Specifying Access Control Policies on Data Streams
Many data stream processing systems are increasingly being used to support applications that handle sensitive information, such as credit card numbers and locations of soldiers in battleground [1,2,3,6]. These data have to be protected from unauthorized accesses. However, existing access control models and mechanisms cannot be adequately adopted on data streams. In this paper, we propose a novel access control model for data streams based on the Aurora data model . Our access control model is role-based and has the following components. Objects to be protected are essentially views (or rather queries) over data streams. We also define two types of privileges - Read privilege for operations such as Filter, Map, BSort, and a set of aggregate privileges for operations such as Min, Max, Count, Avg and Sum. The model also allows the specification of temporal constraints either to limit access to data during a given time bound or to constraint aggregate operations over the data within a specified time window. In the paper, we present the access control model and its formal semantics.
Unable to display preview. Download preview PDF.
- 1.Abadi, D.J., Ahmad, Y., Balazinska, M., Çetintemel, U., Cherniack, M., Hwang, J.H., Lindner, W., Maskey, A., Rasin, A., Ryvkina, E., Tatbul, N., Xing, Y., Zdonik, S.B.: The design of the borealis stream processing engine. In: Proceedings of Conference of Innovative Data System Research (CIDR’05), Asilomar, USA, pp. 277–289 (2005)Google Scholar
- 3.Arasu, A., Babcock, B., Babu, S., Datar, M., Ito, K., Nishizawa, I., Rosenstein, J., Widom, J.: Stream: The Stanford stream data manager. In: Proceedings of ACM SIGMOD’03, San Diego, USA, p. 665 (2003)Google Scholar
- 4.Babcock, B., Babu, S., Datar, M., Motwani, R., Widom, J.: Models and issues in data stream systems. In: Proceedings of ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems (PODS ’02), New York, USA, pp. 1–16 (2002)Google Scholar
- 6.Chandrasekaran, S., Cooper, O., Deshpande, A., Franklin, M.J., Hellerstein, J.M., Hong, W., Krishnamurthy, S., Madden, S., Raman, V., Reiss, F., Shah, M.A.: TelegraphCQ: continuous dataflow processing for an uncertain world. In: Proceedings of Conference of Innovative Data System Research (CIDR’03), Asilomar, USA (2003)Google Scholar
- 7.Ferrari, E., Thuraisingham, B.: Secure Database Systems. In: Diaz, O., Piattini, M. (eds.) Advanced Databases: Technology and Design, Artech House, London (2000)Google Scholar
- 10.StreamBase Home Page, http://www.streambase.com//