Role-Based Access Control Models
Computer
TRBAC: A temporal role-based access control model
ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
An algebra for composing access control policies
ACM Transactions on Information and System Security (TISSEC)
Towards usage control models: beyond traditional access control
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Context sensitivity in role-based access control
ACM SIGOPS Operating Systems Review
An Extended Authorization Model for Relational Databases
IEEE Transactions on Knowledge and Data Engineering
A propositional policy algebra for access control
ACM Transactions on Information and System Security (TISSEC)
Issues in data stream management
ACM SIGMOD Record
Generating Network-Based Moving Objects
SSDBM '00 Proceedings of the 12th International Conference on Scientific and Statistical Database Management
The UCONABC usage control model
ACM Transactions on Information and System Security (TISSEC)
Extending query rewriting techniques for fine-grained access control
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Secure XML querying with security views
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Evaluating window joins over punctuated streams
Proceedings of the thirteenth ACM international conference on Information and knowledge management
Nile-PDT: a phenomenon detection and tracking framework for data stream management systems
VLDB '05 Proceedings of the 31st international conference on Very large data bases
High-performance complex event processing over streams
Proceedings of the 2006 ACM SIGMOD international conference on Management of data
Policy Based Access Control in Dynamic Grid-based Collaborative Environment
CTS '06 Proceedings of the International Symposium on Collaborative Technologies and Systems
Safety guarantee of continuous join queries over punctuated data streams
VLDB '06 Proceedings of the 32nd international conference on Very large data bases
GEO-RBAC: A spatially aware RBAC
ACM Transactions on Information and System Security (TISSEC)
An analysis of XML compression efficiency
Proceedings of the 2007 workshop on Experimental computer science
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
CAPE: continuous query engine with heterogeneous-grained adaptivity
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Xengine: a fast and scalable XACML policy evaluation engine
SIGMETRICS '08 Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Supporting RBAC with XACML+OWL
Proceedings of the 14th ACM symposium on Access control models and technologies
A Security Punctuation Framework for Enforcing Access Control on Streaming Data
ICDE '08 Proceedings of the 2008 IEEE 24th International Conference on Data Engineering
A framework to enforce access control over data streams
ACM Transactions on Information and System Security (TISSEC)
FENCE: continuous access control enforcement in dynamic data stream environments
Proceedings of the third ACM conference on Data and application security and privacy
FENCE: continuous access control enforcement in dynamic data stream environments
Proceedings of the third ACM conference on Data and application security and privacy
| Hi-index | 0.00 |
In this paper, we address the problem of continuous access control enforcement in dynamic data stream environments, where both data and query security restrictions may potentially change in real-time. We present FENCE framework that ffectively addresses this problem. The distinguishing characteristics of FENCE include: (1) the stream-centric approach to security, (2) the symmetric model for security settings of both continuous queries and streaming data, and (3) two alternative security-aware query processing approaches that can optimize query execution based on regular and security-related selectivities. In FENCE, both data and query security restrictions are modeled symmetrically in the form of security metadata, called "security punctuations" embedded inside data streams. We distinguish between two types of security punctuations, namely, the data security punctuations (or short, dsps) which represent the access control policies of the streaming data, and the query security punctuations (or short, qsps) which describe the access authorizations of the continuous queries. We also present our encoding method to support XACML(eXtensible Access Control Markup Language) standard. We have implemented FENCE in a prototype DSMS and present our performance evaluation. The results of our experimental study show that FENCE's approach has low overhead and can give great performance benefits compared to the alternative security solutions for streaming environments.