Download INSE 691X DATABASE SECURITY AND PRIVACY

Reading List:
The following papers are covered in this course.
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Griffiths, P. P. and Wade, B. W. 1976. An authorization mechanism for a relational
database system. ACM Trans. Database Syst. 1, 3 (Sep. 1976), 242-255.
Jajodia, S., Samarati, P., Subrahmanian, V. S., and Bertino, E. 1997. A unified
framework for enforcing multiple access control policies. In Proceedings of the 1997
ACM SIGMOD international Conference on Management of Data (Tucson, Arizona,
United States, May 11 - 15, 1997). J. M. Peckman, S. Ram, and M. Franklin, Eds.
SIGMOD '97. ACM Press, New York, NY, 474-485.
Rizvi, S., Mendelzon, A., Sudarshan, S., and Roy, P. 2004. Extending query rewriting
techniques for fine-grained access control. In Proceedings of the 2004 ACM SIGMOD
international Conference on Management of Data (Paris, France, June 13 - 18, 2004).
SIGMOD '04. ACM Press, New York, NY, 551-562.
Logical Design of Audit Information in Relational Databases, in Information Security:
An Integrated Collection of Essays, Marshall D. Abrams, Sushil Jajodia, Harold J.
Podel, editors, IEEE Computer Society Press
B. Schneier and J. Kelsey, Cryptographic Support for Secure Logs on Untrusted
Machines, The Seventh USENIX Security Symposium Proceedings, USENIX Press,
January 1998, pp. 53-62.
P. Liu, P. Ammann, and S. Jajodia. Rewriting histories: Recovering from malicious
transactions. Distributed and Parallel Databases, TKDE, 1999.
B. Waters, D. Balfanz, G. Durfee and D. Smetters. Building an Encrypted and
Searchable Audit Log. In proceedings of NDSS 2004.
Architectures for MLS Database Management Systems, in Information Security: An
Integrated Collection of Essays, Marshall D. Abrams, Sushil Jajodia, Harold J. Podel,
editors, IEEE Computer Society Press
Solutions to the Polyinstantiation Problem, in Information Security: An Integrated
Collection of Essays, Marshall D. Abrams, Sushil Jajodia, Harold J. Podel, editors, IEEE
Computer Society Press
Inference Control in Statistical Databases, in Preserving Privacy in On-Line Analytical
Processing (OLAP), L. Wang, S. Jajodia, D. Wijesekera, , Springer, 2007, ISBN:
0387462732
Adam, N. R. and Worthmann, J. C. 1989. Security-control methods for statistical
databases: a comparative study. ACM Comput. Surv. 21, 4 (Dec. 1989), 515-556.
Denning, D. E. and Denning, P. J. 1979. The tracker: a threat to statistical database
security. ACM Trans. Database Syst. 4, 1 (Mar. 1979), 76-96.
Dobkin, D., Jones, A. K., and Lipton, R. J. 1979. Secure databases: protection against
user influence. ACM Trans. Database Syst. 4, 1 (Mar. 1979), 97-106.
Chin, F. Y. 1978. Security in statistical databases for queries with small counts. ACM
Trans. Database Syst. 3, 1 (Mar. 1978), 92-104.
Chin, F. Y., and Ozsoyoglu, G. Auditing and inference control in statistical databases.
IEEE Trans. Softw. Eng. SE-8, 6 (Nov. 1982), 574-582.
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Chin, F. Y. and Kossowski, P. 1981. Efficient inference control for range SUM queries
on statistical data bases. In Proceedings of the 1st LBL Workshop on Statistical
Database Management (Melno Park, California, December 02 - 04, 1981). H. K. Wong,
Ed. Lawrence Berkeley Laboratory, Berkeley, CA, 239-248.
Demillo, R.A., Dobkin, D., and Lipton, R.J. Even data bases that lie can be
compromised. IEEE Trans. on Software Engrg. SE-4, 1 (Jan. 1977), 73-75.
Chin, F. 1986. Security problems on inference control for SUM, MAX, and MIN
queries. J. ACM 33, 3 (May. 1986), 451-464.
H. Hacigumus, B. R. Iyer, and S. Mehrotra. Providing database as a service. In Proc. of
the Int'l Conf. on Data Engineering, San Jose, California, March 2002.
Song, D. X., Wagner, D., and Perrig, A. 2000. Practical Techniques for Searches on
Encrypted Data. In Proceedings of the 2000 IEEE Symposium on Security and Privacy
(May 14 - 17, 2000). SP. IEEE Computer Society, Washington, DC, 44.
F. Valeur, D. Mutz, and G. Vigna. A Learning-Based Approach to the Detection of SQL
Attacks. In Proc. of the Conference on Detection of Intrusions and Malware and
Vulnerability Assessment (DIMVA), Vienna, Austria, Jul. 2005.
