Specifying Access Control Policies on Data Streams

  • Barbara Carminati
  • Elena Ferrari
  • Kian Lee Tan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4443)


Many data stream processing systems are increasingly being used to support applications that handle sensitive information, such as credit card numbers and locations of soldiers in battleground [1,2,3,6]. These data have to be protected from unauthorized accesses. However, existing access control models and mechanisms cannot be adequately adopted on data streams. In this paper, we propose a novel access control model for data streams based on the Aurora data model [2]. Our access control model is role-based and has the following components. Objects to be protected are essentially views (or rather queries) over data streams. We also define two types of privileges - Read privilege for operations such as Filter, Map, BSort, and a set of aggregate privileges for operations such as Min, Max, Count, Avg and Sum. The model also allows the specification of temporal constraints either to limit access to data during a given time bound or to constraint aggregate operations over the data within a specified time window. In the paper, we present the access control model and its formal semantics.


Access Control Data Stream Access Control Policy Access Control Model Protection Object 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, D.J., Ahmad, Y., Balazinska, M., Çetintemel, U., Cherniack, M., Hwang, J.H., Lindner, W., Maskey, A., Rasin, A., Ryvkina, E., Tatbul, N., Xing, Y., Zdonik, S.B.: The design of the borealis stream processing engine. In: Proceedings of Conference of Innovative Data System Research (CIDR’05), Asilomar, USA, pp. 277–289 (2005)Google Scholar
  2. 2.
    Abadi, D.J., Carney, D., Çetintemel, U., Cherniack, M., Convey, C., Lee, S., Stonebraker, M., Tatbul, N., Zdonik, S.B.: Aurora: a new model and architecture for data stream management. VLDB Journal 12(2), 120–139 (2003)CrossRefGoogle Scholar
  3. 3.
    Arasu, A., Babcock, B., Babu, S., Datar, M., Ito, K., Nishizawa, I., Rosenstein, J., Widom, J.: Stream: The Stanford stream data manager. In: Proceedings of ACM SIGMOD’03, San Diego, USA, p. 665 (2003)Google Scholar
  4. 4.
    Babcock, B., Babu, S., Datar, M., Motwani, R., Widom, J.: Models and issues in data stream systems. In: Proceedings of ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems (PODS ’02), New York, USA, pp. 1–16 (2002)Google Scholar
  5. 5.
    Castano, S., Fugini, M.G., Martella, G., Samarati, P.: Database Security. Addison-Wesley, Reading (1995)zbMATHGoogle Scholar
  6. 6.
    Chandrasekaran, S., Cooper, O., Deshpande, A., Franklin, M.J., Hellerstein, J.M., Hong, W., Krishnamurthy, S., Madden, S., Raman, V., Reiss, F., Shah, M.A.: TelegraphCQ: continuous dataflow processing for an uncertain world. In: Proceedings of Conference of Innovative Data System Research (CIDR’03), Asilomar, USA (2003)Google Scholar
  7. 7.
    Ferrari, E., Thuraisingham, B.: Secure Database Systems. In: Diaz, O., Piattini, M. (eds.) Advanced Databases: Technology and Design, Artech House, London (2000)Google Scholar
  8. 8.
    Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed nist standard for role-based access control. In. ACM Transaction on Information System Security 4(3), 224–274 (2001)CrossRefGoogle Scholar
  9. 9.
    Golab, L., Ozsu, M.T.: Issues in data stream management. SIGMOD Record 32(2), 5–14 (2003)CrossRefGoogle Scholar
  10. 10.
    StreamBase Home Page,

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Barbara Carminati
    • 1
  • Elena Ferrari
    • 1
  • Kian Lee Tan
    • 2
  1. 1.DICOM, University of Insubria, VareseItaly
  2. 2.School of Computing, National University of SingaporeSingapore

Personalised recommendations