Skip to main content
SpringerLink
Log in

StreamFilter: a framework for distributed processing of range queries over streaming data with fine-grained access control

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

Access control is a fundamental component of any data management system, ensuring the prevention of unauthorized data access. Within the realm of data streams, it plays a crucial role in query processing by facilitating authorized access to them. This paper introduces the StreamFilter framework, which focuses on securely processing queries with range filters over streaming data. Leveraging the Role-Based Access Control model, the StreamFilter framework enables the specification of fine-grained access policies at various levels of granularity, such as tuples and attributes, through the utilization of a bit string structure. To enhance the search operation during data stream query processing, the framework employs a distributed indexing method, constructing a set of smaller B + Tree indices rather than a single large B + Tree index. Furthermore, it seamlessly integrates access authorization evaluation with query processing, efficiently filtering unauthorized parts from the query results. The experimental results demonstrate an approximately 50% increase in efficiency for processing queries with range filters compared to the post-filtering strategy. This improvement is observed across all types of data distribution, including uniform, skew, and hyper skew.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Algorithm 1
Algorithm 2
Fig. 3
Algorithm 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Data availability

Enquiries about the source code and data availability should be directed to authors.

Notes

  1. https://grouplens.org/

References

  1. Margara, A., Rabl, T.: Definition of data streams. Encycl. Big Data Technol. (2019). https://doi.org/10.1007/978-3-319-77525-8_188

    Article  Google Scholar 

  2. Bifet, A., Gama, J.: IoT data stream analytics. Ann. des Telecommun. Telecommun. 75(9–10), 491–492 (2020). https://doi.org/10.1007/s12243-020-00811-1

    Article  Google Scholar 

  3. Tiwari, S., Agarwal, S.: Data stream management for CPS-based healthcare: a contemporary review. IETE Tech. Rev. (Institution Electron. Telecommun. Eng. India) 39(5), 987–1010 (2022). https://doi.org/10.1080/02564602.2021.1950578

    Article  Google Scholar 

  4. Sumalatha, M.R., Ananthi, M.: Efficient data retrieval using adaptive clustered indexing for continuous queries over streaming data. Cluster Comput. 22(S5), 10503–10517 (2019). https://doi.org/10.1007/s10586-017-1093-z

    Article  Google Scholar 

  5. Colombo, P., Ferrari, E.: Access control technologies for Big Data management systems: literature review and future trends. Cybersecurity (2019). https://doi.org/10.1186/s42400-018-0020-9

    Article  Google Scholar 

  6. Qiu, J., Tian, Z., Du, C., Zuo, Q., Su, S., Fang, B.: A survey on access control in the age of internet of things. IEEE Internet Things J. 7(6), 4682–4696 (2020). https://doi.org/10.1109/JIOT.2020.2969326

    Article  Google Scholar 

  7. Zaki, M., Lee, A.J., Chrysanthis, P.K.: Effective access control in shared-operator multi-tenant data stream management systems. In: Lecture Notes in Computer Science including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics, vol. 12122 LNCS, pp. 118–136. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-49669-2_7

    Chapter  Google Scholar 

  8. Rhujittawiwat, T., Saaudi, A., Farkas, C.: Stream Data Access Control Model: The Need for Data Semantics. In: International Joint Conference on Knowledge Discovery, Knowledge Engineering and Knowledge Management, IC3K - Proceedings, vol. 3, pp. 19–30. (2022) https://doi.org/10.5220/0011528600003335.

  9. Carminati, B., Ferrari, E., Cao, J., Tan, K.L.: A framework to enforce access control over data streams. ACM Trans. Inf. Syst. Secur. (2010). https://doi.org/10.1145/1805974.1805984

    Article  Google Scholar 

  10. Chakravarthy, S., Jiang, Q.: Stream Data Processing: A Quality of Service Perspective, vol. 36. Springer, Boston (2009). https://doi.org/10.1007/978-0-387-71003-7

    Book  Google Scholar 

  11. Nehme, R.V., Lim, H.S., Bertino, E., Rundensteiner E.A.: StreamShield: A stream-centric approach towards security and privacy in data stream environments. In: SIGMOD-PODS’09—Proceedings of the International Conference on Management of Data and 28th Symposium on Principles of Database Systems, pp. 1027–1029. (2009) https://doi.org/10.1145/1559845.1559972.

  12. Ma, C., Yan, Z., Chen, C.W.: Scalable access control for privacy-aware media sharing. IEEE Trans. Multimed. 21(1), 173–183 (2019). https://doi.org/10.1109/TMM.2018.2851446

    Article  Google Scholar 

  13. Nehme, R.V., Rundensteiner, E.A., Bertino E.: A security punctuation framework for enforcing access control on streaming data. In: Proceedings—International Conference on Data Engineering, pp. 406–415. (2008). https://doi.org/10.1109/ICDE.2008.4497449.

