1980s and early 1990s by Oracle, Sybase, Informix and Ingres. This was a team effort with colleagues <strong>at</strong>Honeywell.Secure Query Processing: Paper #2 (IEEE Computer) describes secure query processing str<strong>at</strong>egies.Essentially, I enhanced the query str<strong>at</strong>egies developed by Lock D<strong>at</strong>a Views and introduced ideas from thefield <strong>of</strong> logic and d<strong>at</strong>abases. I developed query str<strong>at</strong>egies based on the re-writing principles. Various types<strong>of</strong> policies were considered in the design. This paper was first submitted to the Hawaii Intern<strong>at</strong>ionalConference on Systems Sciences in 1988 and won the best paper award. I was then invited to submit thejournal version <strong>of</strong> the paper to IEEE Computer which has the largest audience in computer science. <strong>The</strong>n,together with my colleague <strong>at</strong> the <strong>University</strong> <strong>of</strong> Minnesota and a student, this paper was enhanced andpublished in IEEE Computer.Secure Distributed D<strong>at</strong>a Management: <strong>The</strong> third and fourth papers describe aspects <strong>of</strong> securedistributed d<strong>at</strong>abase systems. In Paper #3 (Computers and Security Journal) I was the first to exploremultilevel security for distributed d<strong>at</strong>abase systems. I designed a multilevel d<strong>at</strong>a model, query processingstr<strong>at</strong>egies and transaction management str<strong>at</strong>egies. This paper resulted in several research directionsincluding the algorithms I designed for both query and transaction management. One such algorithm andimplement<strong>at</strong>ion carried out together with a colleague <strong>at</strong> MITRE, is reported in Paper #4 (Journal <strong>of</strong>Systems and S<strong>of</strong>tware). In particular, we developed a system th<strong>at</strong> enforced multilevel security for queryprocessing in a distributed environment. We demonstr<strong>at</strong>ed the system by connecting secure d<strong>at</strong>amanagement systems in Bedford, MA, McLean, VA and Fort Monmouth, NJ in 1991. Such an integr<strong>at</strong>ionwas novel <strong>at</strong> th<strong>at</strong> time and the research was transferred to Army’s maneuver control systems.Secure Object D<strong>at</strong>a Management: <strong>The</strong> next two papers (Paper #5 and #6) describe my work inmultilevel secure object d<strong>at</strong>abase systems. Paper #5 (ACM OOPSLA) describes a widely cited securemodel for object d<strong>at</strong>abase systems. This paper describes several security properties for the object model.<strong>The</strong>n these policies were incorpor<strong>at</strong>ed into the design <strong>of</strong> the system and published in Paper #6 (Journal <strong>of</strong>Object-Oriented Programming). Subsequently together with a colleague <strong>at</strong> MITRE, we developed pro<strong>of</strong> <strong>of</strong>concept demonstr<strong>at</strong>ions <strong>of</strong> the design using the Object Store d<strong>at</strong>a management system in 1992. Thisresearch had an impact on several secure object d<strong>at</strong>a management systems’ research and developmentefforts by others. In addition, we also transferred the research to a system developed by OntosCorpor<strong>at</strong>ion.Found<strong>at</strong>ions <strong>of</strong> the Inference Problem: <strong>The</strong> next four papers describe my work on the Inferenceproblem. I have been commended for this work from researchers as well as government sponsors. In Paper#7 (Computer Security Found<strong>at</strong>ions Workshop), I was the first to prove th<strong>at</strong> the inference problem wasunsolvable and presented it <strong>at</strong> the 3 rd IEEE Computer Security Found<strong>at</strong>ions Workshop. <strong>The</strong> paper did notappear in the proceedings as the paper was not publicly released in time for the workshop. This researchwas also quoted by Dr. John Campbell <strong>of</strong> the N<strong>at</strong>ional Security Agency as the most significant research insecure d<strong>at</strong>a management system in 1990. His quote appeared in the Proceedings <strong>of</strong> the 1990 N<strong>at</strong>ionalComputer Security Conference.Inference Controllers: Once I proved th<strong>at</strong> the inference problem was unsolvable, then I designed ad<strong>at</strong>abase inference controller th<strong>at</strong> handled policies during query, upd<strong>at</strong>e and d<strong>at</strong>abases oper<strong>at</strong>ions.Together with colleagues <strong>at</strong> MITRE, my design was implemented and published in Paper #8 (D<strong>at</strong>a andKnowledge Engineering Journal). This was the first inference controller to be developed and a p<strong>at</strong>ent wasobtained. Our integr<strong>at</strong>ed inference controller processed some policies during d<strong>at</strong>abase query, somepolicies during d<strong>at</strong>abase upd<strong>at</strong>es and some policies during d<strong>at</strong>abase design and this concept was novel <strong>at</strong>th<strong>at</strong> time. <strong>The</strong>n in Paper #9 (IEEE Transactions on Knowledge and D<strong>at</strong>a Engineering), I designedalgorithms for extending the inference controller design to a distributed environment and th<strong>at</strong> resulted inthe first distributed inference controller. Together with a colleague, this design was implemented. In thissystem users could pose queries from multiple sites, but the system would examine the policies across allthe sites and only give out inform<strong>at</strong>ion th<strong>at</strong> the user was authorized to know. <strong>The</strong> inference controllerswere distributed and communic<strong>at</strong>ed with each other to process queries and upd<strong>at</strong>es.Designing Secure Applic<strong>at</strong>ions: In Paper #10 (IFIP D<strong>at</strong>a Security Conference), I looked <strong>at</strong> the inferencefrom a different angle. Here I tried to handle the problem when the applic<strong>at</strong>ion was designed. I used102
