Tyrone S. Toland, Ph.D.
My current research interests include Database Security, Information Retrieval , Information Security, Web Mining Security, Service-Oriented Architecture, Web Services.
- Inference Problem
- The inference problem in database security is the ability to determine (i.e. infer) confidential data by using non-confidential data and database constraints (meta-data). Users with appropriate security levels should be granted access to the data that their security clearance allows them to access; however, the user should not be able to use that data to infer data to which the user does not have security clearance. At the same time, data should not be erroneously denied to the user when updates to the database invalidate previously released query results. Dynamic Disclosure Monitor (D2Mon) is an inference engine that prevents the disclosure of confidential data from non-confidential query results. This inference engine increases the availability of data in the presence of updates, while disallowing the release and inference of confidential data. D2Mon is a non-GUI application developed in Java (version 1.4). Currently, the system can access data that is stored in either the relational database mySQL or the relational database Access 2000 by using Java Database Connectivity (JDBC) and Object Database Connectivity (ODBC), respectively. A paper has been published that presents the framework for D2Mon. A paper is in progress to present the implementation results.
- Web Mining Security
- Research in the area of Web Mining is currently being conducted in the Information Security Lab at the University of South Carolina. This research investigates the ramifications of mining the server access log to discover user usage patterns. These usage patterns provide a useful resource in determining whether or not a user has violated an organization’s usage policy. Although an organization does have the right to monitor the usage patterns of an individual user, an organization does not have the right to discover confidential information about a user. That is, the information that can be mined from the server access log may allow some confidential data to be inferred about a user. The goal of this research is to identify an approach that will allow an organization to monitor the usage patterns of users, while preventing the disclosure of confidential information about an individual user. An initial framework has been proposed and is currently being refined.
- T. S. Toland, C. Farkas, C. M. Eastman. “The inference problem: Maintaining maximal availability in the presence of database updates,” Computers & Security, Volume 29, Issue 1, February 2010, pp. 88-103.
- T. S. Toland. “Yet Another Database Constraint Checker: Database Constraint Evaluator,” In the Proceedings of the 47th Annual Association for Computing Machinery (ACM) Southeast Regional Conference, Clemson, SC, March 19 - 21, 2009, (Extended Abstract).
- T. S. Toland, C. Farkas, C. M. Eastman, “Dynamic Disclosure Monitor (D2Mon): A Survey of Open Research Problems,” In the Proceedings of 1st Computer Security Conference (CSC), Myrtle Beach, SC, April 12 - 13, 2007.
- T. Toland, C. Farkas, and C. Eastman. “Dynamic Disclosure Monitor (D2Mon): An Improved Query Processing Solution,” In the Proceedings of 2nd Workshop on Secure Data Management in association with the 31st International Conference on Very Large Databases (VLDB) 2005, Trondheim, Norway, August 30 to September 2, 2005.
- C. Farkas, T. Toland, and C. Eastman. “The inference problem and updates in relational databases,” In the Proceedings of the Fifteenth Annual IFIP WG 11.3 Working Conference on Database and Applications Security, Niagara on the Lake, Ontario, Canada, July 15-18, 2001, pp. 171-186.
- T. Toland and C. Eastman. “An Information Retrieval System to Manage Program Maintenance Reports in a Data Processing Shop,” In the Proceedings of the 38th Annual Association for Computing Machinery (ACM) Southeast Conference, Clemson, SC, April 7-8, 2000, pp. 81–87.