Associate
Dean of
Science
and Information Technology
Rensselaer
Polytechnic Institute
| David L. Spooner
|
|
| Contact Information |
|
Information
Technology
|
School of Science
|
|
| Mailing Address: | Information Technology
Lally Hall, Room 205 Rensselaer Polytechnic Institute 110 8th Street Troy, New York 12180 USA |
School of Science
Jonsson-Roland Science Center, Room 1C05 Rensselaer Polytechnic Institute 110 8th Street Troy, New York 12180 USA |
| Phone: | +1(518) 276-6890 | +1(518) 276-6305 |
| Fax: | +1(518) 276-6687 | +1(518) 276-2825 |
| E-mail: | spoond@rpi.edu | spoond@rpi.edu |
| Office: | 206 Lally Hall | 1C05 Jonsson-Rowland Science Center |
| Office Hours |
Tuesday
1:30 - 2:30
Lally Hall, Room 206
Thursday
1:30 - 2:30
Lally Hall, Room 206
and by appointment
In general, I am in the School of Science in the mornings and
in Information Technology office in the afternoons.
| Education |
B.S.
Computer Science
Pennsylvania State University
1975
M.S.
Computer Science
Cornell University
1978
Ph.D.
Computer Science
Pennsylvania State University
1981
| Current Courses |
None
ITEC-4961 Database and Applications Security, M R 2:00 - 3:50, CRN 92554
This course covers a variety of topics in information security, including foundational models, policies, authentication, access control, database security, assurance, auditing, and instruction detection. It also devotes substantial time to secure coding practices. Students will be expected to complete projects that explore some aspect of information security in detail. Note that cryptography is not covered in this course since it is a major focus in other courses. Prerequisites: CSCI-2500 Computer Organization or ECSE-2660 Computer Archcitecture, Networking & OS and CSCI-1200 Computer Science II. Experience with database systems recommended. 4 credits
| Research Interests |
Database security
Access control for unstructured and semi-structured data
Computer Science and Information Technology education
| Research Summary |
Controlling access to structured data such as data stored in a relational database is a much studied problem. Techniques for defining access control polices (e.g., GRANT and REVOKE commands in SQL) and enforcing those policies are now commonly available. Even access policies that depend on the content of the data being stored can be enforced using view mechanisms such as those defined in SQL.
When one considers semi-structured and unstructured data, however, the situation is significantly different. Existing languages for expressing access control policies are limited in scope. Mechanisms for enforcing access control policies lack the necessary robustness for today’s complex problems. And view concepts are difficult to apply to data without a highly defined structure, making content-dependent access control difficult to provide.
Robust access control models for semi-structured and unstructured data must incorporate the data's semantics. Doing so imposes a logical structure on the data that allows the definition of access control policies over logically consistent components of the data rather than treating the data as a single large blob. A logical organization to a collection of data objects often exists when no consistent physical structure is present. This is the focus of my current research interests.
| Selected Publications |
L. Foutz and D. Spooner, "Providing Public Access to a Scientific Database while Maintaining Data Integrity," Proceedings of the Eighth IASTED International Conference on Internet and Multimedia Systems and Applications, August 16-18, 2004, Kauai, HI, USA, pp. 65-69.
G. Yaun, C. Carothers, S. Adali and D. Spooner, "Optimistic Parallel Simulation of a Large-Scale View Storage System", Future Generation of Computer Systems (FCGS), Vol. 19, No. 4, May 2003.
M. Freeman and D. Spooner, "Using Security Views with XML Documents," in Proceedings of the Second International Conference on Information and Knowledge Sharing (IKS 2003), IASTED, Scottsdale, Arizona, November 17-19, 2003.
Jie Zhang and D. Spooner, "Exploiting Semantic Constraints in a Database Browser," Proceedings of the Seventeenth International Symposium on Computer and Information Sciences (ISCIS XVII), Central Florida University, Orlando Florida, October 28-30, 2002.
M. Olivier and D. Spooner, editors, Database and Application Security XV, Kluwer Academic Publishing, Boston, 2002.
M. Hardwick and D. Spooner, "STEP Services for Sharing Product Models," ASME Journal of Computing and Information Science in Engineering, Vol. 1, No. 3, pp. 266-268, September 2001.
G.Yuan, C. Carothers, S. Adali and D. Spooner,"Optimistic Parallel Simulation of a Large Scale View Storage Systems," Proc of the 2001 Winter Simulation Conference, December 2001.
M. Hardwick, T. Rando, K. Morris, P. Denno, D. Spooner, "Lessons Learned Developing Protocols for the Industrial Virtual Enterprise," Journal on Computer-Aided Design (CAD), February 2000.
D. Spooner, "A Bachelor of Science in Information Technology: An Interdisciplinary Approach," Proceedings of the ACM SIGCSE Symposium on Computer Science Education, ACM Press, March 2000. [html] [MS Word]
M. Hardwick and D. Spooner, "STEP Services for Sharing Product Models in a Virtual Enterprise," Proceedings of DETC98, Paper Number CIE-5518, ASME Design Engineering Technical Conference, Atlanta, September, 1998. [abstract] [paper]
D. Spooner and M. Hardwick, "Using Views for Product Data Exchange," IEEE Computer Graphics & Applications, editor B. Herzog, Vol. 17, September/October, 1997. [abstract] [paper] [copyright]
D. Spooner and M. Skolnick, "Science and Engineering Case Studies in Introductory Computing Courses for Non-Majors," Proceedings of the 28th ACM SIGCSE Technical Symposium, February 1997. [paper]
R. L. Shuey, D. Spooner and O. Frieder, The Architecture of Distributed Computer Systems: A Data Engineering Perspective, Addison-Wesley, 1997.
M. Hardwick, D. Spooner, T. Rando and K. Morris, "Data Protocols for the Industrial Virtual Enterprise," IEEE Internet Computing, Vol. 1, No. 1, January/February 1997. [abstract]
I. Bailey, M. Hardwick, A. Laud, D. Spooner, "Overview of the EXPRESS-X Language," Proceedings of the 1996 EXPRESS Users Group Conference, Toronto, Canada, October 1996. [abstract] [paper]
F. Al-Anzi and D. Spooner, "Classification and Consistency of Behavior in Complex Object Design Views for Concurrent Engineering," to appear in Proceedings of the 1996 International Conference on Data and Knowledge Systems for Manufacturing and Engineering, IEEE Computer Society Press, October, 1996. [abstract] [paper] [copyright]
M. Hardwick, D. Spooner, T. Rando and K. Morris, "Sharing Manufacturing Information in Virtual Enterprises," Communications of the ACM, Vol. 39, No. 2, February 1996, ACM Press. [abstract]
| David L. Spooner Rensselaer Polytechnic Institute 110 8th Street Troy, NY 12180-3590 spoond@rpi.edu |
 |