She is also program director on Information and Data Management in the Division of Information and Intelligent systems at the National Science Foundation (NSF), where she is running a roughly $10 million program managing several research projects on database, information retrieval, and knowledge-based systems. Not surprisingly, trying to get in touch with her these days usually means tracking her down when she’s travelling — whether between work in Boston and Washington D.C., or to conferences and lectures — even one recent talk she gave at the White House on data mining and counter-terrorism.
“I usually do things and then move on to other things,” says Thuraisingham, who has published 400 plus technical papers, over 50 journal articles, as well as five books on data management and data mining for technical managers. From the way she avidly and rapidly speaks about dozens of data management issues, it’s clear that Thuraisingham literally lives and breathes information systems, and is always looking for the next key area of research.
Her field of database and data management research, however critical to the essential technology infrastructure of both e-business and the Web, has never enjoyed the popular attention lavished on more graspable technology research in areas like chip design, robotics or digital imaging and media. But the times they could be a changing for database and data management experts.
The advent of the Web opened up a Pandora’s box of new data management and security issues. But it took September 11th for the issues surrounding data management and security to arrive at the forefront of urgent issues facing the technology industry and the business world. The security of corporate data, detecting cyber terrorism, and protecting classified information has become the critical task of the day. And Thuraisingham is riding the cutting edge of these issues.
Dangerous Inferences
Internet privacy is just one key new challenge for data management experts like Thuraisingham. As part of the first work she did when she joined MITRE in 1989, Thuraisingham did important research solving the “inference problem” in database security. This problem is essentially the fact that though some information can be sensitive and therefore open only to restricted access in a database, by combining results from various non-restricted queries one can actually infer the sensitive information without directly accessing it. Thuraisingham’s work on the inference problem earned her three U.S. patents for MITRE, and it has influenced a wide-array of commercial database products.
But that was before the web, and now a similar problem is emerging on a much larger scale. “Because of access to data mining you can infer sensitive info about people,” says Thuraisingham. “Before that you had to be fairly sophisticated to make these inferences. But with new tools you can make inferences about people [from information about them on the Web], take a piece from here a piece from there and put it all together.” This becomes a serious privacy concern.
The major issue, as Thuraisingham aptly puts it, is “How do you share information and yet maintain privacy?” Sharing information is, after all, the real power of the Web. The answer seems mostly to lie in more effective security systems, since people are willing to give up some level of privacy if they know that the information on them floating about on the Web is secure.
But, Thuraisingham, who spends some of her time researching this issue, warns that users might have to give up certain things to get total security — real-time usability for example, since multiple layers of encryption and access control add time-consuming complexity to the system.
As of now, according to Thuraisingham, there are few radically new security paradigms emerging, beyond what was being pioneered in object security ten years ago. XML security is a new problem, but the techniques for solving it are not radically new. “As there are new components to XML we have to ensure that only authorize users can access various parts of an XML document. But in terms of new security techniques the fundamental security techniques aren’t really changing,” says Thuraisingham. Some emerging challenges include securing streaming data or even peer to peer applications.
Thuraisingham also mentions a whole new set of areas in data management and data mining (and yes she’s also working on data mining). There is text mining, but there is also mining multi-media databases, mining images and even mining video. “There are plenty of research problems to work on,” she assures.
Data mining, naturally, is also a key security tool, specifically in the field of Intrusion detection. “Right now there is research on applying data mining to detect who has intruded. And if there are any unusual patterns, can you associate an intrusion with any particular event?” Thuraisingham explains. An insider could be divulging a company’s sensitive information, and that kind of insider threat could be detected through data mining tools.
Semantic Web
But the security and privacy issues that Thuraisingham is working on at MITRE and at the NSF take on a new dimension when viewed in the context of her other, more futuristic, research interest — the “Semantic Web.”
A concept developed by Internet pioneer Tim Berners-Lee of MIT, the Semantic Web is a vision for a Web in which machines understand to some extent the information that they are delivering. In other words, if a person is filing taxes online, the computer will actually spontaneously understand that it can propose advice on tax options or even possible investment strategies that are directly tied to what the user is entering in his or her tax return.
There are obviously critical usability privacy and security concerns to be taken care of, and Thuraisingham is pushing for a new group on the Semantic Web at MITRE. “Without a doubt the Web is the future. The Web today is vet useful but it’s still very difficult to manage. I think the future is going to be making it easy for the user,” she predicts.
The Web will evolve, and data security issues are likely to garner significant attention for the foreseeable future. Thuraisingham’s work — and that of the projects she manages — will be there to influence cutting-edge thought in the world of data management. As the Web-based world creates a proliferation of digital information, she won’t be short of problems to tackle.
