Day |
Topic |
Readings |
Presenter |
9/30 |
No meeting |
None
|
10/7 |
Introduction and overview; selection of presenters. Slides from intro talk |
Dan Suciu
|
10/14 |
Statistical Database Security |
Adam, Wortmann. Security-control methods for statistical databases: a comparative
study.
A survey of the main techniques for protecting against disclosure of confidential information in a statistical database: conceptual, query restriction, data perturbation, output perturbation. |
Ashish |
10/21 |
Access Control |
Bertino, Jajodia, Samarati. Database Security: Research and Practice. IS 20 (7) 1995.
Survey of access control models for relational databases including discretionary and mandatory access control models.
T. Yu, D. Srivastava, L. Lakshmanan, and H. Jagadish. Compressed Accessibility
Map: Efficient Access Control for XML. VLDB 2002
Additional Reading:
The XML Security Page
XACML Specification (pdf)
|
YanaNilesh |
10/28 |
Multiparty Secure Computation |
Pinkas. Cryptographic Techniques for Privacy-Preserving Data Mining. SIGKDD Explorations.
Survey paper of results in secure multi-party computation and their relevance to data mining.
Agrawal, Evfimievski, Srikant. Information Sharing Across Private Databases. SIGMOD 2003
Techniques for secure computation of set intersection and join using commutative encryption functions.
|
JessicaChris |
11/4 |
Database Service Provider Model |
Song, Wagner, Perrig:Practical Techniques for Searches on Encrypted Data. IEEE Symposium on Security and Privacy 2000
Cryptographic techniques for secure search over list of values stored on untrusted server.
Hacigumus, Iyer, Li, Mehrotra.Executing SQL over encrypted data in the database-service-provider model. SIGMOD 2002Techniques for query evaluation over an encrypted database stored on an untrusted server.
|
ValentinMike |
11/11 |
Crypto |
Miklau, Suciu.Controlling Access to Published Data Using Cryptography. VLDB 2003
Martin Abadi and Phillip Rogaway. Reconciling two views of cryptography (The computational soundness of formal encryption). {IFIP} International Conference on Theoretical Computer Science. 2000
The first paper presents techniques for enforcing access control over published documents. The resulting encrypted documents are difficult to analyze using cryptographic techniques. The second paper contains some techniques related to this difficulty.
|
Gerome |
11/18 |
Privacy |
Alan Westin one-page article Wall Street Journal, April 2000. Brief article summarizing survey results on individual attitudes about privacy.
Agrawal, Kiernan, Srikant, Xu.Hippocratic
Databases. VLDB 2002
A proposal for a database system that respects the privacy of
individuals who contribute data to the database. Includes a list of
key properties and challenges of a Hippocratic database system.
Additional readings:
L. Sweeney. Uniqueness of Simple Demographics in the U.S. Population, LIDAP-WP4. Carnegie Mellon University, Laboratory for International Data Privacy, Pittsburgh, PA: 2000.
Empirical study of census data attempting to extract information on
individuals from aggregate values. Note: we couldn't get the paper.
|
LukeStebbi |
11/25 |
Privacy in Data Mining |
Agrawal, Srikant.Privacy-Preserving Data Mining. SIGMOD 2000 : 439-450
Evfimievski, Srikant, Agrawal, Gehrke.Privacy preserving mining of association rules. KDD 2002
|
LunaIgor |
12/2 |
Watermarking |
Agrawal, Kiernan : Watermarking Relational Databases. VLDBJ 2003
|
Jayant |
12/9 |
Data Authenticity |
Goodrich, Tamassia, Triandopoulos, Cohen. Authenticated Data Structures for Graph and Geometric SearchingTechnical Report 2001
Additional reading:
Prem Devanbu, Michael Gertz, Chip Martel, Stuart G. Stubblebine Authentic Third-party Data Publication IFIP Conference on Database Security, 2000.
|
Peter |
Recent work in the database community has produced some new and quite
promising results, providing intriguing solutions to some apparently
impossible tasks. While more research is sure to follow, this is a
good time to take a close look at the recent developments. In this
seminar we will cover research papers in database security, ranging
from new topics, to old but little known ones.
We will start by discussing the security of statistical databases. We
will then cover (in some yet to be determined order): privacy
preserving data mining, secure data sharing, access control and
enforcing access control through encryption, watermarking for
databases, private information retrieval, and database as a service.
As with any emerging field, it is hard construct a global picture of
all the on-going research, but we will try to get close to that goal.
The first seminar (on October 7) will consists of a presentation given
by us, followed by an organizational discussion. The following
seminars will consist of paper presentations. Participants are
expected to present one paper during the quarter, and to engage in the
discussions.