DBSec 2011: Data and Applications Security and Privacy XXV pp 122-137 | Cite as
Multilevel Secure Data Stream Processing
Conference paper
Abstract
With sensors and mobile devices becoming ubiquitous, situation monitoring applications are becoming a reality. Data Stream Management Systems (DSMSs) have been proposed to address the data processing needs of such applications that require collection of high-speed data, computing results on-the-fly, and taking actions in real-time. Although a lot of work appears in the area of DSMS, not much has been done in multilevel secure (MLS) DSMS making the technology unsuitable for highly sensitive applications such as battlefield monitoring. An MLS DSMS should ensure the absence of illegal information flow in a DSMS and more importantly provide the performance needed to handle continuous queries. We investigate the issues important in an MLS DSMS and propose an architecture that best meets the goals of MLS DSMS. We discuss how continuous queries can be executed in such a system and sharing across queries accomplished for maximum performance benefits.
Keywords
Multilevel Security DSMS Continuous Query Processing Download
to read the full conference paper text
References
- 1.Abadi, D.J., Ahmad, Y., Balazinska, M., Çetintemel, U., Cherniack, M., Hwang, J., Lindner, W., Maskey, A., Rasin, A., Ryvkina, E., Tatbul, N., Xing, Y., Zdonik, S.B.: The design of the borealis stream processing engine. In: Proc. of the CIDR, pp. 277–289 (2005)Google Scholar
- 2.Abrams, M.D., Jajodia, S.G., Podell, H.J. (eds.): Information Security: An Integrated Collection of Essays, 1st edn. IEEE Computer Society Press, Los Alamitos (1995)Google Scholar
- 3.Adaikkalavan, R., Perez, T.: Secure Shared Continuous Query Processing. In: Proc. of the ACM SAC (Data Streams Track), Taiwan, pp. 1005–1011 (March 2011)Google Scholar
- 4.Arasu, A., Babcock, B., Babu, S., Cieslewicz, J., Datar, M., Ito, K., Motwani, R., Srivastava, U., Widom, J.: Stream: The stanford data stream management system. Technical Report 2004-20, Stanford InfoLab (2004)Google Scholar
- 5.Arasu, A., Babu, S., Widom, J.: The CQL continuous query language: semantic foundations and query execution. VLDB Journal 15(2), 121–142 (2006)CrossRefGoogle Scholar
- 6.Babcock, B., Babu, S., Datar, M., Motwani, R., Thomas, D.: Operator scheduling in data stream systems. VLDB Journal 13(4), 333–353 (2004)CrossRefGoogle Scholar
- 7.Babcock, B., Babu, S., Datar, M., Motwani, R., Widom, J.: Models and issues in data stream systems. In: Proc. of the PODS, pp. 1–16 (June 2002)Google Scholar
- 8.Babcock, B., Datar, M., Motwani, R.: Load shedding for aggregation queries over data streams. In: Proc. of the ICDE, pp. 350–361 (March 2004)Google Scholar
- 9.Balakrishnan, H., Balazinska, M., Carney, D., Çetintemel, U., Cherniack, M., Convey, C., Galvez, E., Salz, J., Stonebraker, M., Tatbul, N., Tibbetts, R., Zdonik, S.B.: Retrospective on aurora. VLDB Journal: Special Issue on Data Stream Processing 13(4), 370–383 (2004)Google Scholar
- 10.Bell, D.E., LaPadula, L.J.: Secure Computer System: Unified Exposition and MULTICS Interpretation. Technical Report MTR-2997 Rev. 1 and ESD-TR-75-306, rev. 1, The MITRE Corporation, Bedford, MA 01730 (March 1976)Google Scholar
- 11.Bishop, M.: Computer Security: Art and Science. Addison-Wesley, Reading (2002)Google Scholar
- 12.Cao, J., Carminati, B., Ferrari, E., Tan, K.: Acstream: Enforcing access control over data streams. In: Proc. of the ICDE, pp. 1495–1498 (2009)Google Scholar
- 13.Carminati, B., Ferrari, E., Tan, K.L.: Enforcing access control over data streams. In: Proc. of the ACM SACMAT, pp. 21–30 (2007)Google Scholar
- 14.Carney, D., Çetintemel, U., Cherniack, M., Convey, C., Lee, S., Seidman, G., Stonebraker, M., Tatbul, N., Zdonik, S.B.: Monitoring Streams - A New Class of Data Management Applications. In: Proc. of the VLDB, pp. 215–226 (August 2002)Google Scholar
- 15.Castano, S., Fugini, M.G., Martella, G., Samarati, P.: Database Security (ACM Press Book). Addison-Wesley, Reading (1994)Google Scholar
- 16.Chakravarthy, S., Jiang, Q.: Stream Data Processing: A Quality of Service Perspective Modeling, Scheduling, Load Shedding, and Complex Event Processing. Advances in Database Systems 36 (2009)Google Scholar
- 17.Cherniack, M., Balakrishnan, H., Balazinska, M., Carney, D., Çetintemel, U., Xing, Y., Zdonik, S.B.: Scalable distributed stream processing. In: Proc. of the CIDR (2003)Google Scholar
- 18.Committee on Multilevel Data Management Security, Air Force Studies Board, Commission on Engineering and Technical Systems. National Research Council, National Academy Press, Washington D.C. (March 1983); Multilevel data management securityGoogle Scholar
- 19.George, B., Haritsa, J.R.: Secure Concurrency Control in Firm Real-Time Databases. Distributed and Parallel Databases 5, 275–320 (1997)Google Scholar
- 20.Jiang, Q., Chakravarthy, S.: Anatomy of a Data Stream Management System. In: ADBIS Research Communications (2006)Google Scholar
- 21.Lindner, W., Meier, J.: Securing the borealis data stream engine. In: IDEAS, pp. 137–147 (2006)Google Scholar
- 22.Nehme, R.V., Rundensteiner, E.A., Bertino, E.: A security punctuation framework for enforcing access control on streaming data. In: Proc. of the ICDE, pp. 406–415 (2008)Google Scholar
- 23.Ozsoyoglu, G., Snodgrass, R.T.: Temporal and real-time databases: A survey. IEEE Knowledge and Data Engineering 7(4), 513–532 (1995)CrossRefGoogle Scholar
- 24.Son, S.H., David, R.: Design and analysis of a secure two-phase locking protocol. In: Proc. of the CSAC, pp. 374–379 (November 1994)Google Scholar
- 25.Tatbul, N., Çetintemel, U., Zdonik, S.B., Cherniack, M., Stonebraker, M.: Load Shedding in a Data Stream Manager. In: Proc. of the VLDB, pp. 309–320 (September 2003)Google Scholar
Copyright information
© IFIP International Federation for Information Processing 2011