Slide 1OutlineDevelopments in Data and Applications Security: 1975 - PresentDevelopments in Data and Applications Security: Multilevel Secure Databases - IDevelopments in Data and Applications Security: Multilevel Secure Databases - IISome Directions and Challenges for Data and Applications Security - ISome Directions and Challenges for Data and Applications Security - IICoalition Data and Policy SharingOther TopicsSemantic Web: OverviewLayered Architecture for Dependable Semantic WebRelationships between Dependability, Confidentiality, Privacy, TrustWhat is XML all about?Example XML DocumentSpecifying User Credentials in XMLSpecifying Security Policies in XMLRDFOntology MappingsRules ProcessingRule-Processing (Concluded)Semantic Web Database ManagementWeb ServicesWeb service architectureSecure Web Service ArchitectureExample Web ServiceInformation IntegrationDr. Bhavani ThuraisinghamJanuary 14, 2011Building Trustworthy Semantic WebsLecture #1: Introduction to Trustworthy Semantic Web12-201/14/19 08:59 Outline0Data and Applications Security -Developments and Directions0Secure Semantic Web-XML Security; Other directions0Some Emerging Secure DAS Technologies-Secure Sensor Information Management; Secure Dependable Information Management0Some Directions for Privacy Research -Data Mining for handling security problems; Privacy vs. National Security; Privacy Constraint Processing; Foundations of the Privacy Problem0What are the Challenges?12-301/14/19 08:59 Developments in Data and Applications Security: 1975 - Present0Access Control for Systems R and Ingres (mid 1970s)0Multilevel secure database systems (1980 – present)-Relational database systems: research prototypes and products; Distributed database systems: research prototypes and some operational systems; Object data systems; Inference problem and deductive database system; Transactions0Recent developments in Secure Data Management (1996 – Present)-Secure data warehousing, Role-based access control (RBAC); E-commerce; XML security and Secure Semantic Web; Data mining for intrusion detection and national security; Privacy; Dependable data management; Secure knowledge management and collaboration12-401/14/19 08:59 Developments in Data and Applications Security: Multilevel Secure Databases - I0Air Force Summer Study in 19820Early systems based on Integrity Lock approach0Systems in the mid to late 1980s, early 90s-E.g., Seaview by SRI, Lock Data Views by Honeywell, ASD and ASD Views by TRW-Prototypes and commercial products-Trusted Database Interpretation and Evaluation of Commercial Products0Secure Distributed Databases (late 80s to mid 90s)-Architectures; Algorithms and Prototype for distributed query processing; Simulation of distributed transaction management and concurrency control algorithms; Secure federated data management12-501/14/19 08:59 Developments in Data and Applications Security: Multilevel Secure Databases - II0Inference Problem (mid 80s to mid 90s)-Unsolvability of the inference problem; Security constraint processing during query, update and database design operations; Semantic models and conceptual structures0Secure Object Databases and Systems (late 80s to mid 90s)-Secure object models; Distributed object systems security; Object modeling for designing secure applications; Secure multimedia data management0Secure Transactions (1990s)-Single Level/ Multilevel Transactions; Secure recovery and commit protocols12-601/14/19 08:59 Some Directions and Challenges for Data and Applications Security - I0Secure semantic web -Security models0Secure Information Integration-How do you securely integrate numerous and heterogeneous data sources on the web and otherwise0Secure Sensor Information Management-Fusing and managing data/information from distributed and autonomous sensors0Secure Dependable Information Management-Integrating Security, Real-time Processing and Fault Tolerance0Data Sharing vs. Privacy-Federated database architectures?12-701/14/19 08:59 Some Directions and Challenges for Data and Applications Security - II0Data mining and knowledge discovery for intrusion detection-Need realistic models; real-time data mining0Secure knowledge management-Protect the assets and intellectual rights of an organization0Information assurance, Infrastructure protection, Access Control-Insider cyber-threat analysis, Protecting national databases, Role-based access control for emerging applications0Security for emerging applications-Geospatial, Biomedical, E-Commerce, etc. 0Other Directions-Trust and Economics, Trust Management/Negotiation, Secure Peer-to-peer computing,12-801/14/19 08:59 Coalition Data and Policy SharingExportData/PolicyComponentData/Policy for Agency AData/Policy for FederationExportData/PolicyComponentData/Policy for Agency CComponentData/Policy for Agency BExportData/Policy12-901/14/19 08:59 Other Topics0Secure Semantic Web0Secure Cloud Computing0Mobile code security0Vulnerability Analysis0Infrastructure security-Power grid0Healthcare Security0Financial Security12-1001/14/19 08:59 Semantic Web: Overview0According to Tim Berners Lee, The Semantic Web supports-Machine readable and understandable web pages-Enterprise application integration-Nodes and links that essentially form a very large databasePremise:Semantic Web Technologies = XML, RDF, Ontologies, RulesApplications: Web Database Management, Web Services, Information Integration12-1101/14/19 08:59 Layered Architecture for Dependable Semantic WebXML, XML SchemasRules/QueryLogic, Proof and TrustTRUSTOtherServicesRDF, OntologiesURI, UNICODEPRIVACY0Adapted from Tim Berners Lee’s description of the Semantic Web12-1201/14/19 08:59 Relationships between Dependability, Confidentiality, Privacy, TrustDependabilityConfidentialityPrivacyTrustDependability: Security, Privacy, Trust, Real-time Processing, Fault Tolerance; also sometimes referred to as “Trustworthiness”Confidentiality: Preventing the release of unauthorized information considered sensitivePrivacy: Preventing the release of unauthorized information about individuals considered sensitiveTrust: Confidence one has that an individual will give him/her correct information or an individual will protect sensitive information12-1301/14/19 08:59 What is XML all about?0XML is needed due to the limitations of HTML and complexities of SGML0It is an extensible markup language specified by the W3C