Course description:
In this course we explore advanced secure data management systems and
primitives. Students will find out how to design, build, and evaluate secure
information processing subsystems. Given its nature, the course will have no
textbook but rather rely heavily on recently published research results. The
course will assume a minimal understanding of basic cryptography, storage
and database technologies. A basic crypto/security intro is to be part of
the course -- as a nice and easy introduction to basic crypto and general
security we recommend Practical Cryptography by Niels Ferguson and Bruce Schneier.
Selected included topics are:
- Basic Cryptography Intro
- Outsourcing of DM
- Encryption File Systems
- Database encryption/security
- Data Privacy
- Regulatory compliance in DM
- Secure data provenance
- Trusted hardware
Instructors: Radu Sion (Stony Brook), Marianne Winslett (UIUC)
Times: WED 12:50-14:20 NY time (11:50-13:20 IL time)
Place: CSE2311 Wireless Seminar Room (@ Stony Brook), 3124 Siebel Center (@ UIUC)
UIUC Audience Video: camera 1,
camera 2, and
camera3.
Mailing List: to be added to the mailing list, please email sion@cs.stonybrook.edu.
Real-time audio: to listen in to the audio of the lectures in real time, simply call with skype the id "NSAC Lab" (a maximum of 9 remote listeners can be accomodated)
Real-time presentation: check your email once you are on the mailing list.
Evaluation for Stony Brook Students (subject to change): The course will include
a few written homeworks, one oral presentation of a research result and possibly a take
home exam. In addition, you are expected to actively participate in class.
Note on credits towards graduation at Stony Brook: This course counts
towards graduation for PhD students and MS students. For MS students there
are two caveats: (i) only two from among 590,591,592 and 690 will count
towards graduation credits, and (ii) if a student takes any of them twice
then the topics covered in each course must be different.
|
Approximate summary of lectures:
09/02
|
Data Security: What is security ? Trust. Crypto crash course.
Read:
Encryption,
Ciphers,
PKI,
crypto hashes,
RNG,
forward secrecy,
Merkle tree,
semantic security
Slides: class01
|
09/09
|
Authentication: Biometrics and Security (invited talk by Prof. Stefan Katzenbeisser from TU Darmstadt)
Slides: biometrics intro,
face recognition with privacy
Read:
Biometrics
Papers (review one of these):
Privacy-Preserving Face Recognition ,
Practical Biometric Authentication with Template Protection.
|
09/16
|
Trustworthy Hardware: Part One
Optional: Evaluation Assurance Levels
Optional: FIPS 140-2
Read: Trusted Platform Module
Read: Smart Cards
Read (review this one): "Breaking Up Is Hard To Do: Modeling Security Threats for Smart Cards" (local copy here)
Slides: hardware tutorial (slides 1-35)
|
09/23
|
Trustworthy Hardware: Part Two
Read: Building the IBM 4758 Secure Coprocessor
Read (review this one): "vTPM: Virtualizing the Trusted Platform Module" (local copy here)
Optional: Extracting a 3DES key from an IBM 4758
Slides: hardware tutorial (slides 36-48)
|
09/30
|
Trustworthy Hardware: Part Three
View: TPM Reset Attack
Read: Cryptogram 9/09
Read:Cold Boot Attacks on Disk Encryption
Review: CFS: A Cryptographic File System for Unix,
Linux journal article
Slides: hardware tutorial (slides 49-)
|
10/07
|
Cryptographic File Systems
Review this one:
eCryptfs: An
Enterprise-class Cryptographic Filesystem for Linux
Optional:
Design
document of eCryptfs paper published in OLS conference,
eCryptfs
Linux journal article
Read:
TCFS:
Transparent Cryptographic Filesystem, Linux
journal article
Optional:
Cryptfs:
A Stackable Vnode Level Encryption File System
Optional:
NCryptfs:
A Secure and Convenient Cryptographic File System
Read:
EFS:
Encrypting file system,
Wiki,
Microsoft
Technet
Slides: class06
|
10/14
|
Cryptographic File Systems (continued)
Read: Block Cipher modes of operation
