|
New England Database
Society sponsored by Sun Microsystems |
| |
|
NEDS |
XML Security and Directions for Data and Applications Security
Bhavani
Thuraisingham
Arlington, VA
Friday, September 26, 2003, 4:00
PM
Volen 101, Brandeis
University
(preceded by a wine and cheese reception at 3:00 pm)
Abstract:
As the demand for data and information management increases, there is also a critical need for maintaining the security of the databases, applications and information systems. Data and information have to be protected from unauthorized access as well as from malicious corruption. With the advent of the web it is even more important to protect the data and information as numerous individuals now have access to this data and information. Therefore, we need effective mechanisms for securing data and applications.
This presentation will be divided into two parts. The first part will start with a brief overview of the developments in data and applications security. Then we will provide more details of our recent research on XML (Extensible Markup Language) security. XML is becoming the standard document interchange language for the web and therefore it is necessary to provide secure access to and dissemination of XML documents. First we will describe a credential-based access control policy for XML documents. Our protection objects are different components of XML documents. Next we will discuss selective and authentic third-party distribution of XML documents. In a third-party architecture there is a distinction between owner and publisher of a document. The challenge is for the owner to ensure the secure publication of his data even if the data is managed by a third party. We will discuss an approach that does not require the publisher to be trusted and also describe a way for subjects to ensure the authenticity of a document in a query response.
Part II of the presentation will discuss directions for Data and Applications security and describe the interdisciplinary research that needs to be done. We will then discuss some topics of interest including secure real-time systems and secure semantic web. XML security is a prerequisite to securing the semantic web. Finally we will examine the conflicts between data mining for national security and threats to privacy and discuss how our prior research on the inference problem could be adapted to handle the privacy problem.
Speaker Bio:
Dr. Bhavani Thuraisingham is the Program Director for Data and Applications Security at the National Science Foundation in Arlington, VA and also manages the Information Management focus area for NSF'ss Information Technology Research. She has been on IPA to NSF from the MITRE Corporation since October 2001. She has been with MITRE since January 1989 where was the department head in Data and Information Management in the Information Technology Division and later chief scientist in data management in MITRE's Air Force Center. She has conducted research in secure databases for over eighteen years for several government sponsors and has provided directions for research in data management and database security to the Department of Defense, Intelligence Community and Treasury. She is the recipient of IEEE Computer Society's 1997 Technical Achievement Award for "outstanding and innovative contributions to secure distributed data management" and recently IEEE's 2003 Fellow Award for "contributions to secure systems involving database systems, distributed systems and the web". Her current research interests are in XML security and privacy constraint processing. She is part of a team at NSF setting directions for cyber security and data mining for counter-terrorism. She has published over 200 refereed conference papers and over 60 journal articles in secure data management and information technology. She is the inventor of three patents for MITRE on Database Inference Control. She has written 6 books on data management and data mining for technical managers and is currently writing a research text book on database and application security based on her work the past eighteen years. She serves (or has served) on editorial boards of journals including IEEE Transactions on Knowledge and Data Engineering and the Journal of Computer Security.
Maintained by Dina Goldin dqg AT cse.uconn.edu
Last updated on
09/17/03