CSE 590DB: Database Seminar

Autumn 2003: Topics in Secure Data Management

Alon Halevy, Dan Suciu Tuesdays 1:30 - 2:20, EE1 037


Day Topic Readings Presenter
9/30 No meeting None
10/7 Introduction and overview; selection of presenters. Slides from intro talk Dan Suciu
10/14 Statistical Database Security
  • Adam, Wortmann. Security-control methods for statistical databases: a comparative study.
  • A survey of the main techniques for protecting against disclosure of confidential information in a statistical database: conceptual, query restriction, data perturbation, output perturbation.
  • Ashish
  • 10/21 Access Control
  • Bertino, Jajodia, Samarati. Database Security: Research and Practice. IS 20 (7) 1995.
  • Survey of access control models for relational databases including discretionary and mandatory access control models.
  • T. Yu, D. Srivastava, L. Lakshmanan, and H. Jagadish. Compressed Accessibility Map: Efficient Access Control for XML. VLDB 2002
  • Additional Reading:
    The XML Security Page
    XACML Specification (pdf)

  • Yana
  • Nilesh
  • 10/28 Multiparty Secure Computation
  • Pinkas. Cryptographic Techniques for Privacy-Preserving Data Mining. SIGKDD Explorations.
  • Survey paper of results in secure multi-party computation and their relevance to data mining.
  • Agrawal, Evfimievski, Srikant. Information Sharing Across Private Databases. SIGMOD 2003
  • Techniques for secure computation of set intersection and join using commutative encryption functions.
  • Jessica
  • Chris
  • 11/4 Database Service Provider Model
  • Song, Wagner, Perrig:Practical Techniques for Searches on Encrypted Data. IEEE Symposium on Security and Privacy 2000
  • Cryptographic techniques for secure search over list of values stored on untrusted server.
  • Hacigumus, Iyer, Li, Mehrotra.Executing SQL over encrypted data in the database-service-provider model. SIGMOD 2002
  • Techniques for query evaluation over an encrypted database stored on an untrusted server.
  • Valentin
  • Mike
  • 11/11 Crypto
  • Miklau, Suciu.Controlling Access to Published Data Using Cryptography. VLDB 2003
  • Martin Abadi and Phillip Rogaway. Reconciling two views of cryptography (The computational soundness of formal encryption). {IFIP} International Conference on Theoretical Computer Science. 2000
  • The first paper presents techniques for enforcing access control over published documents. The resulting encrypted documents are difficult to analyze using cryptographic techniques. The second paper contains some techniques related to this difficulty.
    11/18 Privacy
  • Alan Westin one-page article Wall Street Journal, April 2000.
  • Brief article summarizing survey results on individual attitudes about privacy.
  • Agrawal, Kiernan, Srikant, Xu.Hippocratic Databases. VLDB 2002
  • A proposal for a database system that respects the privacy of individuals who contribute data to the database. Includes a list of key properties and challenges of a Hippocratic database system.

    Additional readings:

  • L. Sweeney. Uniqueness of Simple Demographics in the U.S. Population, LIDAP-WP4. Carnegie Mellon University, Laboratory for International Data Privacy, Pittsburgh, PA: 2000.
  • Empirical study of census data attempting to extract information on individuals from aggregate values. Note: we couldn't get the paper.
  • Luke
  • Stebbi
  • 11/25 Privacy in Data Mining
  • Agrawal, Srikant.Privacy-Preserving Data Mining. SIGMOD 2000 : 439-450
  • Evfimievski, Srikant, Agrawal, Gehrke.Privacy preserving mining of association rules. KDD 2002
  • Luna
  • Igor
  • 12/2 Watermarking
  • Agrawal, Kiernan : Watermarking Relational Databases. VLDBJ 2003
  • Jayant
  • 12/9 Data Authenticity
  • Goodrich, Tamassia, Triandopoulos, Cohen. Authenticated Data Structures for Graph and Geometric SearchingTechnical Report 2001
  • Additional reading:

  • Prem Devanbu, Michael Gertz, Chip Martel, Stuart G. Stubblebine Authentic Third-party Data Publication IFIP Conference on Database Security, 2000.
  • Peter

  • Additional recommended readings:

    Seminar Description

    If you ever took a course in databases you probably don't remember the lecture on security. That's because it wasn't taught: security is the boring, shallow, and disposable chapter in the textbook, a topic that teachers skip, researchers ignore, and program committees reject. But today, this is changing. Data exchange on the Internet generates new and difficult security challenges: how to keep control over one's data or queries, while participating in a global exchange of data and services. Data sharing and data security seem to be conflicting requirements, and some researchers believe that unless they are reconciled and the security issues addressed, data sharing will be severily hindered.

    Recent work in the database community has produced some new and quite promising results, providing intriguing solutions to some apparently impossible tasks. While more research is sure to follow, this is a good time to take a close look at the recent developments. In this seminar we will cover research papers in database security, ranging from new topics, to old but little known ones.

    We will start by discussing the security of statistical databases. We will then cover (in some yet to be determined order): privacy preserving data mining, secure data sharing, access control and enforcing access control through encryption, watermarking for databases, private information retrieval, and database as a service. As with any emerging field, it is hard construct a global picture of all the on-going research, but we will try to get close to that goal.

    The first seminar (on October 7) will consists of a presentation given by us, followed by an organizational discussion. The following seminars will consist of paper presentations. Participants are expected to present one paper during the quarter, and to engage in the discussions.

    Please sign up for the course mailing list here. Send mail to that list at cse590db at cs

    Previous CSE 590DBs:

    UW Database Group Web

    Last modified Wednesday, 30-Oct-2002 12:18:30 PST