IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING,
VOL. 9,
NO. 5,
SEPTEMBER/OCTOBER 2012
625
Guest Editors’ Introduction: Special Section on Data and Applications Security and Privacy Elena Ferrari, Senior Member, IEEE, and Bhavani Thuraisingham, Fellow, IEEE
Ç
D
in information systems technologies over the past fifty years have resulted in computerizing many applications in various business areas. Data has become a critical resource in many organizations and therefore efficient access to data, sharing the data, extracting information from the data, and making use of the information have become urgent needs. As a result, there have been several efforts on integrating the various data sources scattered across several sites. Furthermore, the advent of the World Wide Web and, more recently, of Web 2.0 technologies, has enabled users to store, manage and share vast quantities of structured and unstructured data scattered around the world. Due to the explosion of the data, some of which may be sensitive or private, securing the data from unauthorized access or modification has become a critical need. Therefore, as newer data management technologies emerge, efforts for securing these technologies, as well as the applications that are hosted on them, have also increased a great deal. This has resulted in the emergence of a new field called Data and Applications Security and Privacy (DASPY) with special conferences devoted to this field. The early developments in DASPY in the 1970’s focused mainly on enforcing discretionary security policies for relational database systems. In the 1980’s attention shifted towards designing and developing multilevel secure database management systems for relational as well as object-oriented database systems. With the advent of the World Wide Web in the 1990’s, much of the developments during that decade focused on securing emerging data management systems such as data warehouses and multimedia data systems, as well as applications such as e-commerce and workflow. The focus was not only on securing data, but also on securing information and knowledge. Various access control models as well as trust models emerged during this period. A comprehensive overview of the early developments has been given in [1]. A special issue devoted to these early developments, especially on multilevel secure database systems, was published in 1996 [2]. EVELOPMENTS
. E. Ferrari is with the Department of Theoretical and Applied Science, University of Insubria, Via Mazzini, 5, 21100 Varese, Italy. E-mail:
[email protected]. . B. Thuraisingham is with the Department of Computer Science, Erik Jonsson School of Engineering and Computer Science, The University of Texas at Dallas, 800 West Campbell Rd., PO Box 830688, EC 31, Richardson, TX 75083-0688. E-mail:
[email protected]. For information on obtaining reprints of this paper, please send e-mail to:
[email protected]. 1545-5971/12/$31.00 ß 2012 IEEE
During the past decade, with the explosion of web technologies such as social networks and semantic web, as well as analysis technologies such as data mining and machine learning, ensuring the privacy of individual has become a critical need. For example, one could infer highly sensitive and private information from the various websites and social networks, or one could also extract such information by applying today’s available sophisticated data mining tools. Much of the focus during this period included designing privacy-preserving data mining algorithms, securing social networks, and developing privacyaware access control models and DBMSs. Semantic web technologies have been utilized to represent and reason about the various confidentiality, privacy and trust policies. Some of the developments, especially in access control models, have been reported in [3]. A special issue on the emerging privacy-preserving data mining algorithms was published in 2007 [4]. Due to some of the major breakthroughs over the past five years in securing various types of data and application systems as well as ensuring the privacy of individuals, we decided to publish this special issue. It consists of four papers that reflect some of these recent developments. The first paper titled: “Privacy Preserving Enforcement of Spatially Aware RBAC,” by M.S. Kirkpatrick, G. Ghinita and E. Bertino, focuses on protecting the location of mobile users and subsequently ensuring the privacy of these individuals. The authors state that some of the current geospatial security models do not protect the location of the individuals due to the fact that the service providers are not trusted. They then describe cryptographic protocols that address this limitation. The second paper titled “Query Profile Obfuscation by Means of Optimal Query Exchange between Users,” by D. Rebollo-Monedero, J. Forne´, and J. Domingo-Ferrer, focuses on protecting the profiles of web users. The authors state that it is possible to identify the users from their query profiles. They then propose a method where multiple users may collaborate and decide the types of queries to pose to minimize the disclosure of their identities. The third paper titled “Constraint-Aware Role Mining via Extended Boolean Matrix Decomposition,” by H. Lu, J. Vaidya, V. Atluri, and Y. Hong, describes novel techniques for role mining. The authors state that current approaches including Boolean Matrix Composition do not take into consideration aspects such as separation of duty. They describe techniques for enhancing Boolean Matrix Composition to take such constraints into consideration. The fourth paper titled “Access Control with Privacy Enhancements a Unified Approach,” by S. Barker and V. Genovese, Published by the IEEE Computer Society
626
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING,
describes a framework based on logic that can unify the specification of both access control and privacy policies. This enables a unified approach to represent and reason about security and privacy policies. We hope that this special issue will spawn new ideas, concepts and solutions for next generation DASPY systems. We would like to dedicate this special issue to the late Dr. Steve Barker, the coauthor of the fourth paper, who passed away in January 2012. Steve has been a major contributor of DASPY for the past fifteen years and will be sadly missed by the DASPY community.
Elena Ferrari Bhavani Thuraisingham Guest Editors
REFERENCES [1] [2] [3] [4]
B. Thuraisingham, Database and Applications Security: Integrating Information Security and Data Management, Taylor and Francis (Auerbach), 2005. IEEE Trans. Knowledge and Data Engineering, special issue on database security, B. Thuraisingham and T.C. Ting eds., vol. 8, no. 1, Feb. 1996. E. Ferrari, Access Control in Data Management Systems: Synthesis Lectures on Data Management, Morgan & Claypool, pp. 179-195, May 2010. Int’l J. Very Large Data Bases, special issue on privacy preserving data management, E. Ferrari and B. Thuraisingham eds., vol. 15, no. 4, pp. 23-33, 2006.