conceptual structures (e.g., semantic nets and conceptual graphs) to model the applic<strong>at</strong>ions. Policies weretaken into consider<strong>at</strong>ion during the modeling phase. <strong>The</strong>n the reasoners used by semantic nets andconceptual graphs were applied to reason about the applic<strong>at</strong>ion and detect potential security viol<strong>at</strong>ions.This was a novel idea <strong>at</strong> th<strong>at</strong> time and spawned many avenues for subsequent research. Also as a backendto this reasoner, I designed an expert system for inference control. <strong>The</strong> implement<strong>at</strong>ion <strong>of</strong> this system wascarried out with a colleague <strong>at</strong> MITRE. A U.S. p<strong>at</strong>ent was obtained on this system.Logic for Secure D<strong>at</strong>abases: Finally in Paper #11 (Computer Security Found<strong>at</strong>ions Workshop) I appliedthe theory <strong>of</strong> logic and d<strong>at</strong>abases to multilevel d<strong>at</strong>abases. Since first order logic did not handle nonmonotonicreasoning and since non-monotonic logics <strong>at</strong> th<strong>at</strong> time did not reason across security levels, Ideveloped a logic called NTML (Non-monotonic Typed Multilevel Logic) and subsequently designed amultilevel logic d<strong>at</strong>abase system. <strong>The</strong> significance <strong>of</strong> this work is th<strong>at</strong> the logical reasoner can be used toprocess queries and control unauthorized inferences. A U.S. p<strong>at</strong>ent was obtained on this system.1. Design <strong>of</strong> LDV - A Multilevel Secure Rel<strong>at</strong>ional D<strong>at</strong>abase Management System, June 1990, IEEETransactions on Knowledge and D<strong>at</strong>a Engineering, Vol. 2, No. 2, June 1990, (co-author: P.Stachour). Lead AuthorMy Contribution: This is a Honeywell Team effort. <strong>The</strong> principal members <strong>of</strong> the team includedPaul Stachour (Principal Investig<strong>at</strong>or), P<strong>at</strong>ricia Dwyer, Emmanuel Onuegbe, Tom Haigh andmyself. I designed both the upd<strong>at</strong>e and metad<strong>at</strong>a pipelines. Furthermore, I wrote the entire paperfrom the technical reports we published.2. Secure Query Processing Str<strong>at</strong>egies, IEEE Computer, March 1989, Vol. 22, No. 3, (invited paper– co-authors: T. F. Keefe and W. T. Tsai). Co-Author (for the conference version I was the leadauthor)My Contribution: I designed the algorithms and write the initial paper for the conference bymyself. Because I had to leave on vac<strong>at</strong>ion I requested my colleague and his student to edit thepaper and submit. <strong>The</strong> paper received the best paper award. <strong>The</strong> journal version was anenhancement <strong>of</strong> the conference paper and the student Tom Keefe was mainly responsible for theenhancements.3. Multilevel Security Issues in Distributed D<strong>at</strong>abase Management Systems – II, Computers andSecurity Journal (Elsevier), Volume 10, No.8, December 1991. Sole AuthorMy Contribution: This is 100% my work.4. Design and Implement<strong>at</strong>ion <strong>of</strong> a Query Processor for a Trusted Distributed D<strong>at</strong>abaseManagement Systems, April 1993, Journal <strong>of</strong> Systems and S<strong>of</strong>tware (North Holland), Vol. 21,No. 1 (co-author: Harvey Rubinovitz).My Contribution: I designed the algorithms. <strong>The</strong>n my colleague Dr. Rubinovitz implemented thealgorithm. Together we designed the experiments. I wrote the paper from the technical reports.5. Mand<strong>at</strong>ory Security in Object-Oriented D<strong>at</strong>abase Systems, October 1989, Proceedings <strong>of</strong> theACM Conference on Object-Oriented Programming, Systems, Languages and Applic<strong>at</strong>ions(ACM OOPSLA) Conference, New Orleans, LA. Sole AuthorMy Contribution: This is 100% my work.6. Towards the Design <strong>of</strong> a Multilevel Secure Object-Oriented D<strong>at</strong>abase Management System,Journal <strong>of</strong> Object-Oriented Programming, Vol. 8, No. 3, p. 42 – 49, June 1995. Sole AuthorMy Contribution: This is 100% my work.7. Recursion <strong>The</strong>oretic Properties <strong>of</strong> the Inference Problem in D<strong>at</strong>abase Security, June 1990,Presented <strong>at</strong> the 3rd IEEE Workshop on Found<strong>at</strong>ions <strong>of</strong> Computer Security, Franconia, NH(public release was not obtained in time for proceedings; printed as MITRE Paper M291, May1990). Sole AuthorMy Contribution: This is 100% my work.103
- Page 1:
Curriculum VitaeBhavani Thuraisingh
- Page 5 and 6:
EXTERNALSection 2: MAJOR AWARDSBest
- Page 7 and 8:
Section 3: SYNOPSIS OF RESEARCHMy r
- Page 9 and 10:
the concepts in semantic nets and c
- Page 11 and 12:
secure query processing for cloud.
