Presentation is loading. Please wait.

Presentation is loading. Please wait.

F. Li 05/15/06 Security & Privacy Preserved Information Brokerage System Fengjun Li College of IST, Penn State University.

Published byHarriet Jordan Modified over 9 years ago

Similar presentations

Presentation on theme: "F. Li 05/15/06 Security & Privacy Preserved Information Brokerage System Fengjun Li College of IST, Penn State University."— Presentation transcript:

1 F. Li 05/15/06 Security & Privacy Preserved Information Brokerage System Fengjun Li fli@ist.psu.edu College of IST, Penn State University

2 F. Li 05/15/06 12345 Introduction Information Brokerage Systems Security- preserved mechanism Privacy- preserved mechanism Conclusion and Q&A

3 F. Li 05/15/06 content/location discovery Universal Connectivity security & privacy risks poor usability …

4 F. Li 05/15/06 Data sources connected with the help of brokers User send query to local broker that help route it to targeted data sources Information Brokerage System Security & privacy?

5 F. Li 05/15/06 Security Enforcement – from the perspective of performance –Access Control –Traditional AC enforcement and IBS architecture –Any other choice

6 F. Li 05/15/06 If we could drag the AC out of DBMS … Or further

7 F. Li 05/15/06 Why dragging security check out of DBMS and pushing it to the brokers? – A performance based reason

8 F. Li 05/15/06 Preliminary –XML Access Control Model Role-based Access Control 5-tuple access control rules (ACR) –QFilter: enforcing AC via query written Using Non-deterministic Finite Automata (NFA) to hold ACR Query either rejected or accepted (w/o rewritten)

9 F. Li 05/15/06 QFilter Example

10 F. Li 05/15/06 Our Approach –Merge the QFilters of several roles to an integrated Multi-Role QFilter A naïve approach – QFilter Array –Use the similar NFA-based mechanism to represent the routing information (called index rules) –Merge index rules into Multi-Role QFilter for further performance improvement

11 F. Li 05/15/06 An Example of Multi-Role QFilterAn Example of Index Rules

12 F. Li 05/15/06 An Example of Indexed Multi-Role QFilter - Merging index rules into Multi-Role QFilter

13 F. Li 05/15/06 Why dragging security check out of DBMS and pushing it to the brokers? – Previous example re-visit

14 F. Li 05/15/06 Performance Metrics 1 - Memory Consumption Performance Metrics 2 – In-broker Query Response Time & Overall Query Response Time Performance Metrics 3 –Network Traffic - Save 87.5% (by analyzing)

15 F. Li 05/15/06 Privacy Preserving Mechanism –Possible privacy breaches: Privacy of the query location Privacy of the query content Privacy of the access control rule Privacy of the data location Privacy of the data content

16 F. Li 05/15/06 Information Brokerage System –New architecture

17 F. Li 05/15/06 Trust Relationship PrivacyUserBrokerCoordinatorData Server Query Location -Trust Hide Query Content -Hide Trust (Partially) Trust ACR Hide Trust (Partially) Trust (for double-checking) Data Location Hide (Partially) - Data Content With authorizationHide -

18 F. Li 05/15/06

Download ppt "F. Li 05/15/06 Security & Privacy Preserved Information Brokerage System Fengjun Li College of IST, Penn State University."

Similar presentations

Chapter 10: Designing Databases

Chapter 10: Designing Databases
HATHI TRUST A Shared Digital Repository Digital Repositories for Preservation and Access Digital Directions 2013 Jeremy York July 22, 2013 Unless otherwise.

HATHI TRUST A Shared Digital Repository Digital Repositories for Preservation and Access Digital Directions 2013 Jeremy York July 22, 2013 Unless otherwise.
Database Management System Module 3:. Complex Constraints In this we specify complex integrity constraints included in SQL. It relates to integrity constraints.

Database Management System Module 3:. Complex Constraints In this we specify complex integrity constraints included in SQL. It relates to integrity constraints.
Fine Grained Access Control in XML DataBase Systems Naveen Yajamanam April 27,2006.

Fine Grained Access Control in XML DataBase Systems Naveen Yajamanam April 27,2006.
Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.

Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.
Java Security: From HotJava to Netscape & Beyond Drew Dean, Edward W. Felten, Dan S. Wallach Department of Computer Science, Princeton University May,

Java Security: From HotJava to Netscape & Beyond Drew Dean, Edward W. Felten, Dan S. Wallach Department of Computer Science, Princeton University May,
Achieving Better Privacy Protection in WSNs Using Trusted Computing Yanjiang YANG, Robert DENG, Jianying ZHOU, Ying QIU.

Achieving Better Privacy Protection in WSNs Using Trusted Computing Yanjiang YANG, Robert DENG, Jianying ZHOU, Ying QIU.
WAWC’05 Enhancing Mobile Peer-To-Peer Environment with Neighborhood Information Arto Hämäläinen -

WAWC’05 Enhancing Mobile Peer-To-Peer Environment with Neighborhood Information Arto Hämäläinen -
Peer-to-Peer Networks as a Distribution and Publishing Model Jorn De Boever (june 14, 2007)

Peer-to-Peer Networks as a Distribution and Publishing Model Jorn De Boever (june 14, 2007)
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Information System Security Engineering and Management Risk Analysis and System Security Engineering Homework (#2, #3) Dr. William Hery

Information System Security Engineering and Management Risk Analysis and System Security Engineering Homework (#2, #3) Dr. William Hery
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
Finite Automata Finite-state machine with no output. FA consists of States, Transitions between states FA is a 5-tuple Example! A string x is recognized.

Finite Automata Finite-state machine with no output. FA consists of States, Transitions between states FA is a 5-tuple Example! A string x is recognized.
Fundamentals, Design, and Implementation, 9/e Chapter 11 Managing Databases with SQL Server 2000.

Fundamentals, Design, and Implementation, 9/e Chapter 11 Managing Databases with SQL Server 2000.
1 Overview CUTE (Columbia University Telecommunication service Editor) GUI-based service creation tool to help inexperienced users to create services Service.

1 Overview CUTE (Columbia University Telecommunication service Editor) GUI-based service creation tool to help inexperienced users to create services Service.
Distributed DBMSPage 5. 1 © 1998 M. Tamer Özsu & Patrick Valduriez Outline Introduction Background Distributed DBMS Architecture  Distributed Database.

Distributed DBMSPage 5. 1 © 1998 M. Tamer Özsu & Patrick Valduriez Outline Introduction Background Distributed DBMS Architecture  Distributed Database.
Concepts of Database Management Sixth Edition

Concepts of Database Management Sixth Edition
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.
Client-server database systems and ODBC l Client-server architecture and components l More on reliability and security l ODBC standard.

Client-server database systems and ODBC l Client-server architecture and components l More on reliability and security l ODBC standard.
Modeling & Designing the Database

Modeling & Designing the Database

Similar presentations

Ads by Google