Discussion Questions

1. (DUE March 14, 2003 by midnight EST) Select one of the following questions to discuss in detail through the threaded discussion.
   • The Total Information Awareness (TIA) Program is a data mining system being proposed by the U.S. Department of Defense with the goal of "countering terrorism through prevention." There are a number of computer science professionals who have reservations concerning the effectiveness of this program (U.S. ACM Public Policy Committee). Based on what you now know about databases and database security, discuss the technical feasibility and practical reality of this program.
   • Cite a situation in which the sensitivity of an aggregate is greater than that of its consitituent values. Cite a situation in which the sensitivity of an aggregate is less than that of its constituent values.
   • The response "sensitive value; response suppressed" is itself a disclosure. Suggest a manner in which a database management system could suppress responses that reveal sensitive information without disclosing that theresponses to certain queries are sensitive.
   • A database management system is implemented under an operating system trusted to provide multilevel separation of users. (a) What security features of the operating system can be used to simplify the design of the database management system? (b) Suppose the operating system has rating r, where r is C2 or B1 or B3, etc. State and defend a policy for the degree of trust in the database management system, based on the trust of the operating system.
   • The Total Information Awareness (TIA) Program is a data mining system being proposed by the U.S. Department of Defense with the goal of "countering terrorism through prevention." One of the concerns expressed by the (U.S. ACM Public Policy Committee) is the potential for false positives - incorrectly identifying an individual as a potential terrorist. Based on your knowledge and experience with databases and database security, discuss this concern and ways to mitigate this concern.
2. (DUE March 21, 2003 by midnight EST) Select a discussion from one or more of your classmates and respond to their comments.

   Be sure to discuss a different question than the question you discussed in Discussion 1.

Webliography Assignment
(DUE March 21, 2003 by midnight EST) Submit to the class Webliography 5 annotated links related to database security. These will be added to our Information Assurance E-library (http://csc.ColumbusState.edu/summers/e-library/security.html) You will receive 1 point if just a new link; 1 point if annotation for one of my links; or 2 points if a new annotated link.