Digital ForensicsOutlineDevelopments in Data and Applications Security: 1975 - PresentDevelopments in Data and Applications Security: Multilevel Secure Databases - IDevelopments in Data and Applications Security: Multilevel Secure Databases - IISome Directions and Challenges for Data and Applications Security - ISome Directions and Challenges for Data and Applications Security - IIEmerging Technologies in Data and Applications SecurityDigital Identity ManagementDigital Identity Management - IIIdentity Theft ManagementSteganography and Digital WatermarkingSteganography and Digital Watermarking - IIRisk AnalysisEconomics AnalysisSecure Electronic Voting MachinesBiometricsDigital ForensicsDigital Forensics - IIInformation Sharing between Trustworthy, Semi- trustworthy and Untrustworthy PartnersDigital ForensicsDr. Bhavani ThuraisinghamThe University of Texas at DallasLecture #1Introduction to Data and Applications Security and Digital ForensicsAugust 20, 2007OutlineData and Applications Security -Developments and DirectionsSome Emerging Technologies-Digital watermarking, Biometrics, Digital Forensics, - - -Developments in Data and Applications Security: 1975 - PresentAccess Control for Systems R and Ingres (mid 1970s)Multilevel secure database systems (1980 – present)-Relational database systems: research prototypes and products; Distributed database systems: research prototypes and some operational systems; Object data systems; Inference problem and deductive database system; TransactionsRecent developments in Secure Data Management (1996 – Present)-Secure data warehousing, Role-based access control (RBAC); E-commerce; XML security and Secure Semantic Web; Data mining for intrusion detection and national security; Privacy; Dependable data management; Secure knowledge management and collaboration; emerging technologies such as biometrics and digital forensicsDevelopments in Data and Applications Security: Multilevel Secure Databases - IAir Force Summer Study in 1982Early systems based on Integrity Lock approachSystems in the mid to late 1980s, early 90s-E.g., Seaview by SRI, Lock Data Views by Honeywell, ASD and ASD Views by TRW-Prototypes and commercial products-Trusted Database Interpretation and Evaluation of Commercial ProductsSecure Distributed Databases (late 80s to mid 90s)-Architectures; Algorithms and Prototype for distributed query processing; Simulation of distributed transaction management and concurrency control algorithms; Secure federated data managementDevelopments in Data and Applications Security: Multilevel Secure Databases - IIInference Problem (mid 80s to mid 90s)-Unsolvability of the inference problem; Security constraint processing during query, update and database design operations; Semantic models and conceptual structuresSecure Object Databases and Systems (late 80s to mid 90s)-Secure object models; Distributed object systems security; Object modeling for designing secure applications; Secure multimedia data managementSecure Transactions (1990s)-Single Level/ Multilevel Transactions; Secure recovery and commit protocolsSome Directions and Challenges for Data and Applications Security - ISecure semantic web -Security modelsSecure Information Integration-How do you securely integrate numerous and heterogeneous data sources on the web and otherwiseSecure Sensor Information Management-Fusing and managing data/information from distributed and autonomous sensorsSecure Dependable Information Management-Integrating Security, Real-time Processing and Fault ToleranceData Sharing vs. Privacy-Federated database architectures?Some Directions and Challenges for Data and Applications Security - IIData mining and knowledge discovery for intrusion detection-Need realistic models; real-time data miningSecure knowledge management-Protect the assets and intellectual rights of an organizationInformation assurance, Infrastructure protection, Access Control-Insider cyber-threat analysis, Protecting national databases, Role-based access control for emerging applicationsSecurity for emerging applications-Geospatial, Biomedical, E-Commerce, etc. Other Directions-Trust and Economics, Trust Management/Negotiation, Secure Peer-to-peer computing, Emerging technologies such as digital forensicsEmerging Technologies in Data and Applications SecurityDigital Identity ManagementIdentity Theft ManagementDigital WatermarkingRisk AnalysisEconomic AnalysisSecure Electronic Voting MachinesBiometricsDigital ForensicsDigital Identity ManagementDigital identity is the identity that a user has to access an electronic resourceA person could have multiple identities -A physician could have an identity to access medical resources and another to access his bank accountsDigital identity management is about managing the multiple identities-Manage databases that store and retrieve identities-Resolve conflicts and heterogeneity-Make associations-Provide securityOntology management for identity management is an emerging research areaDigital Identity Management - IIFederated Identity Management-Corporations work with each other across organizational boundaries with the concept of federated identity-Each corporation has its own identity and may belong to multiple federations-Individual identity management within an organization and federated identity management across organizationsTechnologies for identity management-Database management, data mining, ontology management, federated computingIdentity Theft ManagementNeed for secure identity management-Ease the burden of managing numerous identities-Prevent misuse of identity: preventing identity theftIdentity theft is stealing another person’s digital identityTechniques for preventing identity thefts include-Access control, Encryption, Digital Signatures-A merchant encrypts the data and signs with the public key of the recipient-Recipient decrypts with his private keySteganography and Digital WatermarkingSteganography is about hiding information within other information-E.g., hidden information is the message that terrorist may be sending to their pees in different parts of the worlds-Information may be hidden in valid texts, images, films etc.-Difficult to be detected by the unsuspecting human Steganalysis is about developing techniques that can analyze text, images, video and detect hidden
View Full Document
Unlocking...