Multilevel secure data stream processing: Architecture and implementation

The proliferation of sensors and mobile devices and their connectedness to the network have given rise to numerous types of situation monitoring applications. Data Stream Management Systems DSMSs have been proposed to address the data processing needs of such applications that require collection of high-speed data, computing results on-the-fly, and taking actions in real-time. Although a lot of work appears in the area of DSMS, not much has been done in multilevel secure MLS DSMS making the technology unsuitable for highly sensitive applications, such as battlefield monitoring. An MLS--DSMS should ensure the absence of illegal information flow in a DSMS and more importantly provide the performance needed to handle continuous queries. We illustrate why the traditional DSMSs cannot be used for processing multilevel secure continuous queries and discuss various DSMS architectures for processing such queries. We implement one such architecture and demonstrate how it processes continuous queries. In order to provide better quality of service and memory usage in a DSMS, we show how continuous queries submitted by various users can be shared. We provide experimental evaluations to demonstrate the performance benefits achieved through query sharing.

[1]  Jaime G. Carbonell,et al.  Predicate Indexing for Incremental Multi-Query Optimization , 2008, ISMIS.

[2]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[3]  Stanley B. Zdonik,et al.  Window-aware load shedding for aggregation queries over data streams , 2006, VLDB.

[4]  Sushil Jajodia,et al.  Multilevel Secure Transaction Processing: Status and Prospects , 1996, DBSec.

[5]  Sharma Chakravarthy,et al.  Stream Data Processing: A Quality of Service Perspective - Modeling, Scheduling, Load Shedding, and Complex Event Processing , 2009, Advances in Database Systems.

[6]  Michael Stonebraker,et al.  Operator Scheduling in a Data Stream Manager , 2003, VLDB.

[7]  Elisa Bertino,et al.  StreamShield: a stream-centric approach towards security and privacy in data stream environments , 2009, SIGMOD Conference.

[8]  Sharma Chakravarthy,et al.  The Anatomy of a Stream Processing System , 2006, BNCOD.

[9]  Indrakshi Ray,et al.  Multilevel Secure Data Stream Processing , 2011, DBSec.

[10]  Timos K. Sellis,et al.  Multiple-query optimization , 1988, TODS.

[11]  Jennifer Widom,et al.  Models and issues in data stream systems , 2002, PODS.

[12]  Ying Xing,et al.  Scalable Distributed Stream Processing , 2003, CIDR.

[13]  Gultekin Özsoyoglu,et al.  Temporal and Real-Time Databases: A Survey , 1995, IEEE Trans. Knowl. Data Eng..

[14]  Joseph M. Hellerstein,et al.  Eddies: continuously adaptive query processing , 2000, SIGMOD '00.

[15]  Margaret H. Dunham,et al.  Common Subexpression Processing in Multiple-Query Processing , 1998, IEEE Trans. Knowl. Data Eng..

[16]  Jeffrey F. Naughton,et al.  Rate-based query optimization for streaming information sources , 2002, SIGMOD '02.

[17]  Michael Stonebraker,et al.  Load Shedding in a Data Stream Manager , 2003, VLDB.

[18]  Sharma Chakravarthy,et al.  Scheduling Strategies for Processing Continuous Queries over Streams , 2004, BNCOD.

[19]  Jayant R. Haritsa,et al.  Secure Concurrency Control in Firm Real-Time Database Systems , 2004, Distributed and Parallel Databases.

[20]  Michael Stonebraker,et al.  Retrospective on Aurora , 2004, The VLDB Journal.

[21]  Ying Xing,et al.  The Design of the Borealis Stream Processing Engine , 2005, CIDR.

[22]  Elisa Bertino,et al.  A Security Punctuation Framework for Enforcing Access Control on Streaming Data , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[23]  Sheldon J. Finkelstein Common expression analysis in database applications , 1982, SIGMOD '82.

[24]  Jennifer Widom,et al.  The CQL continuous query language: semantic foundations and query execution , 2006, The VLDB Journal.

[25]  Raman Adaikkalavan,et al.  Secure shared continuous query processing , 2011, SAC '11.

[26]  Silvana Castano,et al.  Database Security , 1997, IFIP Advances in Information and Communication Technology.

[27]  Michael Stonebraker,et al.  Monitoring Streams - A New Class of Data Management Applications , 2002, VLDB.

[28]  Abhinandan Das,et al.  Approximate join processing over data streams , 2003, SIGMOD '03.

[29]  Jörg Meier,et al.  Securing the Borealis Data Stream Engine , 2006, 2006 10th International Database Engineering and Applications Symposium (IDEAS'06).

[30]  Rajeev Motwani,et al.  Load shedding for aggregation queries over data streams , 2004, Proceedings. 20th International Conference on Data Engineering.

[31]  Rasikan David,et al.  Design and analysis of a secure two-phase locking protocol , 1994, Proceedings Eighteenth Annual International Computer Software and Applications Conference (COMPSAC 94).

[32]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[33]  Rajeev Motwani,et al.  Operator scheduling in data stream systems , 2004, VLDB 2004.

[34]  Kian-Lee Tan,et al.  Enforcing access control over data streams , 2007, SACMAT '07.

[35]  Kian-Lee Tan,et al.  ACStream: Enforcing Access Control over Data Streams , 2009, 2009 IEEE 25th International Conference on Data Engineering.

[36]  Rajeev Motwani,et al.  Chain: operator scheduling for memory minimization in data stream systems , 2003, SIGMOD '03.

[37]  Sharma Chakravarthy,et al.  Scheduling Strategies and Their Evaluation in a Data Stream Management System , 2006, BNCOD.

[38]  Sharma Chakravarthy,et al.  Load Shedding in MavStream: Analysis, Implementation, and Evaluation , 2008, BNCOD.