SBU CSE690 / UIUC CS 591 MW2: Secure Data Management (Spring 2008)

SBU CSE690 / UIUC CS 591 MW2: Secure Data Management (Spring 2008)

Course description:

In this course we explore advanced secure data management systems and primitives. Students will find out how to design, build, and evaluate secure storage and information processing subsystems. Given its nature, the course will have no textbook but rather rely heavily on recently published research results. The course will assume a minimal understanding of basic cryptography, storage and database technologies. A basic crypto/security intro is to be part of the course -- as a nice and easy introduction to basic crypto and general security we recommend Practical Cryptography by Niels Ferguson and Bruce Schneier.

Selected included topics are:

Basic Cryptography Intro
Outsourcing of DM
Encryption File Systems
Database encryption/security
Regulatory compliance in DM
Secure data provenance
Trusted hardware

Instructors: Radu Sion (Stony Brook), Marianne Winslett (UIUC)
Times: WED 13:00-16:00 NY time (12:00-15:00 IL time)
Place: CSE1441 Conference Room (@ Stony Brook), 3124 Siebel Center (@ UIUC)
UIUC Audience Video: camera 1, camera 2, and camera3.
Mailing List: to be added to the mailing list, please email sion@cs.stonybrook.edu.
Real-time audio: to listen in to the audio of the lectures in real time, simply call with skype the id "NSAC Lab" (a maximum of 9 remote listeners can be accomodated)
Real-time presentation: check your email once you are on the mailing list.

Evaluation for Stony Brook Students (subject to change): The course will include a few written homeworks, one oral presentation of a research result and possibly a take home exam. In addition, you are expected to actively participate in class.

Note on credits towards graduation at Stony Brook: This course counts towards graduation for PhD students and MS students. For MS students there are two caveats: (i) only two from among 590,591,592 and 690 will count towards graduation credits, and (ii) if a student takes any of them twice then the topics covered in each course must be different.

Approximate summary of lectures:

