|
The course will cover various topics in the area of security
for database systems and for advanced data management
systems, with special focus on access control policies and
mechanisms. A preliminary list of topics is the following:
* Data protection: basic concepts.
* Access control policies: discretionary access control
policies; mandatory access control policies; role-based
access control (RBAC); Chinese wall access control policies.
* Administration policies
* Access control in relational database systems: Grant
and Revoke statements; grant operation and delegation;
revoke operations recursive revocation with timestamps and
without timestamps; non-cascading revoke operations; views
and content-based authorization; RBAC.
* Advanced access control models: temporal authorization
models; temporal RBAC; the BFA model for workflow systems;
access control and integrity for XML data; the Author-X
system; XACML and SAML; access control for web services.
* Trust negotiation systems: preliminary concepts;
TrustBuilder; Trust-X.
For more information see http://www.cerias.purdue.edu/homes/bertino/cs590S.html
|
