Integrating data from multiple sources has been a longstanding challenge in the database community. Techniques such as privacy-preserving data mining promises privacy,but assume data has integration has been accomplished. Data integration methods are seriously hampered by inability to share the data to be integrated. This paper lays out a privacy framework for data integration. Challenges for data integration in the context of this framework are discussed,in the context of existing accomplishments in data integration. Many of these challenges are opportunities for the data mining community

The Defense Science Study Group (DSSG) is a 2-year educational program, sponsored by the Defense Advanced Research Projects Agency (DARPA), designed to introduce outstanding young professors of science and engineering to the defense community and to current national security issues.  The program has two basic components.  The first focuses on group activities and provides a broad introduction to the defense community.  This is achieved through a series of briefings by senior military and civilian officials and through visits to Joint Commands, industrial facilities, and military installations.  During the second component members are provided the opportunity to personalize the DSSG experience by selecting a specific area of interest, preferably outside their area of acedemic specialization, and spending about 2 weeks reviewing DoD activities in that area.  This is done during the June and August sessions of the program’s second year.  The June session is held in Washington, and the members interact with IDA and DARPA staff as well as with military and civilians throughout DoD.  The August session is held at Los Alamos National Laboratory where the members interact with laboratory staff and prepare brief reviews of their subject areas.  In November, the final session of the program, members brief their study results to the other members and mentors of the program. This report contains the unclassified papers of the eighth DSSG class, which met during 2002-2003.  Again, each paper is brief, informal review of an area of specific interest to the participant.  It primary purpose is to enable the authors to determine defense comunity interests in the selected area and to begin to make contact with apropriate individuals within that community.  All of the papers are unclassified.  The reports were reviewed and organized by Dr. Phillip Gould, Director of DSSG program, and Ms. Karen L. Olson, DSSG Administrator.

This research endeavor explores four biometric technologies and their potential usage in the tourism and hospitality industry.  This paper begins with a review of viable biometric technologies and continues with a discussion of their potential applications to tourism and hospitality businesses.  Various tourism and hospitality scenarios in which biometrics can be used are explored.  The article concludes with a discussion on the need for additional research on consumer perceptions to assist in answering questions regarding the social and business impact of biometric technologies in tourism and hospitality.

In this paper we analyze the requirements access control mechanisms must fulfill in the context of group communication and define a framework for supporting fine-grained access control in client-server group communication systems. Our framework combines rolebased access control mechanisms with environment parameters (time, IP address, etc.) to provide support for a wide range of applications with very different requirements. While the access control policy is defined by the application, its efficient enforcement is performed by the group communication system.

Large repositories of data contain sensitive information that must be protected against unauthorized access. The protection of the confidentiality of this information has been a long-term goal for the database security research community and for the government statistical agencies. Recent advances in data mining and machine learning algorithms have increased the disclosure risks that one may encounter when releasing data to outside parties. A key problem, and still not sufficiently investigated, is the need to balance the confidentiality of the disclosed data with the legitimate needs of the data users. Every disclosure limitation method affects, in some way, and modifies true data values and relationships. In this paper, we investigate confidentiality issues of a broad category of rules, the association rules. In particular, we present three strategies and five algorithms for hiding a group of association rules, which is characterized as sensitive. One rule is characterized as sensitive if its disclosure risk is above a certain privacy threshold. Sometimes, sensitive rules should not be disclosed to the public since, among other things, they may be used for inferring sensitive data, or they may provide business competitors with an advantage. We also perform an evaluation study of the hiding algorithms in order to analyze their time complexity and the impact that they have in the original database.

Document security in XML-based Web services has become increasingly important for managing secure business transactions over the Web. The authors propose an XML-based access control specification language to address this security challenge.

In this paper, we present Trust-X, a comprehensive XML-based [12] framework for trust negotiations, specifically conceived for a peer-to-peer environment. Trust negotiation is a promising approach for establishing trust in open systems like the Internet, where sensitive interactions may often occur between entities at first contact, with no prior knowledge of each other. The framework we propose takes into account all aspects related to negotiations, from the specification of the profiles and policies of the involved parties to the selection of the best strategy to succeed in the negotiation. Trust-X presents a number of innovative features, such as the support for protection of sensitive policies, the use of trust tickets to speed up the negotiation, and the support of different strategies to carry on a negotiation. In this paper, besides presenting the language to encode security information, we present the system architecture and algorithms according to which negotiations can take place.

UDDI registries are today the standard way of publishing information on web services. They can be thought of as a structured repository of information that can be queried by clients to find the web services that better fit they needs. Even if, at the beginning, UDDI has been mainly conceived as a public registry without specific facilities for security, today security issues are becoming more and more crucial, due to the fact that data published in UDDI registries may be highly strategic and sensitive. In this paper, we focus on authenticity issues, by proposing a method, based on Merkle Hash Trees, which does not require the party managing the UDDI to be trusted wrt authenticity. In the paper, besides giving all the details of the proposed solution, we show its benefit wrt standard digital signature techniques.

