Security and privacy for geospatial data: Concepts and research directions

Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS, SPRINGL'08

Volumn , Issue , 2008, Pages 6-19

  Bertino, Elisa ^a   Gertz, Michael ^b   Thuraisingham, Bhavani ^c   Damiani, Maria Luisa ^d  

^a PURDUE UNIVERSITY   (United States)

^b UNIVERSITY OF HEIDELBERG   (Germany)

^c The University of Texas at Dallas   (United States)

^d UNIVERSITY OF MILAN   (Italy)

Author keywords

Geospatial data; GIS; Privacy; Security

Indexed keywords

ARCHITECTURAL APPROACH; CITY PLANNING; CRITICAL DATA; DATA REPOSITORIES; EMERGENCY MANAGEMENT; ENVIRONMENTAL MONITORING; GEOSPATIAL DATA; GIS; GIS APPLICATION; PRIVACY; RESEARCH DIRECTIONS; SECURITY; SECURITY AND PRIVACY; TECHNICAL CHALLENGES; WIDE SPECTRUM;

ACCESS CONTROL; ENVIRONMENTAL MANAGEMENT; GEOGRAPHIC INFORMATION SYSTEMS; MILITARY APPLICATIONS; MILITARY OPERATIONS; PLANNING; PUBLIC KEY CRYPTOGRAPHY; REGIONAL PLANNING; URBAN PLANNING;

DATA PRIVACY;

EID: 70349107532     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1503402.1503406     Document Type: Conference Paper

References (63)