Lee, S. Y., Low, W. L., and Wong, P. Y. 2002. Learning Fingerprints for a Database
Intrusion Detection System. In Proceedings of the 7th European Symposium on
Research in Computer Security (October 14 - 16, 2002). D. Gollmann, G. Karjoth, and
M. Waidner, Eds. Lecture Notes In Computer Science, vol. 2502. Springer-Verlag,
London, 264-280.
Boyd, S., Keromytis, A.: SQLrand: Preventing SQL injection attacks. In Jakobsson, M.,
Yung, M., Zhou, J., eds.: Proceedings of the 2nd Applied Cryptography and Network
Security (ACNS) Conference. Volume 3089 of Lecture Notes in Computer Science.,
Springer-Verlag (2004) 292--304.
H. Guo, Y. Li, A. Liu and S.Jajodia, “A Fragile Watermarking Scheme for Detecting
Malicious Modifications of Database Relations”, Information Sciences , Vol. 176, No.
10, 2006, pp 1350-1378
Lingyu Wang, Chao Yao, Anoop Singhal, Sushil Jajodia, "Interactive analysis of attack
graphs using relational queries," Proc.20th Annual IFIP WG 11.3 Working Conference
on Data and Applications Security, Springer Lecture Notes in Computer Science, Vol.
4127, Ernesto Damiani and Peng Liu, editors, Sophia Antipolis, France, July 31 August 2, 2006, pages 119-132
R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. Implementing P3P using database
technology. In Proc. of the 19th Int'l Conference on Data Engineering, Bangalore, India,
March 2003.
R. Agrawal, J. Kiernan, R. Srikant and Y. Xu. "Hippocratic Databases". Proc. of the
28th Int'l Conf. on Very Large Databases (VLDB 2002), Hong Kong, China, August
2002.
Gruteser, M. and Grunwald, D. 2003. Anonymous Usage of Location-Based Services
Through Spatial and Temporal Cloaking. In Proceedings of the 1st international
Conference on Mobile Systems, Applications and Services (San Francisco, California,
May 05 - 08, 2003). MobiSys '03. ACM Press, New York, NY, 31-42.
Samarati P and Sweeney L. Protecting privacy when disclosing information: kanonymity and its enforcement through generalization and suppression, Technical
Report SRI-CSL-98-04, SRI Computer Science Laboratory. Palo Alto, CA. 1998.
Ashwin Machanavajjhala , Johannes Gehrke , Daniel Kifer , Muthuramakrishnan
Venkitasubramaniam, l-Diversity: Privacy Beyond k-Anonymity, Proceedings of the
•
•
•
•
•
•
•
•
22nd International Conference on Data Engineering (ICDE'06), p.24, April 03-07, 2006
Bayardo, R. J. and Agrawal, R. 2005. Data Privacy through Optimal k-Anonymization.
In Proceedings of the 21st international Conference on Data Engineering (Icde'05) Volume 00 (April 05 - 08, 2005). ICDE. IEEE Computer Society, Washington, DC,
217-228.
Yao, C., Wang, X. S., and Jajodia, S. 2005. Checking for k-anonymity violation by
views. In Proceedings of the 31st international Conference on Very Large Data Bases
(Trondheim, Norway, August 30 - September 02, 2005). Very Large Data Bases. VLDB
Endowment, 910-921.
Chao Yao, Lingyu Wang, X. Sean Wang, Sushil Jajodia, “Indistinguishability: the other
aspect of privacy,” Proc. 3rd VLDB Workshop on Secure Data Management (SDM
2006), Springer Lecture Notes in Computer Science, Vol. 4165, September 10-11, 2006,
pages 1-17.
Miklau, G. and Suciu, D. 2007. A formal analysis of information disclosure in data
exchange. J. Comput. Syst. Sci. 73, 3 (May. 2007), 507-534.
Gedik, B. and Liu, L. 2005. Location Privacy in Mobile Systems: A Personalized
Anonymization Model. In Proceedings of the 25th IEEE international Conference on
Distributed Computing Systems (Icdcs'05) - Volume 00 (June 06 - 10, 2005). ICDCS.
IEEE Computer Society, Washington, DC, 620-629.
R. Agrawal and S. Ramakrishnan. Privacy-preserving data mining. In Proceedings of of
the 2000 ACM SIGMOD International Conference on Management of Data, pp. 439-450, 2000.
R. Agrawal, A. Evfimievski and R. Srikant, " Information Sharing across Private
Databases ", Proc. of the ACM SIGMOD Int'l Conference on Management of Data, San
Diego, California, June 2003.
L. Wang, S. Jajodia, and D. Wijesekera. Securing OLAP data cubes against privacy
breaches. In In Proc. of the 2004 IEEE Symposium on Security and Privacy.