Trust negotiation is a promising approach for establishing trust in open systems such as the Internet, where sensitive interactions sometimes occur among entities with no prior knowledge of each other. The authors provide a model for trust negotiation systems and delineate the features of ideal trust negotiation systems.

Third-party architectures for data publishing over the Internet today are receiving growing attention, due to their scalability properties and to the ability of efficiently managing large number of subjects and great amount of data. In a third-party architecture, there is a distinction between the Owner and the Publisher of information. The Owner is the producer of information, whereas Publishers are responsible for managing (a portion of) the Owner information and for answering subject queries. A relevant issue in this architecture is how the Owner can ensure a secure and selective publishing of its data, even if the data are managed by a third-party, which can prune some of the nodes of the original document on the basis of subject queries and access control policies. An approach can be that of requiring the Publisher to be trusted with regard to the considered security properties. However, the serious drawback of this solution is that large Web-based systems cannot be easily verified to be secure and can be easily penetrated. For these reasons, in this paper, we propose an alternative approach, based on the use of digital signature techniques, which does not require the Publisher to be trusted. The security properties we consider are authenticity and completeness of a query response, where completeness is intended with regard to the access control policies stated by the information Owner. In particular, we show that, by embedding in the query response one digital signature generated by the Owner and some hash values, a subject is able to locally verify the authenticity of a query response. Moreover, we present an approach that, for a wide range of queries, allows a subject to verify the completeness of query results.

The heterogeneous nature and independent administration of geographically dispersed resources in Grid, demand the need for access control using fine-grained policies. In this paper, we investigate the problem of fine-grained access control in the context of resource allocation in Grid, as we believe it is the first and key step in developing access control methods specifically tailored for Grid systems. To perform this access control, we design a security component (to be part of a meta-scheduler service) that finds the list of nodes where a user is authorized to run his/her jobs. The security component is designed in an effort to reduce the number of rules that need to be evaluated for each user request. We believe such a fine-grained policy-based access control would help the adoption of Grid to a higher extent into new avenues such as Desktop Grids, as the resource owners are given higher flexibility in controlling access to their resources. Similarly, Grid users get a higher flexibility in choosing the resources in which their jobs must execute.

We develop a framework for specifying and reasoning about policies for sharing resources in coalitions, focussing here on a particular, common type of contract in which coalition members agree to make available some total amount of specified resource over a given time period. The main part of the framework is a policy language with two basic elements:

A key challenge in Web services security is the design of effective access control schemes that can adequately meet the unique security challenges posed by the Web services paradigm. Despite the recent advances in Web based access control approaches applicable to Web services, there remain issues that impede the development of effective access control models for Web services environment. Amongst them are the lack of context-aware models for access control, and reliance on identity or capability-based access control schemes. In this paper, we motivate the design of an access control scheme that addresses these issues, and propose an extended, trust-enhanced version of our XML-based Role Based Access Control (X-RBAC) framework that incorporates context-based access control. We outline the configuration mechanism needed to apply our model to the Web services environment, and also describe the implementation architecture for the system.

Trust negotiation is a promising approach for establishing trust in open systems, where sensitive interactions may often occur between entities with no prior knowledge of each other.  Although several proposals today exist of systems for the mannagement of trust negotiation none of them address in a comprehensive way the problem of privacy preservation.  Privacy is today one of the major concerns of users exchanging information through the Web and thus we believe that trust negotiation systems must effectively address privacy issuesto be widely acceptable.  For these reasons, in this paper we investigate privacyin the context of trust negotiations.  More precisely, we propise a set of privacy preserving features to be included in any trust negotiation system, such as the support for the P3P standard, as well as different formats to encode credentials.

Software vulnerabilities exist and will continue to do so. Every week, a new vulnerability gains popular attention, is discussed at length in mailing lists, and hopefully gets patched by the vendor before exploits and attack tools start appearing. But there is little evidence that we are learning from our mistakes. Sharing of vulnerability information through public databases has been possible for quite sometime now. If it is not lack of information, what is it that is preventing us from learning from our past? Are there any lessons to be learned at all? A good start towards answering such questions would be to analyze vulnerabilities in widely deployed, critical but buggy software artifacts. In this paper, we look at vulnerabilities in five such software artifacts and examine two of their attributes. Among other statistics, our analysis suggests that the discovery of a vulnerability in a software artifact may influence the discovery of more vulnerabilities of the same type in that artifact. Thus, there may be some learning occurring, but it is by the penetration community rather than the software engineers. This paper argues that measuring vulnerability occurrences may have predictive value and that this concept of retrospective metric is an interesting approach to expressing assurance.