Data and Applications Security (CS 6348) 
 
     Time and Location :  F 10am-12:45pm@ECSS 2.306

     
         Instructor                            :   Murat Kantarcioglu
       Office Hours & Location Friday: 3pm to 4pm or by appointment on MS Teams.
 
 
       Teaching Assistant             :   Souvik Das ( souvikdas95@utdallas.edu)
                                                        Office Hour: Thur: 3pm to 5pm on MS Teams

                                                        Takemaru Kadoi (⁠txk220008@utdallas.edu)
                                                        Office Hour: Wed: 1pm to 3pm,  In person @ ECSS 3.221
       


  Prerequisites                      :   CS 5343
                       

 Grading:

       

  •   Homework   % 10 (4 homework, each worth 2.5%)
  •   Project          % 30 (Group project (4-5 students per group) that requires programming)
  •   Midterm       % 30
  •   Final             % 30 (All topics covered included)

 

 
  Course Topics: 

 The course will teach principles, technologies, tools and trends for data and applications security,  
 and data privacy. 

Learning outcomes:
  • Ability to understand and use basic cryptographic techniques and tools for data security
  • Ability to understand and use discretionary and mandatory access controls
  • Ability to understand and use integrity policies
  • Ability to understand and use database access control tools
  • Ability to understand and use defensive tools against common data management system cyber attacks
  • Ability to understand and use basic privacy-enhancing technologies.
  • Ability to understand and usable security and privacy policies and implement them for secure human computer interaction

         
           Textbook:   None.

 Course Outline:

01.20.23
  • Overview of the Data Security and Privacy
  • Design principles for Security
  • Access control basics
  • Reading:  Fred B. Schneider’s book chapter  (pdf)

01.27.23
  • Access Control Foundations
  • Reading: Fred B. Schneider’s book chapter (pdf)
  • Reading:  HRU paper (pdf)
  • Reading:  NIST Attribute Access Control Model (Till Section 3) (pdf)

02.03.23
  • Access control models

02.10.23
  •  Integrity/Hybrid Models

02.17.23
  • Basic Cryptography Overview
  • Authentication
  • Reading:  Fred B. Schneider’s book chapter (pdf)
  • Homework 1 is available on elearning.
  • Project Description is available on elearning

02.24.23
  • Database Security
  • Encrypted Data storage in Databases
  • Reading:  Please read the following overview paper (pdf)
  • Reading:  Intel Sgx Overview (link)  
  • Reading:  Please read the following tutorial from Microsoft Research (pdf)

03.03.23
  • Database Security Cont.

03.10.23
  • SQL and Code injection attacks
  • Reading: Please see the tutorial from Oracle.
  • Homework 2 is available on elearning.

03.17.22
  • Spring Break !!!

03.24.23
  • MIDTERM

03.31.23

04.07.23
  • Access control in distributed systems
  • Reading:  Please read the following overview paper
  • Homework 3 is available on elearning.

04.14.23
  • Introduction to Data Privacy
  • Reading: K-annonymity (pdf), l-diversity (pdf), differential-privacy (pdf),
  • privacy-preserving distributed data mining (pdf)

04.21.23
  • Introduction to Data Privacy cont.
  • Homework 4 is available on elearning

04.28.23
  • Introduction to Data Privacy cont.
05.05.23
  • Usable Data Security and Privacy

05.08.23
MONDAY
FINAL EXAM
  • Final EXAM
  • !!! 05.08.2023 !!! MONDAY !!! 11:00am to 1:45pm
  • LOCATION: ECSS 2.306