17-08-2012, 03:50 PM
Current Trends in Data Security
current-trends.ppt (Size: 168 KB / Downloads: 50)
Data Security
Dorothy Denning, 1982:
Data Security is the science and study of methods of protecting data (...) from unauthorized disclosure and modification
Data Security = Confidentiality + Integrity
Traditional Data Security
Security in SQL = Access control + Views
Security in statistical databases = Theory
Summary of SQL Security
Limitations:
No row level access control
Table creator owns the data: that’s unfair !
Most policies in middleware: slow, error prone:
SAP has 10*4 tables
GTE over 10*5 attributes
A brokerage house has 80,000 applications
A US government entity thinks that it has 350K
Today the database is not at the center of the policy administration universe
Latanya Sweeney’s Finding
In Massachusetts, the Group Insurance Commission (GIC) is responsible for purchasing health insurance for state employees
GIC has to publish the data:
Research Topics in Data Security
Rest of the talk:
Information Leakage
Privacy
Fine-grained access control
Data encryption
Secure shared computation
current-trends.ppt (Size: 168 KB / Downloads: 50)
Data Security
Dorothy Denning, 1982:
Data Security is the science and study of methods of protecting data (...) from unauthorized disclosure and modification
Data Security = Confidentiality + Integrity
Traditional Data Security
Security in SQL = Access control + Views
Security in statistical databases = Theory
Summary of SQL Security
Limitations:
No row level access control
Table creator owns the data: that’s unfair !
Most policies in middleware: slow, error prone:
SAP has 10*4 tables
GTE over 10*5 attributes
A brokerage house has 80,000 applications
A US government entity thinks that it has 350K
Today the database is not at the center of the policy administration universe
Latanya Sweeney’s Finding
In Massachusetts, the Group Insurance Commission (GIC) is responsible for purchasing health insurance for state employees
GIC has to publish the data:
Research Topics in Data Security
Rest of the talk:
Information Leakage
Privacy
Fine-grained access control
Data encryption
Secure shared computation