ABSTRACT
We propose to demonstrate the StreamShield, a system designed to address the problem of security and privacy in the context of Data Stream Management Systems (DSMSs). In StreamShield, continuous access control is enforced by taking a novel "stream-centric" approach towards security. Security policies are not persistently stored on the server, but rather are depicted by security metadata, called "security punctuations", and get embedded into streams together with the data. We distinguish between two types of security punctuations: (1) the "data security punctuations" (dsps) describing the data-side security policies, and (2) the "query security punctuations" (qsps) representing the query-side security policies. The advantages of such stream-centric security model include flexibility, dynamicity and speed of enforcement. Furthermore, DSMSs can adapt to not only data-related but also to security-related selectivities, which helps reduce the waste of resources, when few subjects have access to streaming data.
- A. Deshpande et.al. Adaptive query processing. Found. Trends databases, 1(1), 2007. Google ScholarDigital Library
- M. A. Bishop. The Art and Science of Computer Security. Addison-Wesley Longman Publishing Co., Inc., 2002. Google ScholarDigital Library
- Bright Kite. http://brightkite.com/.Google Scholar
- Distributed Stream Integration. http://www.cis.upenn.edu/ zives/stream--integration/.Google Scholar
- R.Nehme et.al. A security punctuation framework for enforcing access control on streaming data. In ICDE, pages 406--415, 2008. Google ScholarDigital Library
- R.Sandhu et.al. The nist model for role-based access control: towards a unified standard. In RBAC, pages 47--63, 2000. Google ScholarDigital Library
- T. Sutherland et.al. D-cape: distributed and self-tuned continuous query processing. In CIKM, pages 217--218, 2005. Google ScholarDigital Library
Index Terms
- StreamShield: a stream-centric approach towards security and privacy in data stream environments
Recommendations
Demo: Attribute-Stream-Based Access Control (ASBAC) with the Streaming Attribute Policy Language (SAPL)
SACMAT '21: Proceedings of the 26th ACM Symposium on Access Control Models and TechnologiesTraditional Attribute-Based Access Control (ABAC) implementations are based on a request-response protocol resulting in one decision for one authorization request. In stateful, session-based applications this may lead to polling the policy decision ...
Data Streams with Bounded Deletions
PODS '18: Proceedings of the 37th ACM SIGMOD-SIGACT-SIGAI Symposium on Principles of Database SystemsTwo prevalent models in the data stream literature are the insertion-only and turnstile models. Unfortunately, many important streaming problems require a Θ(log(n)) multiplicative factor more space for turnstile streams than for insertion-only streams. ...
Summarizing spatial data streams using ClusterHulls
We consider the following problem: given an on-line, possibly unbounded stream of two-dimensional (2D) points, how can we summarize its spatial distribution or shape using a small, bounded amount of memory? We propose a novel scheme, called ClusterHull, ...
Comments