| NSF Org: |
IIS Division of Information & Intelligent Systems |
| Recipient: |
|
| Initial Amendment Date: | June 24, 2003 |
| Latest Amendment Date: | September 27, 2005 |
| Award Number: | 0242414 |
| Award Instrument: | Continuing Grant |
| Program Manager: |
Gia-Loi Le Gruenwald
IIS Division of Information & Intelligent Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | July 1, 2003 |
| End Date: | June 30, 2007 (Estimated) |
| Total Intended Award Amount: | $240,000.00 |
| Total Awarded Amount to Date: | $240,000.00 |
| Funds Obligated to Date: |
FY 2004 = $80,000.00 FY 2005 = $80,000.00 |
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
1850 RESEARCH PARK DR STE 300 DAVIS CA US 95618-6153 (530)754-7700 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
1850 RESEARCH PARK DR STE 300 DAVIS CA US 95618-6153 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | DATA AND APPLICATIONS SECURITY |
| Primary Program Source: |
app-0104 app-0105 |
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
Many of today's mission critical databases have not been designed with a particular focus on security aspects such as integrity, confidentiality, and availability. Even if security mechanisms have been used during the initial design, these mechanisms are often outdated due to new requirements and applications, and do not reflect current security polices, thus leaving ways for insider misuse and intrusion. The proposed research is concerned with analyzing various security aspects of mission critical (relational)databases that are embedded in complex information system infrastructures. We propose four complementary avenues of research: (1) models and techniques to profile the behavior of mission critical data stored in databases, (2) algorithms to correlate (anomalous) data behavior to application/user behavior, (3) techniques to determine and model user profiles and roles from behavioral descriptions, and (4) the integration of techniques, algorithms, and mechanisms into a security re-engineering workbench for (relational) databases. Two major themes build the core of the proposed approaches. First, the analysis of database vulnerabilities and violations of security paradigms is data-driven, i.e., first the behavior of the data is analyzed and modeled before it is correlated to users and applications. Second, we introduce the concept of access path model to uniformly model and correlate data flow and access behavior among relations, users, and applications. This model allows security personnel to fully inspect database security aspects in complex settings in a focused, aspect (policy) driven fashion.
Please report errors in award information by writing to: awardsearch@nsf.gov.