Review: Disk Wiping Controversy
Slides: class06
|
10/21
|
Regulatory Compliant Systems: WORM, Data Retention, Secure Deletion, Migration
Read: Content Immutable Storage: Truly Trustworthy and Cost-Effective Storage for Electronic Records
Review: WORM Storage on Magnetic Disks Using SnapLock
Read: Sun StorageTek Compliance Archiving
Slides: class07.worm
|
10/28
|
Secure Data Provenance: (invited talk by Dr. Ragib Hasan from Johns Hopkins)
Review: The Case of the Fake Picasso: Preventing History Forgery with Secure Provenance
Optional: Provenance-Aware Storage Systems
Optional: A survey of data provenance in e-science
Talk Video: video link
Slides: class08.provenance
|
11/04
|
Secure Outsourcing: confidentiality, correctness, relational data realms
Read: Providing Database as a Service, ICDE 2002
Review: Executing SQL over Encrypted Data in the Database-Service-Provider Model, SIGMOD 2002
Read: Cryptogram 10/09
Slides: class09
|
11/11
|
Exam: in-class, closed book, 90 minutes
|
11/18
|
Secure Outsourcing continued
Read: GhostDB: Hiding Data from Prying Eyes, VLDB 2007
Review: Authentic Data Publication over the Internet, 2000
Read: Cryptogram 11/09
Slides: class09
|
11/25
|
Thanksgiving Break
|
12/02
|
Data Anonymization Techniques (Marianne Winslett)
Review:
P. Samarati. Protecting respondents. identities in
microdata release. TKDE, 13(6):1010.1027, 2001
Read:
N. Li, T. Li, and S. Venkatasubramanian. t-closeness:
Privacy beyond k-anonymity and l-diversity. In ICDE,
pages 106.115, 2007
Optional:
A. Machanavajjhala, J. Gehrke, D. Kifer, and
M. Venkitasubramaniam. l-diversity: Privacy beyond
k-anonymity. In ICDE, page 24, 2006
Optional:
L. Sweeney. k-anonymity: a model for protecting privacy.
International Journal on Uncertainty, Fuzziness, and
Knowlege-Based Systems, 10(5):557.570, 2002
Optional:
D. Kifer and J. Gehrke. Injecting utility into anonymized
datasets. In SIGMOD, pages 217.228, 2006
Slides: class10.anon
|
12/09
|
Cloud Computing Security
Reference: CCSW 2009: The ACM Cloud Computing Security Workshop
Read: Cloud security is not (just) virtualization security: a short paper
(local copy is here)
Review:
Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Compute Clouds (local copy is here)
Slides: cgjmmss.pdf, csssz.pdf
|
|
Note: Stony Brook has received $2.5 million [...] to provide scholarships to graduate and undergraduate
majors in computer science that take on a program of study that specializes in information assurance.
Each 2-year scholarship provides an average of $46K for undergrads and
$56K for graduates. For details regarding the scholarship program and
the application process, please see http://ccs.cs.stonybrook.edu/sfs/.
Ethics:
Each student must pursue his or her academic goals honestly and be personally accountable for all submitted work.
Representing another person's work as your own is always wrong. Any suspected instance of academic dishonesty will
be reported to the Academic Judiciary. For more comprehensive information on academic integrity, including
categories of academic dishonesty, please refer to the academic judiciary website at
http://www.stonybrook.edu/uaa/academicjudiciary.
Adopted by the Undergraduate Council September 12, 2006.
Note:
If you have a physical, psychological, medical or learning disability that may impact your course work, please
contact Disablility Support Services office, 128 ECC Building (631) 632-6748. They will review your concerns and
determine, with you, what accommodations are necessary and appropriate. All information and documentation of
disability is confidential.
Students who require assistance during emergency evacuation are encouraged to discuss their needs with their
professors and Disability Support Services. For procedures and information go to the following web site:
http://www.ehs.stonybrook.edu and search Fire Safety and
Evacuation and Disabilities.
|
(C) 2005-09. All Rights Reserved.