- Page 13 and 14:
Section 4: RESEARCH LEADERSHIPhttp:
- Page 15 and 16:
Section 5: RESUME SUMMARYName:Dr. B
- Page 17 and 18:
Army, NSA, and CIA as well as consu
- Page 19 and 20:
Section 6: INDUSTRY/GOVERNMENT EXPE
- Page 21 and 22:
management to discuss projects as w
- Page 23 and 24:
Current (2004 - Present)The Univers
- Page 25 and 26:
Object Databases (1 day course taug
- Page 27 and 28:
Section 8: ACADEMIC RESEARCH SUPERV
- Page 29 and 30:
Thesis Committees: Serving/served o
- Page 31 and 32:
Section 9: RESEARCH FUNDINGI have o
- Page 33 and 34:
PI: L. KhanAmount: $260,00020. Nati
- Page 35 and 36:
3. CIA: As manager of fifteen resea
- Page 37 and 38:
15. Multilevel Security Issues in D
- Page 39 and 40:
48. E-Mail Worm Detection Using Dat
- Page 41 and 42:
79. Information Demands Drive Data
- Page 43 and 44:
2. Foundations of Multilevel Databa
- Page 45 and 46:
32. Parallel Processing and Trusted
- Page 47 and 48:
66. Privacy Preserving Data Mining,
- Page 49 and 50:
99. Data Mining for Cyber Security
- Page 51 and 52: 130. Object-oriented Implementation
- Page 53 and 54: 161. XIMKON- An Expert Simulation a
- Page 55 and 56: 194. Ontology Alignment Using Multi
- Page 57 and 58: 225. RETRO: A Framework for Semanti
- Page 59 and 60: 5. Inference Problem in Database Se
- Page 61 and 62: I. JOURNAL SPECIAL ISSUES EDITEDSec
- Page 63 and 64: 12. Proceedings ISI Conference, IEE
- Page 65 and 66: Bhavani ThuraisinghamUTDCS-45-06UTD
- Page 67 and 68: UTDCS-32-08A Practical Approach to
- Page 69 and 70: UTDCS-27-11Towards the Design and I
- Page 71 and 72: 29. A Seminar on Real-time Database
- Page 73 and 74: 14. Concurrency Control in Real-tim
- Page 75 and 76: 17. Data Management Systems Evoluti
- Page 77 and 78: 54. Data Mining for National Securi
- Page 79 and 80: 5. Recent Developments in Some Trus
- Page 81 and 82: 44. Data Engineering Directions, IE
- Page 83 and 84: 6. Towards a Global Multilevel Data
- Page 85 and 86: 19. Object Technology for C4I Appli
- Page 87 and 88: 59. Assured Cloud Computing, AFOSR
- Page 89 and 90: 2. A Seminar on Secure Database Sys
- Page 91 and 92: VIII. The University of Texas at Da
- Page 93 and 94: 5. Secure Distributed Query Process
- Page 95 and 96: Simulated algorithms for informatio
- Page 97 and 98: 1. Geospatial Proximity Algorithm,
- Page 99 and 100: Section 16: INTELLECTUAL PROPERTY A
- Page 101: Section 17: DISCUSSION OF PUBLISHED
- Page 105 and 106: 1990s, we designed and implemented
- Page 107 and 108: inference problem. Back in the earl
- Page 109 and 110: 9. A Semantic Web Based Framework f
- Page 111 and 112: Policy management: While discretion
- Page 113 and 114: Section 18: DISCUSSION OF COMPLETE
- Page 115 and 116: Publications: Several journal publi
- Page 117 and 118: Research and Technology Transfer in
- Page 119 and 120: 13. IEEE WORDS Workshop, Santa Barb
- Page 121 and 122: 82. AAAI, Vancouver, BC, Canada, Ju
- Page 123 and 124: http://findarticles.com/p/articles/
- Page 125 and 126: NSF Grants to Help Create Next-Gene
- Page 127: SECTION 21. CYBER SECURITY RESEARCH