1. GeoXACML Implementation Specification, http://www.opengeospatial.org/ standards/geoxacml.
2. Open GIS Consortium Interoperability Demonstration Focuses on Emergency Response Situations, http://xml.coverpages.org/ogc-wsinterop.html.
3. The Open Geospatial Consortium (OGC). http://www.opengeospatial.org.
4. XML Signature Syntax and Processing, W3C Recommendation, June 2008. http://www.w3.org/TR/xmldsig-core/, 2008.
5. Geospatial Interoperability Reference Model (GIRM, V 1.1). http://gai.fgdc.gov/, 2003.
6. GML3.1 ISO/TC 211/WG 4/PT 19136 Geographic information, Geography Markup Language (GML), Committee Draft. http://portal.opengeospatial.org/files/? artifact-id=4700 2004.
7. OGC Critical Infrastructure Protection Initiative (CIPI), http://ip.opengis.org/cipi/, 2006.
8. Global Earth Observation System of Systems (GEOSS). http://www.epa.gov/ geoss/, 2006.
9. OpenGIS Geography Language (GML) Encoding Specification, version 3.1.1, http://www.opengeospatial.org/standards/gml, 2007.
10. M. Abedin, S. Nessa, L. Khan, and B. M. Thuraisingham. Detection and resolution of anomalies in firewall policy rules. In 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec), 2006.
11. A. Alam, G. Subbiah, and B. Thuraisingham. Reasoning with semantics-aware access control policies for geospatial Web services. In A CM Workshop on Secure Web Services (SWS), George Mason University, Fairfax VA, USA, 2006.
12. A. Alam and B. Thuraisingham. Geography resource description framework (GRDF) and secure GRDF (S-GRDF). Technical report, The University of Texas at Dallas, 2006.
13. V. Atluri and S. A. Chun. An authorization model for geospatial data. IEEE Transactions on Dependable and Secure Computing, 1(4):238-254, 2004.
14. V. Atluri and P. Mazzoleni. Uniform indexing for geospatial data and authorizations. In Research Directions in Data and Applications Security, IFIP WG 11.3 Sixteenth International Conference on Data and Applications Security, 2002.
15. J. C. Baker, B. E. Lachman, D. R. Frelinger, K. M. O'Connell, and A. Hou. Mapping the risks: Assessing the homeland security implications of publicly available geospatial information. Technical Report, RAND National Defense Research Institute, 2004.
16. A. Belussi, E. Bertino, B. Catania, M. L. Damiani, and A. Nucita. An authorization model for geographical maps. In 12th ACM International Workshop on Geographic Information Systems, (ACM-GIS), 2004.
17. A. Belussi, B. Catania, and E. Bertino. A reference framework for integrating multiple representations of geographical maps. In Proceedings of the Eleventh A CM International Symposium on Advances in Geographic Information Systems (ACM GIS), 2003.
18. F. L. Ber and A. Napoli. Design and comparison of lattices of topological relations for spatial representation and reasoning. Journal of Experimental & Theoretical Artificial Intelligence, 15(3):331-371, 2003.
19. E. Bertino, P. A. Bonatti, and E. Ferrari. Trbac: A temporal role-based access control model. A CM Transactions on Information and System Security, 4(3):191-233, 2001.
20. E. Bertino, B. Catania, E. Ferrari, and P. Perlasca. A logical framework for reasoning about access control models. A CM Transactions on Information and System Security, 6(1):71-127, 2003.
21. E. Bertino, M. L. Damiani, and D. Momini. An access control system for a web map management service. In 14th International Workshop on Research Issues in Data Engineering (RIDE-WS-ECEG 2004), Web Services for E-Commerce and E-Government Applications, 2004.
22. E. Bertino and E. Ferrari. Secure and selective dissemination of xml documents. A CM Transactions on Information and System Security, 5(3):290-331, 2002.
23. E. Bertino, S. Jajodia, and P. Samarati. A flexible authorization mechanism for relational database systems. A CM Transactions on Information Systems, 17(2):101-140, 1999.
24. E. Bertino and R. S. Sandhu. Database security-concepts, approaches, and challenges. IEEE Transactions on Dependable and Secure Computing, 2(1):2-19, 2005.
25. R. Bhatti, A. Ghafoor, E. Bertino, and J. Joshi. X-GTRBAC: an XML-based policy specification framework and architecture for enterprise-wide access control. ACM Transactions on Information and System, Security, 8(2):187-227, 2005.
26. S. A. Chun and V. Atluri. Protecting privacy from continuous high-resolution satellite surveillance. In Data and Application Security, Development and Directions, IFIP TC11/WG11.3 Fourteenth Annual Working Conference on Database Security, 2000.
27. M. J. Covington, W. Long, S. Srinivasan, M. A. Anind K. Dey, and G. D. Abowd. Securing context-aware applications using environment roles. In 6th ACM Symposium on Access Control Models and Technologies, 2001.
28. M. Damiani, E. Bertino, B. Catania, and P. Perlasca. Geo-RBAC: a spatially-aware RBAC. ACM Transactions on Information and System Security, 10(1):2, 2007.
29. P. Devanbu, M. Gertz, A. Kwong, C. Martel, and S. Stubblebine. Flexible authentication of XML documents. Journal of Computer Security, 12(6):841-864, 2004.
30. P. Devanbu, M. Gertz, C. Martel, and S. Stubblebine. Authentic data publication over the Internet. Journal of Computer Security, 11(3):291-314, 2003.
