Acquisition
Manager
Enforce Security
Policies for dissemination
Knowledge
Dissemination
and Transfer
Manager
Represent Security Policies
Knowledge
Representation
Manager
Enforce Security
Policies for access
Knowledge
Manipulation
And Sustainment
Manager
SKM for Coalitions
 Organizations for federations and coalitions work together to
solve a problem
- Universities, Commercial corporation, Government
agencies
 Challenges is to share data/information and at the same time
ensure security and autonomy for the individual
organizations
 How can knowledge be shared across coalitions?
SKM Coalition Architecture
Knowledge for Coalition
Export
Knowledge
Export
Knowledge
Export
Knowledge
Component
Knowledge for
Agency A
Component
Knowledge for
Agency C
Component
Knowledge for
Agency B
SKM Technologies
 Data Mining
- Mining the information and determine resources without
violating security
 Secure Semantic Web
Secure knowledge sharing
 Secure Annotation Management
- Managing annotations about expertise and resources
 Secure content management
Markup technologies and related aspects for managing
content
 Secure multimedia information management
-
-
Directions for SKM
 We have identified high level aspects of SKM
- Strategies, Processes. Metrics, techniques, Technologies,
Architecture
 Need to investigate security issues
RBAC, UCON, Trust etc.
 CS departments should collaborate with business schools on
KM and SKM
-
Web Security
 End-to-end security
- Need to secure the clients, servers, networks, operating
systems, transactions, data, and programming languages
- The various systems when put together have to be secure

Composable properties for security
 Access control rules, enforce security policies, auditing,
intrusion detection
 Verification and validation
 Security solutions proposed by W3C and OMG
 Java Security
 Firewalls
 Digital signatures and Message Digests, Cryptography
Attacks to Web Security
Security
Threats and
Violations
Access
Control
Violations
Denial of
Service/
Infrastructure
Attacks
Integrity
Violations
Fraud
Sabotage
Confidentiality
Authentication
Nonrepudiation
Violations
Secure Web Components
Secure
Web
Components
Secure
Clients
Secure
Servers
Secure
Databases
Secure
Middleware
Secure
Protocols
Secure
Networks
E-Commerce Transactions
 E-commerce functions are carried out as transactions
- Banking and trading on the internet
- Each data transaction could contain many tasks
 Database transactions may be built on top of the data transaction
service
- Database transactions are needed for multiuser access to web
databases
- Need to enforce concurrency control and recovery techniques
Types of Transaction Systems
 Stored Account Payment
- e.g., Credit and debit card transactions
- Electronic payment systems
- Examples: First Virtual, CyberCash, Secure Electronic Transaction
 Stored Value Payment
- Uses bearer certificates
- Modeled after hard cash

Goal is to replace hard cash with e-cash
- Examples: E-cash, Cybercoin, Smart cards
Building Database Transactions
Database Transaction Protocol
Payments Protocol
HTTP Protocol
Socket Protocol
TCP/IP Protocol
Secure Digital Libraries
 Digital libraries are e-libraries
- Several communities have developed digital libraries

Medical, Social, Library of Congress
 Components technologies
- Web data management, Multimedia, information retrieval,
indexing, browsing, -- -  Security has to be incorporated into all aspects
- Secure models for digital libraries, secure functions
Secure Digital Libraries
Secure Search Engine
Secure Data
Manager
•••
Secure Knowledge
Manager
Datasets
Secure Communication
Network
Participating
Policy Manager
Site N
Datasets
Documents
Tools
Secure Web Databases
 Database access through the web
- JDBC and related technologies
 Query, indexing and transaction management
- E.g., New transaction models for E-commerce applications
- Index strategies for unstructured data
 Query languages and data models
- XML has become the standard document interchange language
 Managing XML databases on the web
- XML-QL, Extensions to XML, Query and Indexing strategies
 Integrating heterogeneous data sources on the web
- Information integration and ontologies are key aspects
 Mining the data on the web
- Web content, usage, structure and content mining
Directions for Web Security
 End-to-end security
- Secure networks, clients, servers, middleware
- Secure Web databases, agents, information retrieval
systems, browsers, search engines, - -  As technologies evolve, more security problems
- Data mining, intrusion detection, encryption are some of
the technologies for security
 Next steps
Secure semantic web, Secure knowledge management
- Building trusted applications from untrusted components
-
Related documents
MS Word (Final Version) - Web Science Repository
MS Word (Final Version) - Web Science Repository
KM Strategy - Stellar Leadership
KM Strategy - Stellar Leadership
Design Patterns
Design Patterns
HudsonAlpha, Communication Intern Description:
HudsonAlpha, Communication Intern Description:
s am gr ro
s am gr ro
Chapter 7
Chapter 7
Job Description
Job Description
Read More
Read More
Marketing Performance Systems
Marketing Performance Systems
Lecture 22 - The University of Texas at Dallas
Lecture 22 - The University of Texas at Dallas
teaching digital and social media metrics and
teaching digital and social media metrics and
No Slide Title
No Slide Title