  14. Mirabi, M., Ibrahim, H., Fathi, L., Udzir, N.I., Mamat, A.: A dynamic compressed accessibility map for secure XML querying and updating. J. Inf. Sci. Eng. 31(1), 59–93 (2015). https://doi.org/10.1688/JISE.2015.31.1.4

    Article  MathSciNet  Google Scholar 

  15. Mirabi, M., Ibrahim, H., Udzir, N.I., Mamat, A.: A compact bit string accessibility map for secure XML query processing. Procedia Comput. Sci. 10, 1172–1179 (2012). https://doi.org/10.1016/j.procs.2012.06.169

    Article  Google Scholar 

  16. Safaee, S., Mirabi, M., Rahmani, A.M., Safaei, A.A.: A distributed B+Tree indexing method for processing range queries over streaming data. Cluster Comput. (2023). https://doi.org/10.1007/s10586-023-04015-9

    Article  Google Scholar 

  17. Lindner, W., Meier, J.: Securing the borealis data stream engine. In: Proceedings of the International Database Engineering and Applications Symposium, IDEAS, pp. 137–147. (2006). https://doi.org/10.1109/IDEAS.2006.40.

  18. Carminati, B., Ferrari, E., Tan, K.L.: Enforcing access control over data streams. Proc. ACM Symp. Access Control Model Technol. Sacmat. (2007). https://doi.org/10.1145/1266840.1266845

    Article  Google Scholar 

  19. B. Carminati, E. Ferrari, and L. T. Kian, “Specifying access control policies on data streams,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4443 LNCS, Berlin, Heidelberg: Springer Berlin Heidelberg, 2007, pp. 410–421. doi: https://doi.org/10.1007/978-3-540-71703-4_36.

  20. Cao, J., Carminati, B., Ferrari, E., Tan, K.L.: ACStream: enforcing access control over data streams. Proc. - Int. Conf. Data Eng. (2009). https://doi.org/10.1109/ICDE.2009.25

    Article  Google Scholar 

  21. Streambase home page. http://www.streambase.com/.

  22. Abadi, D.J., Carney, D., Çetintemel, U., Cherniack, M., Convey, C., Lee, S., Stonebraker, M., Tatbul, N., Zdonik, S.: Aurora: a new model and architecture for data stream management. VLDB J. 12(2), 120–139 (2003). https://doi.org/10.1007/s00778-003-0095-z

    Article  Google Scholar 

  23. Nehme, R.V., Lim, H.S., Bertino, E.: FENCE: Continuous Access Control Enforcement in Dynamic Data Stream Environments In: ICDE, pp. 940–943. (2010). https://db.cs.pitt.edu/courses/cs3551/16-1/handouts/icde2010fence.pdf.

  24. Nehme, R.V., Lim, H.S., Bertino, E.: FENCE: Continuous Access control enforcement in dynamic data stream environments. In: CODASPY 2013—Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy, pp. 243–254. (2013). https://doi.org/10.1145/2435349.2435383.

  25. Safaei, A.A.: Real-time processing of streaming big data. Real-Time Syst. 53(1), 1–44 (2017). https://doi.org/10.1007/s11241-016-9257-0

    Article  MathSciNet  Google Scholar 

  26. Deng, Z., Wu, X., Wang, L., Chen, X., Ranjan, R., Zomaya, A., Chen, D.: Parallel processing of dynamic continuous queries over streaming data flows. IEEE Trans. Parallel Distrib. Syst.Distrib. Syst. 26(3), 834–846 (2015). https://doi.org/10.1109/TPDS.2014.2311811

    Article  Google Scholar 

  27. Lee, C.C., Chen, T.J., Wu, Y.H., Tsai, K.C., Yuan, A.: Spontaneous retropharyngeal emphysema and pneumomediastinum presented with signs of acute upper airway obstruction. Am. J. Emerg. Med. 23(3), 402 (2005)

    Article  Google Scholar 

  28. Pollari-malmi, K.: B+trees. https://www.cs.helsinki.fi/u/mluukkai/tirak2010/B-tree.pdf.

  29. Cormen, T.H., Leiserson, C.E., Rivest, R.L.: Introduction to Algorithms, fourth edition, 4th ed. The MIT Press, Cambridge (2022). https://mitpress.mit.edu/books/introduction-algorithms-fourth-edition.

  30. Mishra, A.: Movielens dataset. Kaggle, 2020. https://grouplens.org/datasets/movielens/.

Download references

Funding

The authors have not disclosed any funding.

Author information

Authors and Affiliations

  1. Department of Computer Engineering, Faculty of Engineering, South Tehran Branch, Islamic Azad University, Tehran, Iran

    Shahab Safaee

  2. Faculty of Computer Science, Technical University of Darmstadt, Darmstadt, Germany

    Meghdad Mirabi

  3. Department of Medical Informatics, Faculty of Medical Sciences, Tarbiat Modares University, Tehran, Iran

    Ali Asghar Safaei

Authors
  1. Shahab Safaee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Meghdad Mirabi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ali Asghar Safaei
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

All authors contributed to the study conception and design. The first draft of the manuscript was written by SS and MM, and then it was reviewed by AAS. All authors commented on previous versions of the manuscript. All authors read and approved the final manuscript.

Corresponding author

Correspondence to Meghdad Mirabi.

Ethics declarations

Competing interests

The authors declare no competing interests.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Safaee, S., Mirabi, M. & Safaei, A.A. StreamFilter: a framework for distributed processing of range queries over streaming data with fine-grained access control. Cluster Comput (2024). https://doi.org/10.1007/s10586-024-04402-w

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10586-024-04402-w

Keywords

Search

Navigation