31. J. Dobson. Is GIS a privacy threat? GIS World, 1198.
32. A. Entchev. GIS and privacy. Directions Magazine, 2005.
33. ESRI. OpenGIS Interoperability Add-ons for ArcGIS, http://www.esri.com/ software/standards/ogc-download.html, 2005.
34. M. Gertz, Q. Hart, C. Rueda, S. Singhal, and J. Zhang. A data and query model for streaming geospatial image data. In 11th International Workshop on Foundations of Models and Languages for Data and Objects (Query Languages and Query Processing-QLQP), Revised Selected Papers. LNCS 4254, Springer, 687-699. 2006.
35. M. Gertz, A. Kwong, C. Martel, G. Nuckolls, P. Devanbu, and S. Stubblebine. Databases that tell the truth: Authentic data publication. Bulletin of the Technical Committee on Data Engineering, 7(1):21-41, 2004.
36. M. Gertz and S. Jajodia (Editors). The Handbook of Database Security: Applications and Trends. Springer, 2007.
37. M. Gertz and A. M. Rosenthal. Database Security. In Bidgoli, H. (editor) Handbook of Information Security, Threats, Vulnerabilities, Prevention, Detection and Management, pages 380-395, Wiley. 2006.
38. F. Hansen and V. A. Oleshchuk. Spatial role-based access control model for wireless networks. In IEEE Vehicular Technology Conference VTC2003-Fall, 2003.
39. S. Jajodia, P. Samarati, M. L. Sapino, and V. S. Subrahmanian. Flexible support for multiple access control policies. ACM Transactions on Database Systems, 26(2):214-260, 2001.
40. J. R. Jensen. Introductory Digital Image Processing. Third Edition, Prentice Hall, 2004.
41. J. Joshi, E. Bertino, U. Latif, and A. Ghafoor. A generalized temporal role-based access control model. IEEE Transactions on Knowledge Data Eng, 17(1):4-23, 2005.
42. M. Koch, L. V. Mancini, and F. Parisi-Presicce. On the specification and evolution of access control policies. In 6th A CM Symposium on Access Control Models and Technologies (SACM AT 2001), 2001.
43. R. Lake, D. S. Burggraf, M. Trninic, and L. Rae. Geography Markup Language-Foundation for the Geo-Web. Wiley, 2004.
44. M. Lorch, S. Proctor, R. Lepro, D. Kafura, and S. Shah. Access control: First experiences using XACML for access control in distributed systems. In A CM workshop on XML security, 2003.
45. P. M. Mather. Computer Processing of Remotely-Sensed Images. Wiley, 2004.
46. A. Matheus. Declaration and enforcement of fine-grained access restrictions for a service-based geospatial data infrastructure. In 10th ACM Symposium, on Access Control Models and Technologies (SACMAT 2005), 2005.
47. P. Mazzoleni, E. Bertino, and B. Crispo. XACML policy integration algorithms: not to be confused with XACML policy combination algorithms! In SACMAT, 2006.
48. FGDC. Guidelines for providing appropriate access to geospatial data in response to security concerns. http://www.fgdc.gov/policyandplanning/Access- Guidelir June 2005.
49. FGDC. National Spatial Data Infrastructure (NSDI). http://www.fgdc.gov/ nsdi/nsdi.html.
50. H. J. Onsrud, J. P. Johnson, and X. Lopez. Protecting personal privacy in using geographic information systems. Photogrammetic Engineering and Image Processing, 60(9):1083-1095, 1994.
51. D. Papadias, M. J. Egenhofer, and J. Sharma. Hierarchical reasoning about direction relations. In Proceedings of the 4th ACM international workshop on Advances in geographic information systems, 1996.
52. P. Rigaux, M. Scholl, and A. Voisard. Spatial Databases: With Application to GIS. Morgan Kaufmann, 2002.
53. P. Samarati and S. D. C. di Vimercati. Foundations of Security Analysis and Design, Tutorial Lectures (FOSAD 2000), chapter Access Control: Policies, Models, and Mechanisms, pages 137-196. LNCS 2171, Springer, 2001.
54. H. Samet. Applications of Spatial Data Structures: Computer Graphics, Image Processing and GIS. Addison-Wesley, 1989.
55. R. S. Sandhu, V. Bhamidipati, and Q. Munawer. The ARBAC97 model for role-based administration of roles. A CM Transactions on Information and System Security, 2(1):105-135, 1999.
56. R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-based access control models. IEEE Computer, 29(2):38-47, 1996.
57. B. Thuraisingham. Database and Applications Security, Integrating Data Management and Applications Security. CRC Press/Auerbach, 2005.
58. B. Thuraisingham and W. Ford. Security constraint processing in a multilevel secure distributed database system. IEEE Transactions on Knowledge and Data Engineering, 7(2):274-293, 1995.
59. CD. Tomlin. Geographic Information Systems and Cartographic Modeling. Prentice-Hall, 1990.
60. Y. Wang and J. Vassileva. Bayesian network trust model in peer-to-peer networks. In Second International Workshop on Agents and Peer-to-Peer Computing (AP2PC 2003), 2003.
61. M. Winslett, N. Ching, V. E. Jones, and I. Slepchin. Using digital credentials on the world wide web. Journal of Computer Security, 5 (3): 255-266, 1997.
62. T. Wright. Geographic information systems. Ontario Office of Information and Privacy Commissioner, 1997.
63. Y. Yang, S. Papadopoulos, D. Papadias, and G. Kollios. Spatial outsourcing for location-based services. In Proceedings of the 24th International Conference on Data Engineering, ICDE 2008, 1082-1091, 2008.