Elena Ferrari is a full professor of computer science at the University of Insubria, Italy and scientific director of the K&SM Research Center. Her research activities are related to various aspects of data management, including access control, privacy and trust, secure social networks, secure cloud computing and emergency management, secure semantic web, multimedia databases. On these topics she has published more than 170 scientific publications in international journals and conference proceedings. In 2009, she received the IEEE Computer Society’s prestigious Technical Achievement Award for outstanding and innovative contributions to secure data management. In 2011, she was named ACM Distinguished Scientist. Dr. Ferrari gave several invited lectures and tutorials in Italian and foreign universities as well as on international conferences and workshops. She has served as program chair of the 4th ACM Symposium on Access Control Models and Technologies (SACMAT ’04), software demonstration chair of the 9th International Conference on Extending Database Technology (EDBT ’04), cochair of the third IFIP WG 11.11 International Conference on Trust Management, 2009, the first and second ACM SIGKDD International Workshop on Privacy, Security, and Trust in KDD, 2008/ 2009, and the first COMPSAC ’02 Workshop on Web Security and Semantic Web. She has also served as program committee member of leading international conferences on data management. Professor Ferrari is on the editorial board of the IEEE Transactions on Knowledge and Data Engineering, the IEEE Transactions on Dependable and Secure Computing, the Transactions on Data Privacy, and the International Journal of Information Technology (IJIT). She is a distinguished member of ACM and senior member of IEEE. Elena Ferrari received her MS degree in computer science from the University of Milano (Italy) in 1992, and a PhD in computer science from the same university in 1998. From 1998 until January 2001, she has been an assistant professor in the Department of Computer Science of the University of Milano (Italy).
VOL. 9, NO. 5,
SEPTEMBER/OCTOBER 2012
Bhavani Thuraisingham is the Louis A. Beecherl, Jr. I Distinguished Professor at the Erik Jonsson School of Engineering and Computer Science at The University of Texas at Dallas (UTD) and the executive director of UTD’s Cyber Security Research and Education Center. She is an elected fellow of several organizations including the IEEE (Institute for Electrical and Electronics Engineers, 2002), the AAAS (American Association for the Advancement of Science, 2003), the BCS (British Computer Society, 2005), and SPDS (Society for Design and Process Science, a society that promotes transdisciplinary research 2011). She is the recipient of numerous awards including (1) the IEEE Computer Society’s 1997 Technical Achievement Award for outstanding and innovative contributions to secure data management, (2) the 2010 Research Leadership Award for Outstanding and Sustained Leadership Contributions to the Field of Intelligence and Security Informatics presented jointly by the IEEE Intelligent and Transportation Systems Society Technical Committee on Intelligence and Security Informatics in Transportation Systems and the IEEE Systems, Man and Cybernetics Society Technical Committee on Homeland Security, (3) the 2010 ACM SIGSAC (Association for Computing Machinery, Special Interest Group on Security, Audit and Control) Outstanding Contributions Award for seminal research contributions and leadership in data and applications security for over 25 years, (4) the 2011 AFCEA (Armed Forces Communications and Electronics Association) Medal of Merit for Sustained Professional Excellence in Communications, Electronics, Intelligence and Information Systems and Service to the Association and (5) the SDPS 2012 Transformative Achievement Award for Transdisciplinary Research. She is a distinguished scientist of ACM, was an IEEE distinguished lecturer between 2002 and 2005, and was also featured by Silicon India magazine as one of the seven leading technology innovators of South Asian origin in the USA in 2002. She received the prestigious earned higher doctorate degree of doctor of engineering from the University of Bristol England for her thesis consisting of her published works on secure dependable data management in July 2011. Prior to joining UTD in October 2004, Dr. Bhavani was an IPA (Intergovernmental Personnel Act) at the US National Science Foundation (NSF) in Arlington, Virginia, from the MITRE Corporation for three years. At NSF, she established the Data and Applications Security Program and cofounded the Cyber Trust theme and was involved in interagency activities in data mining for counter-terrorism. She worked at MITRE in Bedford, Massachusetts between January 1989 and September 2001, conducting research, development, technology transfer and department management activities in secure data management, real-time middleware and data mining. Prior to that she worked in the commercial industry for six years first at Control Data Corporation developing the CDCNET product and later at Honeywell Inc. on research, development, and technology transfer. Her work has resulted in over 120 journal articles, over 200 refereed conference papers and workshops, and five US patents (two pending). She is the author of twelve books in data management, data mining and data security and has given over 100 keynote presentations at various technical conferences including at the White House Office of Science and Technology Policy and at the United Nations on Data Mining for counter-terrorism. She serves (or has served) on editorial boards of leading research and industry journals including several IEEE and ACM Transactions. Dr. Bhavani is the founding president of Bhavani Security Consulting, LLC, a company providing services in consulting and training in Cyber Security and Information Technology to the US Government. She is also the founder of Knowledge and Security Analytics, LLC, a spin-off company from UTD developing tools in assured information sharing and Malware Detection.
. For more information on this or any other computing topic, please visit our Digital Library at www.computer.org/publications/dlib.
