Data and Applications Security
Developments and Directions
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
Secure Knowledge Management:
and Web Security
November 21, 2011
Outline of the Unit
 Background on Knowledge Management
 Secure Knowledge Management
 Confidentiality, Privacy and Trust
 Integrated System
 Secure Knowledge Management Technologies
 Web Security
 Digital Libraries
 Directions
 Proceedings Secure Knowledge Management Workshop
- Secure Knowledge Management Workshop, Buffalo, NY,
September 2004
 Secure Knowledge Management
- Bertino, Khan, Sandhu and Thuraisingham
- IEEE Transactions on Systems man and Cybernetics
- This lecture is based on the above paper
What is Knowledge Management
 Knowledge management, or KM, is the process through which
organizations generate value from their intellectual property and
knowledge-based assets
 KM involves the creation, dissemination, and utilization of
 Reference:
Knowledge Management Components
Components of
Cycle and
Knowledge, Creation
Sharing, Measurement
And Improvement
Expert systems
Organizational Learning Process
Diffusion Tacit, Explicit
Reinhardt and Pawlowsky
Aspects of Secure Knowledge Management
 Protecting the intellectual property of an organization
 Access control including role-based access control
 Security for process/activity management and workflow
- Users must have certain credentials to carry out an activity
 Composing multiple security policies across organizations
 Security for knowledge management strategies and processes
 Risk management and economic tradeoffs
 Digital rights management and trust negotiation
SKM: Strategies, Processes, Metrics, Techniques
 Security Strategies:
- Policies and procedures for sharing data
- Protecting intellectual property
- Should be tightly integrated with business strategy
 Security processes
- Secure workflow
- Processes for contracting, purchasing, order
management, etc.
 Metrics
- What is impact of security on number of documents
published and other metrics gathered
 Techniques
Access control, Trust management
SKM: Strategies, Processes, Metrics, Techniques
A sp ects o f
S ecu re
K n o w led g e
o nem
en ts
enot f
S ecu rity
S trateg ies:
P o licies,
P lan s, an d
P ro ced u res
S ecu rity
P ro cesses:
P ro cesses fo r
W o rk flo w , O rd er
M an ag em en t,
C o n tractin g , - - -
T ech n o lo g ies:
P riv acy P reserv in g
D ata M in in g ,
S ecu re S em an tic
W eb
S ecu rity
S ecu rity
M etrics:
T ech n iq u es:
S ecu rity im p act o n
M etrics g ath ered
fo r d ata sh arin g
A ccess C o n tro l,
T ru st M an ag em en t,
Security Impact on
Organizational Learning Process
Diffusion Tacit, Explicit
What are the restrictions
On knowledge sharing
By incorporating security
Security Policy Issues for Knowledge
 Defining Policies during Knowledge Creation
 Representing policies during knowledge
 Enforcing policies during knowledge manipulation
and dissemination
Secure Knowledge Management Architecture
D efin e S ecu rity P o licies
K n o w ledg e
C reation and
A cq u isition
M an ag er
E n fo rce S ecu rity
P o licies fo r dissem in ation
K n o w ledg e
D issem in atio n
an d T ran sfer
M an ag er
R ep resen t S ecu rity P o licies
K n o w ledg e
R ep resen tatio n
M an ag er
E n fo rce S ecu rity
P o licies fo r access
K n o w ledg e
M anipu latio n
A n d S u stain m en t
M an ag er
SKM for Coalitions
 Organizations for federations and coalitions work together to
solve a problem
- Universities, Commercial corporation, Government
 Challenges is to share data/information and at the same time
ensure security and autonomy for the individual
 How can knowledge be shared across coalitions?
SKM Coalition Architecture
Knowledge for Coalition
Knowledge for
Agency A
Knowledge for
Agency C
Knowledge for
Agency B
SKM Technologies
 Data Mining
- Mining the information and determine resources without
violating security
 Secure Semantic Web
Secure knowledge sharing
 Secure Annotation Management
- Managing annotations about expertise and resources
 Secure content management
Markup technologies and related aspects for managing
 Secure multimedia information management
Directions for SKM
 We have identified high level aspects of SKM
- Strategies, Processes. Metrics, techniques, Technologies,
 Need to investigate security issues
RBAC, UCON, Trust etc.
 CS departments should collaborate with business schools on
KM and SKM
Web Security
 End-to-end security
- Need to secure the clients, servers, networks, operating
systems, transactions, data, and programming languages
- The various systems when put together have to be secure
Composable properties for security
 Access control rules, enforce security policies, auditing,
intrusion detection
 Verification and validation
 Security solutions proposed by W3C and OMG
 Java Security
 Firewalls
 Digital signatures and Message Digests, Cryptography
Attacks to Web Security
Se c u r ity
T h re a ts a nd
V io la tio ns
A c c e ss
C o ntro l
V io la tio ns
D e nia l o f
Se r v ic e /
I nf ra str uc tu re
A tta c k s
I nte g rity
V io la tio ns
Fr a u d
Sa b o ta g e
C o nf id e n tia lity
A uth e ntic a tio n
N on r e pu d ia tion
V io la tio ns
Secure Web Components
S ecu re
W eb
C o m p on en ts
S ecu re
S ervers
S ecu re
C lien ts
S ecu re
D atab ases
S ecu re
M id d lew a re
S ecu re
P ro to co ls
S ecu re
N etw o rks
E-Commerce Transactions
 E-commerce functions are carried out as transactions
- Banking and trading on the internet
- Each data transaction could contain many tasks
 Database transactions may be built on top of the data transaction
- Database transactions are needed for multiuser access to web
- Need to enforce concurrency control and recovery techniques
Types of Transaction Systems
 Stored Account Payment
- e.g., Credit and debit card transactions
- Electronic payment systems
- Examples: First Virtual, CyberCash, Secure Electronic Transaction
 Stored Value Payment
- Uses bearer certificates
- Modeled after hard cash
Goal is to replace hard cash with e-cash
- Examples: E-cash, Cybercoin, Smart cards
Building Database Transactions
Database Transaction Protocol
Payments Protocol
HTTP Protocol
Socket Protocol
TCP/IP Protocol
Secure Digital Libraries
 Digital libraries are e-libraries
- Several communities have developed digital libraries
Medical, Social, Library of Congress
 Components technologies
- Web data management, Multimedia, information retrieval,
indexing, browsing, -- -  Security has to be incorporated into all aspects
- Secure models for digital libraries, secure functions
Secure Web Databases
 Database access through the web
- JDBC and related technologies
 Query, indexing and transaction management
- E.g., New transaction models for E-commerce applications
- Index strategies for unstructured data
 Query languages and data models
- XML has become the standard document interchange language
 Managing XML databases on the web
- XML-QL, Extensions to XML, Query and Indexing strategies
 Integrating heterogeneous data sources on the web
- Information integration and ontologies are key aspects
 Mining the data on the web
- Web content, usage, structure and content mining
Directions for Web Security
 End-to-end security
- Secure networks, clients, servers, middleware
- Secure Web databases, agents, information retrieval
systems, browsers, search engines, - -  As technologies evolve, more security problems
- Data mining, intrusion detection, encryption are some of
the technologies for security
 Next steps
Secure semantic web, Secure knowledge management
- Building trusted applications from untrusted components

Example: Data Mining for the NBA