Aum Sai Ram

Security for

Stream Data

Modified from slides created by Sujan Pakala

Relational Data Model

Set of unordered objects Relatively static Bounded data Pull access – query

3

Data Streams

stanfordstreamdatamanager

Continuous, unbounded, rapid, time-varying streams of data elements

Data driven – push access Occur in a variety of modern applications

Network monitoring and traffic engineering Sensor networks, RFID tags Telecom call records Financial applications Web logs and click-streams Manufacturing processes

DSMS = Data Stream Management System

4

DBMS versus DSMS

Persistent relations

One-time queries

Random access

Access plan determined by query processor and physical DB design

Transient streams (and persistent relations)

Continuous queries

Sequential access

Unpredictable data characteristics and arrival patterns

stanfordstreamdatamanager

DSMS Overview (simplified)

stanfordstreamdatamanager5

DSMS

Scratch Store

Input streams

RegisterQuery

StreamedResult

StoredResult

Archive

StoredRelations

Time stamp

Explicit source assigned Implicit, arrival based

Out of order arrival Part of data model?

Windows

Time-decay, fading of data Window:

Direction of movement of end points Size Windows within windows Update interval; continuous, jumping

Query processing over windows Sliding windows

Reevaluated periodically with specific frequency

Sub-windows (time-based, tuple-based) Window update

Security for Stream Data Examples

Example 1: Protection against context-aware Spam/Adverts

Example 2: Personal Health Monitor Data

Example 3: Soldier/Transport-vehicle location and health

What do we protect?CIA model + ?

(Traditional) Dimensions of Data Security

Protection• Authentication• Authorization (and

access control)• Confidentiality, Integrity• Availability• Privacy• Inference Security• Physical Hardware

Security• Operating System

Security

Access Control• (Policy) Let the

right user perform the right action on the right data object

• (Mechanisms) Views , Procedures, Grant & Revoke, Query Modification.

AUM SAI RAM

A SECURITY PUNCTUATION FRAMEWORK FOR ENFORCING ACCESS CONTROL ON STREAMING DATA

Rimma V. Nehme, Elke A. Rundensteinerr, Elisa Bertino

Copyright: the following slides include material from this publication

Security Punctuation Framework

Security Meta-Data interleaved with data tuples

SPs may be shared by multiple tuples with similar policies

SPF Overview

SPF Overview

Stream Security punctuations (SPs) generated based on user (data providers') specs.

SPs interleaved with Stream Data. Describe access control policy on upcoming

portion of stream. SP = a predicate = informs processor who

has access when to which streaming data. registered continuous queries inherit security

restrictions of the requester.

SPF Overview

Stream data arrives to server Engine examines policy stored in sps,

checks if the queries conform to the policy

Discards data that no query has access to

SPF – Assumptions

Data providers and users querying the data use same access control model.

Used Role-based access control model throughout. (but since framework is general, other AC models could deploy sps.)

Data transmitted securely to streaming database.

DSMS used = CAPE (in House)

SPF – Claims

Proposed new AC enforcement mechanism suitable for streaming data

Investigated interaction with query processing Investigated query optimization Extended traditional query algebra to be

security-aware Presented a pipelined query execution model Describe security-aware query optimization SPF superior to alternate ACMs wrt processing

and memory.

SPF – Components

Object - data entity (streams, tuples, tuple attributes).

Subject - entity requesting access, query specifiers. Rights - set of privileges for subjects to hold and

execute on an object.

Stipulations: Each Qspecifier belongs to "at least one" role. Assignment cannot change while s/he is registered

to receive results of any currently executing

SPF Overview

Security Punctuations

Structure < DDP | SRP | Sign | Immutable | ts > Data Description part (DDP) = ACP on which

objects Security Restriction Part (SRP) = ACModel,

authorized subjects. (RBAC and some roles) Sign = + / - authorization Immutable? = N/Y = can/not be combined

with server-side policies. Time stamp.