Unified Index for Mobile Object Data and Authorizations

Often, enforcing security incurs overhead, and as a result may degrade the performance of a system. In this paper, we attempt to address this problem in the context of enforcing access control policies in a mobile data object environment. There are a number of applications that call for fine-grained specification of security policies in guaranteeing the confidentiality of data or privacy of individuals in a mobile environment. In particular, the security policies state the rules for providing controlled access to the mobile user profiles, to their current location and movement trajectories, to mobile resources, and stationary resources based on the mobile user location. Either a subject or an object in an authorization specification can be a moving object. The access requests in such an environment can typically be based on past, present and future status of the moving objects. To effectively serve such access requests, one must efficiently organize the mobile objects as well as authorizations. Although implementation of authorizations as access control list, capability list or access matrix is suitable for traditional data, it is not suitable to search mobile object authorizations as they are based on spatial and temporal attributes of subjects and objects, rather than subject and object identifiers. When a subject issues an access request, the system must first retrieve the relevant objects from the moving object database, and then verify whether there exists an authorization that allows the subject to access these objects. Since both the moving objects and authorizations are spatiotemporal in nature, for efficient processing of access requests, it is essential that they both be organized using some index structures. As a result, processing an access request requires searching two indexes – one, the moving object index, and the other, the authorization index. To improve the response time of access requests, in this paper, we propose a unified index structure, called STPR-tree to index both moving objects and authorizations that govern access to them. As a result of the unified index, access requests can be processed in one pass, thereby improving the response time. Note that current access control systems do not use any index for authorizations; our work is a step in this direction. We show how the STPR-tree can be constructed and maintained, and provide algorithms to process access requests.

[1]  Bo Xu,et al.  Moving objects databases: issues and solutions , 1998, Proceedings. Tenth International Conference on Scientific and Statistical Database Management (Cat. No.98TB100243).

[2]  Scott Shenker,et al.  Geographic routing without location information , 2003, MobiCom '03.

[3]  Dieter Pfoser Indexing the Trajectories of Moving Objects , 2002 .

[4]  Hung-Yi Lin Indexing the Trajectories of Moving Objects , .

[5]  Leonidas J. Guibas,et al.  A practical evaluation of kinetic data structures , 1997, SCG '97.

[6]  Vijayalakshmi Atluri,et al.  Uniform Indexing for Geospatial Data and Authorizations , 2002, DBSec.

[7]  Vijayalakshmi Atluri,et al.  STAR-Tree: An Index Structure for Efficient Evaluation of Spatiotemporal Authorizations , 2004, DBSec.

[8]  Vijayalakshmi Atluri,et al.  An authorization model for geospatial data , 2004, IEEE Transactions on Dependable and Secure Computing.

[9]  Cristina Ribeiro,et al.  Query operations for moving objects database systems , 2000, GIS '00.

[10]  Frank Stajano,et al.  Mix zones: user privacy in location-aware services , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[11]  Leonard J. Seligman,et al.  Bulletin of the Technical Committee on Data Engineering September 2002 , 2002 .

[12]  Hans-Peter Kriegel,et al.  The R*-tree: an efficient and robust access method for points and rectangles , 1990, SIGMOD '90.

[13]  Vijayalakshmi Atluri,et al.  Towards a Unified Index Scheme for Mobile Data and Customer Profiles in a Location-Based Service Environment , 2003 .

[14]  Pankaj K. Agarwal,et al.  Indexing moving points (extended abstract) , 2000, PODS '00.

[15]  Dimitrios Gunopulos,et al.  On indexing mobile objects , 1999, PODS '99.

[16]  Venkataraman Ramesh,et al.  Understanding usability in mobile commerce , 2003, CACM.

[17]  Vijayalakshmi Atluri,et al.  Preserving mobile customer privacy: an access control system for moving objects and customer profiles , 2005, MDM '05.

[18]  Jeffrey Scott Vitter,et al.  On two-dimensional indexability and optimal range search indexing , 1999, PODS '99.

[19]  Özgür Ulusoy,et al.  A Quadtree-Based Dynamic Attribute Indexing Method , 1998, Comput. J..

[20]  A. Prasad Sistla,et al.  Modeling and querying moving objects , 1997, Proceedings 13th International Conference on Data Engineering.

[21]  S JensenChristian,et al.  Indexing the past, present, and anticipated future positions of moving objects , 2006 .

[22]  David J. Scott,et al.  Spatial Security Policies for Mobile Agents in a Sentient Computing Environment , 2003, FASE.

[23]  Christian S. Jensen,et al.  Indexing the positions of continuously moving objects , 2000, SIGMOD '00.

[24]  SeegerBernhard,et al.  The R*-tree: an efficient and robust access method for points and rectangles , 1990 .

[25]  Dimitrios Gunopulos,et al.  Architecture and Implementation of an XQuery-based Information Integration Platform. , 2002 .

[26]  Dimitrios Gunopulos,et al.  Indexing mobile objects on the plane , 2002, Proceedings. 13th International Workshop on Database and Expert Systems Applications.

[27]  Hanan Samet,et al.  Approximating CSG trees of moving objects , 1990, The Visual Computer.

[28]  Christian S. Jensen,et al.  Indexing the past, present, and anticipated future positions of moving objects , 2006, TODS.

[29]  Dieter Pfoser,et al.  Novel Approaches in Query Processing for Moving Object Trajectories , 2000, VLDB 2000.

[30]  Timo Ojala,et al.  Bluetooth and WAP push based location-aware mobile advertising system , 2004, MobiSys '04.