01/31	Data Security: What is security ? Trust. Crypto crash course. (12:00 pm NY time today only !!!) Read: Encryption, Ciphers, PKI, crypto hashes, RNG, forward secrecy, Merkle tree, semantic security Slides: class01
02/06	Secure Hardware: IBM 4758, 4764, TPMs Read: TPM Reset Attack Read: Building the IBM 4758 Secure Coprocessor Read: Extracting a 3DES key from an IBM 4758 Optional: Evaluation Assurance Levels Optional: FIPS 140-2 Read: Trusted Platform Module Slides: class02
02/13	Data Provenance (invited talk: Ragib Hasan) Read: Why and Where: A Characterization of Data Provenance Read: Simmhan, Y. L., Plale, B., and Gannon, D. 2005. A survey of data provenance in e-science. [pdf], SIGMOD Rec. 34, 3 (Sep. 2005), 31-36. http://doi.acm.org/10.1145/1084805.1084812 Read: Kiran-Kumar Muniswamy-Reddy, David A. Holland, Uri Braun, and Margo Seltzer. Provenance-Aware Storage Systems. [pdf], In proceedings of the 2006 USENIX Annual Technical Conference, Boston, MA, June 2006. Read: Hasan, R., Sion, R., and Winslett, M. Introducing secure provenance: problems and challenges. [pdf] In Proceedings of the 2007 ACM Workshop on Storage Security and Survivability (Alexandria, Virginia, USA, October 29 - 29, 2007). StorageSS '07. ACM, New York, NY, 13-18. DOI= http://doi.acm.org/10.1145/1314313.1314318 Read: Wang Chiew Tan: Provenance in Databases: Past, Current, and Future. [pdf] IEEE Data Eng. Bull. 30(4): 3-12 (2007) Slides: class03.provenance
02/20	OS: Cryptographic File Systems Read (top 2): CFS: A Cryptographic File System for Unix, Linux journal article Read: TCFS: Transparent Cryptographic Filesystem, Linux journal article Optional: Cryptfs: A Stackable Vnode Level Encryption File System Optional: NCryptfs: A Secure and Convenient Cryptographic File System Read (top 2): eCryptfs: An Enterprise-class Cryptographic Filesystem for Linux, Design document of eCryptfs paper published in OLS conference, eCryptfs Linux journal article Read: EFS: Encrypting file system, Wiki, Microsoft Technet Slides: class04 Breaking News: Cold Boot Attacks on Disk Encryption
02/27	Secure Outsourcing of Data Management: Private Information Retrieval (invited lecture: Peter Williams) Read (top 2): On the Computational Practicality of Private Information Retrieval, NDSS 2007 Read (top 2): Usable PIR, NDSS 2008 Read: PIR Survey by William Gasarch (do not go into recursion unless you want to) Slides: class05.pir.1, class05.pir.2
03/05	Secure Outsourcing: confidentiality, correctness, relational data realms Read: Providing Database as a Service, ICDE 2002 Read (top 2): Executing SQL over Encrypted Data in the Database-Service-Provider Model, SIGMOD 2002 Read: GhostDB: Hiding Data from Prying Eyes, VLDB 2007 Read (top 2): Authentic Data Publication over the Internet, 2000 Slides: class06.sdo
03/12	Secure Outsourcing: continued Slides: class06.sdo
03/19	Spring Break
03/26	TBD
04/02	Regulatory Compliant Systems: WORM, Data Retention, Secure Deletion, Migration Read: Content Immutable Storage: Truly Trustworthy and Cost-Effective Storage for Electronic Records Read (top 2): WORM Storage on Magnetic Disks Using SnapLock Read: Sun StorageTek Compliance Archiving Slides: class07.worm.radu
04/09	Regulatory Compliant Systems: Indexing, Secure Deletion (invited talk: Soumyadeb Mitra) Read (top 2 too): Implementation of an Authenticated Dictionary with Skip Lists and Commutative Hashing Read (top 2): Trustworthy Keyword Search for Regulatory-Compliant Records Retention, VLDB 2006 Read (top 2): Fossilized index: the linchpin of trustworthy non-alterable electronic records, SIGMOD 2005 Slides: class08.worm.soumyadeb
04/16	Data Anonymization Techniques (Marianne Winslett) Read 1: P. Samarati. Protecting respondents. identities in microdata release. TKDE, 13(6):1010.1027, 2001 Read 2: N. Li, T. Li, and S. Venkatasubramanian. t-closeness: Privacy beyond k-anonymity and l-diversity. In ICDE, pages 106.115, 2007 Read: A. Machanavajjhala, J. Gehrke, D. Kifer, and M. Venkitasubramaniam. l-diversity: Privacy beyond k-anonymity. In ICDE, page 24, 2006 Read: L. Sweeney. k-anonymity: a model for protecting privacy. International Journal on Uncertainty, Fuzziness, and Knowlege-Based Systems, 10(5):557.570, 2002 Optional: D. Kifer and J. Gehrke. Injecting utility into anonymized datasets. In SIGMOD, pages 217.228, 2006 Slides: class09.anon
04/23	Digital Rights Management: Relational Databases Read: Watermarking Databases Slides: class10.wm

Note: Stony Brook has received $2.5 million [...] to provide scholarships to graduate and undergraduate majors in computer science that take on a program of study that specializes in information assurance. Each 2-year scholarship provides an average of $46K for undergrads and $56K for graduates. For details regarding the scholarship program and the application process, please see http://ccs.cs.sunysb.edu/sfs/.

Ethics:

Note: If you have a physical, psychological, medical or learning disability that may impact on your ability to carry out assigned course work, please contact the staff in the Disabled Student Services office (DSS), Room 133, Humanities, 632-6748v/TDD. DSS will review your concerns and determine with you what accommodations are necessary and appropriate. All information and documentation of disability are confidential.