Date of Award

Spring 2023

Document Type

Open Access Dissertation

Department

Computer Science and Engineering

First Advisor

Csilla Farkas

Abstract

In this dissertation, we studied how an adversary could attack databases and how the system could prevent or recover from such an attack. Our motivation to improve the current security capabilities of database management systems. We provided better recovery capabilities of database management systems by incorporating data provenance. We also expand our study to express security and privacy needs of data in the Internet of Things (IoT) environments such as a smart home environment. For this, we proposed a stream data security model to theoretically represent the data in the IoT network. We built a dynamic authorization model on our context-aware architecture and stream data model. We demonstrated the capabilities of our dynamic security policy to address security needs due to the changes in the context. Furthermore, we demonstrated the applicability of our approach by implementing our framework in a smart home IoT network. For our proof-of-concept implementation, we used a commercial and open-source home automaton software. Our approach to improve the system is expanding it by incorporating third party applications, such as a dynamic access control engine. We aim to incorporate a logic reasoner into smart home automaton to provide situation-aware capabilities to the system in this study.

The main research questions in this dissertation are as follows:

1. How can we improve the efficiency of database recovery after a malicious transaction attack?

We proposed algorithms to reduce the downtime of the database during the recovery process. The traditional approach for recovery is to execute all non-malicious transactions from a consistent rollback point. However, this approach is inefficient. First, the database will be unavailable until the restoration is finished. Second, all non-malicious transactions that are committed after the rollback state need to be re-executed. The intuition for our approach is to re-execute partial transactions, i.e., only the operations that were affected by the malicious transactions.

2. How to support context-aware and dynamic security policy for stream data model?

We proposed a semantics-based authorization model for stream data. We demonstrate that current authorization models are insufficient to provide dynamic access control for emerging technologies, such as the Internet of Thing. We propose an authorization model using ontologies and rules to express security requirements for stream data. Our model supports secure interoperation and is independent from the data syntax. We propose security object patterns to express access control needs. These patterns are associated with the ontological concepts corresponding to the database schema. Data instances inherit the security protection needs from these ontological concepts. We aim to support dynamic security policies due to changes in the context. Such changes may result in new security assignments to the protected objects. We model contextual changes as finite state transition automata.

3. How can we support situation-aware decision making for a smart home environment?

We proposde an architecture to enable third party applications within the popular home automation environment. Our claim is that the functionality of these popular smart platforms can be improved by enabling third party applications, such as situation-aware decision making. We show how third-party applications may support home automation systems to respond to complex environmental changes. We implemented a proof-of-concept prototype system to demonstrate how home automation applications can interact with logic reasoners to support dynamic system policies. Our implementation was built using an open source Home Assistant platform and Protégé-OWL reasoner. We propose threat modeling, develop the use and misuse cases for a smart home environment, and support for data exchange between the home automation system and the reasoner.

Share

COinS