The StreamShield Project

Research Areas: Assured Identity and Privacy,

Principal Investigator: Elisa Bertino

The goal of our research in the StreamShield project is to investigate security and privacy constraints on both data and queries in the context of data stream management systems (DSMS). Unlike in traditional DBMSs where access control policies are persistently stored on the server and tend to remain stable, in streaming applications the contexts and with them the access control policies on the real-time data may rapidly change. We propose a novel “stream-centric” approach, where security restrictions are not persistently stored on the server, but rather streamed together with the data. The data provider access control policies are expressed via security constraints called “data security punctuations” (or short, dsps). Server-side policies are specified by administrators in the form of “continuous policy queries” which emit query security constraints called “query security punctuations” (or short, qsps). The advantages of our model include flexibility, dynamicity and speed of enforcement as both data and query security punctuations are embedded inside data streams. Administrators can specify complex context-aware authorization policy queries. At run-time, continuous policy queries are evaluated, authorizations are produced and the engine can enforce any context-aware policy automatically. Moreover, DSMSs can adapt to not only data-related but also security-related selectivities, which helps reduce the waste of resources, when few subjects have access to data.

Personnel

  • Hyo-sang Lim
  • Rimme Nehme
  • Elke Rundensteiner, RPI

Keywords: dsms, privacy, stream management, access control, policy