FENCE: Continuous Access control enforcement in dynamic data stream environments

CODASPY 2013 - Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy

Volumn , Issue , 2013, Pages 243-254

  Nehme, Rimma V ^a   Lim, Hyo Sang ^b,c   Bertino, Elisa ^c  

^a Microsoft Jim Gray Systems Lab   (United States)

^b Yonsei University   (South Korea)

^c PURDUE UNIVERSITY   (United States)

Author keywords

Access control; Data stream; XACML

Indexed keywords

ACCESS CONTROL ENFORCEMENTS; ACCESS CONTROL POLICIES; CONTINUOUS QUERIES; DATA STREAM; EXPERIMENTAL STUDIES; PERFORMANCE BENEFITS; PROCESSING APPROACH; XACML;

ACCESS CONTROL; DATA COMMUNICATION SYSTEMS; METADATA; QUERY LANGUAGES;

FENCES;

EID: 84874872678     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2435349.2435383     Document Type: Conference Paper

References (36)

1. E. Wu et al., "High-performance complex event processing over streams, " in SIGMOD, 2006, pp. 407-418.
2. L. Golab and M. T. Ozsu, "Issues in data stream management, " SIGMOD Rec., vol. 32, no. 2, pp. 5-14, 2003.
3. M. Ali et al., "Nile-PDT: a phenomenon detection and tracking framework for dsmss, " in VLDB, 2005, pp. 1295-1298.
4. R. Sandhu et al., "Role-based access control models, " IEEE Computer, vol. 29, no. 2, pp. 38-47, 1996. [Online]. Available: citeseer.ist.psu.edu/sandhu96rolebased.html.
5. The Carbon Project, "http://www.thecarbonproject.com/.".
6. XACML and O. S. S. T. Committee, "Extensible access control markup language (xacml) committee specification 2.0, " 2005.
7. E. Bertino and A. Squicciarini, "A flexible access control model for web services, " in Proceedings of the 6th International Conference On Flexible Query Answering Systems, 2004, pp. 13-16.
8. R. Qing and C. Adams, "A comparison of compression techniques for xml-based security policies in mobile computing environments, " in Proceedings of the Workshop on New Challenges for Access Control (NCAC), April 27, 2005, pp. 209-232.
9. R. Nehme et al., "Security punctuation framework for enforcing access control on streaming data, " in ICDE, 2008.
10. R. Nehme et al., "FENCE: Continuous Access Control Enforcement in Dynamic Data Stream Environments, " in ICDE, 2010.
11. E. Rundensteiner et al., "Cape: Continuous query engine with heterogeneous-grained adaptivity, " in VLDB, 2004.
12. D. Ferraiolo et al., "Proposed NIST standard for role-based access control, " ACM Trans. Inf. Syst. Secur., vol. 4, no. 3, pp. 224-274, 2001.
13. E. Bertino et al., "An extended authorization model for relational databases, " TKDE, vol. 9, no. 1, pp. 85-101, 1997.
14. R. Ferrini and E. Bertino, "Supporting RBAC with XACML+OWL, " 14th ACM Symposium on Access Control Models and Technologies(SACMAT 2009), Stresa, Italy, June 3-5, 2009.
15. D. Wijesekera and S. Jajodia, "A propositional policy algebra for access control, " ACM TISSEC, vol. 6, no. 2, pp. 286-325, 2003.
16. W. Fan, C. Chan, and M. Garofalakis, "Secure XML querying with security views, " in SIGMOD, 2004, pp. 587-598.
17. S. Rizvi et al., "Extending query rewriting techniques for fine-grained access control, " in SIGMOD, 2004, pp. 551-562.
18. T. Brinkhoff, "Generating network-based moving objects, " in SSDBM, 2000, p. 253.
19. M. Hammad et. al., "Efficient execution of sliding-window queries over streams." Purdue University, Tech. Rep., 2003.
20. P.Tucker et al., "Applying punctuation schemes to queries over data streams." IEEE Data Eng. Bull., vol. 26, no. 1, 2003.
21. L. Ding, N. Mehta, E. A. Rundensteiner, and G. T. Heineman, "Joining punctuated streams, " in EDBT, 2004, pp. 587-604.
22. L. Ding and E. A. Rundensteiner, "Evaluating window joins over punctuated streams, " in CIKM, 2004, pp. 98-107.
23. H. Li et al., "Safety guarantee of continuous join queries over punctuated data streams, " in VLDB, 2006, pp. 19-30.
24. R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu, "Hippocratic databases, " in VLDB, 2002, pp. 143-154.
25. J. Park and R. Sandhu, "Towards usage control models: beyond traditional access control, " in SACMAT, 2002, pp. 57-64.
26. J. Park et al., "The UCON-ABC usage control model, " ACM Trans. Inf. Syst. Secur., vol. 7, no. 1, pp. 128-174, 2004.
27. B. Carminati et al., "A framework to enforce access control over data streams, " ACM Trans. Inf. Syst. Secur., vol. 13, no. 3, 2010.
28. C. Ribeiro et al., "Spl: An access control language for security policies with complex constraints, " in NDSSS, 2001.
29. P. Bonatti et al., "An algebra for composing access control policies, " ACM TISSEC, vol. 5, no. 1, pp. 1-35, 2002.
30. M. Backes et al., "An algebra for composing enterprise privacy policies, " in Res. Report 3557, IBM Research, 2004.
31. E.Bertino et al., "TRBAC: A temporal role-based access control model, " ACM Trans. Inf. Syst. Secur., vol. 4, no. 3, pp. 191-233, 2001.
32. M. Damiani et al., "GEO-RBAC: A spatially aware RBAC, " ACM TISSEC, vol. 10, no. 1, 2007.
33. A. Kumar, N. Karnik, and G. Chafle, "Context sensitivity in role-based access control, " SIGOPS Oper. Syst. Rev., vol. 36, no. 3, pp. 53-66, 2002.
34. Y. Demchenko et al., "Policy based access control in dynamic grid-based collaborative environment, " in Proc. The 2006 International Symposium on Collaborative Technologies and Systems, 2006, pp. 14-18.
35. C. Augeri et al., "An analysis of xml compression efficiency, " in Proceedings of the 2007 workshop on Experimental computer science, 2007.
36. A. X. Liu et al., "Xengine: a fast and scalable XACML policy evaluation engine, " in SIGMETRICS, 2008.