Locations of visitors to this page

Access Control in Data Streams

In many applications, data arrive in the form of high speed data streams. Examples of such applications include telecommunication, battle field monitoring, network monitoring, financial monitoring, sensor networks, and so on. These data typically contain sensitive information and thus unauthorized accesses should be avoided. As an example, consider battle field monitoring, where the positions of soldiers are protected information that should only be accessible to the battleground commanders.

Clearly, there is a need to integrate access control mechanisms into data stream processing systems to achieve a controlled and selective access to data streams. From the data stream community, many data stream processing systems have been developed both academically (e.g., Aurora, Borealis, STREAM, TelegraphCQ) and commercially (e.g., StreamBase), but the focus in these systems has been on performance issues.

On the other hand, though the data security community has a very rich history in developing access control models, these models are largely tailored to traditional DBMSs. Thus, they cannot be readily adapted to data stream applications, mainly because: (a) traditional databases are static and bounded, while data streams are unbounded and infinite; (b) queries in traditional DBMSs are one time and ad-hoc, but queries over data streams are typically continuous and long running; (c) in traditional DBMSs access control is enforced when users access the data; in data stream applications, access control enforcement is data-driven (i.e., whenever data arrive); (d) because of (c), access control is more computational intensive in data stream applications, and specific techniques to handle it efficiently should be devised; (e) as data are streaming, temporal constraints (e.g., sliding windows) become more critical in data stream applications than in traditional DBMSs.

To cope with all these new requirements, we are investigating a novel access control model, and related enforcement techniques,for data stream applications based on the Aurora system.

Related publications

PDF Enforcing Access Control over Data Streams (2007)

Barbara Carminati, Elena Ferrari, Kian-Lee Tan

Proceedings: ACM Symposium on Access Control Models and Technologies (SACMAT 2007), pp. 21–30, 2007

EE Specifying Access Control Policies on Data Streams (2007)

Barbara Carminati, Elena Ferrari, Kian-Lee Tan

Proceedings: International Conference on Database Systems for Advanced Applications (DASFAA 2007), pp. 410–421, 2007

The documents distributed by this server have been provided by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a noncommercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.

Credits: Icons by http://ldodds.com, http://dryicons.com, http://kalsey.com, http://pooliestudios.com, http://www.askthecssguy.com