Presentation is loading. Please wait.

Presentation is loading. Please wait.

Aum Sai Ram Security for Stream Data Modified from slides created by Sujan Pakala.

Published byNathaniel Robertson Modified over 9 years ago

Similar presentations

Presentation on theme: "Aum Sai Ram Security for Stream Data Modified from slides created by Sujan Pakala."— Presentation transcript:

1 Aum Sai Ram Security for Stream Data Modified from slides created by Sujan Pakala

2 Relational Data Model  Set of unordered objects  Relatively static  Bounded data  Pull access – query

3 Data Streams stanfordstreamdatamanager 3  Continuous, unbounded, rapid, time-varying streams of data elements  Data driven – push access  Occur in a variety of modern applications  Network monitoring and traffic engineering  Sensor networks, RFID tags  Telecom call records  Financial applications  Web logs and click-streams  Manufacturing processes  DSMS  DSMS = Data Stream Management System

4 DBMS versus DSMS  Persistent relations  One-time queries  Random access  Access plan determined by query processor and physical DB design  Transient streams (and persistent relations)  Continuous queries  Sequential access  Unpredictable data characteristics and arrival patterns stanfordstreamdatamanager 4

5 DSMS Overview (simplified) stanfordstreamdatamanager 5 DSMS Scratch Store Input streams Register Query Streamed Result Stored Result Archive Stored Relations

6 Time stamp  Explicit source assigned  Implicit, arrival based  Out of order arrival  Part of data model?

7 Windows  Time-decay, fading of data  Window:  Direction of movement of end points  Size  Windows within windows  Update interval; continuous, jumping

8 Query processing over windows  Sliding windows  Reevaluated periodically with specific frequency  Sub-windows (time-based, tuple-based)  Window update

9 Security for Stream Data Examples Example 1: Protection against context-aware Spam/Adverts Example 2: Personal Health Monitor Data Example 3: Soldier/Transport-vehicle location and health What do we protect? CIA model + ?

10 (Traditional) Dimensions of Data Security Protection Authentication Authorization (and access control) Confidentiality, Integrity Availability Privacy Inference Security Physical Hardware Security Operating System Security Access Control (Policy) Let the right user perform the right action on the right data object (Mechanisms) Views, Procedures, Grant & Revoke, Query Modification.

11 AUM SAI RAM A SECURITY PUNCTUATION FRAMEWORK FOR ENFORCING ACCESS CONTROL ON STREAMING DATA Rimma V. Nehme, Elke A. Rundensteinerr, Elisa Bertino Copyright: the following slides include material from this publication

12 Security Punctuation Framework  Security Meta-Data interleaved with data tuples  SPs may be shared by multiple tuples with similar policies

13 SPF Overview

14  Stream Security punctuations (SPs) generated based on user (data providers') specs.  SPs interleaved with Stream Data.  Describe access control policy on upcoming portion of stream.  SP = a predicate = informs processor who has access when to which streaming data.  registered continuous queries inherit security restrictions of the requester.

15 SPF Overview  Stream data arrives to server  Engine examines policy stored in sps, checks if the queries conform to the policy  Discards data that no query has access to

16 SPF – Assumptions  Data providers and users querying the data use same access control model.  Used Role-based access control model throughout. (but since framework is general, other AC models could deploy sps.)  Data transmitted securely to streaming database.  DSMS used = CAPE (in House)

17 SPF – Claims  Proposed new AC enforcement mechanism suitable for streaming data  Investigated interaction with query processing  Investigated query optimization  Extended traditional query algebra to be security- aware  Presented a pipelined query execution model  Describe security-aware query optimization  SPF superior to alternate ACMs wrt processing and memory.

18 SPF – Components  Object - data entity (streams, tuples, tuple attributes).  Subject - entity requesting access, query specifiers.  Rights - set of privileges for subjects to hold and execute on an object. Stipulations:  Each Qspecifier belongs to "at least one" role.  Assignment cannot change while s/he is registered to receive results of any currently executing

19 SPF Overview

20

21 Security Punctuations Structure   Data Description part (DDP) = ACP on which objects  Security Restriction Part (SRP) = ACModel, authorized subjects. (RBAC and some roles)  Sign = + / - authorization  Immutable? = N/Y = can/not be combined with server-side policies.  Time stamp.

22

Download ppt "Aum Sai Ram Security for Stream Data Modified from slides created by Sujan Pakala."

Similar presentations

Chapter 10: Designing Databases

Chapter 10: Designing Databases
Operating System Security

Operating System Security
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
1 11. Streaming Data Management Chapter 18 Current Issues: Streaming Data and Cloud Computing The 3rd edition of the textbook.

1 11. Streaming Data Management Chapter 18 Current Issues: Streaming Data and Cloud Computing The 3rd edition of the textbook.
Maintaining Variance over Data Stream Windows Brian Babcock, Mayur Datar, Rajeev Motwani, Liadan O ’ Callaghan, Stanford University ACM Symp. on Principles.

Maintaining Variance over Data Stream Windows Brian Babcock, Mayur Datar, Rajeev Motwani, Liadan O ’ Callaghan, Stanford University ACM Symp. on Principles.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Data Streams & Continuous Queries The Stanford STREAM Project stanfordstreamdatamanager.

Data Streams & Continuous Queries The Stanford STREAM Project stanfordstreamdatamanager.
Database Management System

Database Management System
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
Introduction to Database Management  Department of Computer Science Northern Illinois University January 2001.

Introduction to Database Management  Department of Computer Science Northern Illinois University January 2001.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
1 Continuous Queries over Data Streams Vitaly Kroivets, Lyan Marina Presentation for The Seminar on Database and Internet The Hebrew University of Jerusalem,

1 Continuous Queries over Data Streams Vitaly Kroivets, Lyan Marina Presentation for The Seminar on Database and Internet The Hebrew University of Jerusalem,
--What is a Database--1 What is a database What is a Database.

--What is a Database--1 What is a database What is a Database.
Chapter 16-17 Physical Database Design Methodology Software & Hardware Mapping Logical Design to DBMS Physical Implementation Security Implementation Monitoring.

Chapter Physical Database Design Methodology Software & Hardware Mapping Logical Design to DBMS Physical Implementation Security Implementation Monitoring.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
1 Stream-based Data Management IS698 Min Song 2 Characteristics of Data Streams  Data Streams Data streams — continuous, ordered, changing, fast, huge.

1 Stream-based Data Management IS698 Min Song 2 Characteristics of Data Streams  Data Streams Data streams — continuous, ordered, changing, fast, huge.
Components and Architecture CS 543 – Data Warehousing.

Components and Architecture CS 543 – Data Warehousing.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
Building a Data Stream Management System Prof. Jennifer Widom Joint project with Prof. Rajeev Motwani and a team of graduate studentshttp://www-db.stanford.edu/stream.

Building a Data Stream Management System Prof. Jennifer Widom Joint project with Prof. Rajeev Motwani and a team of graduate studentshttp://www-db.stanford.edu/stream.
1 PODS 2002 Motivation. 2 PODS 2002 Data Streams data sets Traditional DBMS – data stored in finite, persistent data sets data streams New Applications.

1 PODS 2002 Motivation. 2 PODS 2002 Data Streams data sets Traditional DBMS – data stored in finite, persistent data sets data streams New Applications.

Similar presentations

Ads by Google