Security and Digital Libraries

Security is an important issue in digital library design. Security weaknesses in digital libraries, coupled with attacks or other types of failures, can lead to confidential information being inappropriately accessed, or loss of integrity of the data stored. These in turn can have a damaging effect on the trust of publishers or other content providers, can cause embarrassment or even economic loss to digital library owners, and can even lead to pain and suffering or other serious problems if urgently needed information is unavailable (Tyrvainen, 2005). There are many security requirements to consider because of the variety of different actors working with a digital library. Each of these actors has different security needs (Chowdhury & Chowdhury, 2003). Thus, a digital library content provider might be concerned with protecting intellectual property rights and the terms of use of content, while a digital library user might be concerned with reliable access to content stored in the digital library. Requirements based on these needs sometimes are in conflict, which can make the security architecture of a digital library even more complex. The design of the security architecture of a digital library must go beyond simply adding one or a few modules to a previously designed system. This is because there may be security holes in pre-existing modules, and because difficulties can arise when attempting to integrate the modules. The security architecture of a digital library must be designed so that security concerns are handled holistically. A security system designer must view the whole architecture and consider all of the applicable security factors when designing a secure digital library. The nature of a security attack may differ according to the architecture of the digital library; a distributed digital library has more security weaknesses than a centralized digital library. Security attacks can be categorized as physical attacks and logical attacks (Stallings, 2006). A physical attack involves hardware security where keys, locks, cards, and visitor monitoring is used. A logical attack involves an attack on the content or digital library system. We focus on the logical attacks and software security of digital libraries.

[1]  Elisa Bertino,et al.  An authorization system for digital libraries , 2002, The VLDB Journal.

[2]  Edward A. Fox,et al.  "What is a good digital library?" - A quality model for digital libraries , 2007, Inf. Process. Manag..

[3]  Gobinda G. Chowdhury,et al.  Introduction to Digital Libraries , 2002 .

[4]  Henry M. Gladney Safeguarding Digital Library Contents and Users , 2009 .

[5]  Seng-Phil Hong,et al.  Access control in collaborative systems , 2005, CSUR.

[6]  Pasi Tyrväinen Concepts and a Design for Fair Use and Privacy in DRM , 2005, D Lib Mag..

[7]  Edward A. Fox,et al.  Streams, structures, spaces, scenarios, societies (5s): A formal model for digital libraries , 2004, TOIS.

[8]  Edward A. Fox,et al.  Towards a digital library theory: a formal digital library ontology , 2008, International Journal on Digital Libraries.

[9]  Robert J. Kauffman,et al.  Proceedings of the ninth international conference on Electronic commerce , 2003, ICEC 2007.

[10]  Edward A. Fox,et al.  A Functionality Perspective on Digital Library Interoperability , 2010, ECDL.

[11]  Matthias Schmid,et al.  Comparing the usage of digital rights management systems in the music, film, and print industry , 2003, ICEC '03.

[12]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[13]  Henry M. Gladney,et al.  Access control for large collections , 1997, TOIS.

[14]  S. V. Nagaraj Access control in distributed object systems: problems with access control lists , 2001, Proceedings Tenth IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises. WET ICE 2001.

[15]  Elisa Bertino,et al.  A Content-Based Authorization Model for Digital Libraries , 2002, IEEE Trans. Knowl. Data Eng..

[16]  Jeffrey B. Lotspiech,et al.  Security for the digital library-protecting documents rather than channels , 1998, Proceedings Ninth International Workshop on Database and Expert Systems Applications (Cat. No.98EX130).

[17]  Marianne Winslett,et al.  Authorization in the digital library: secure access to services across enterprise boundaries , 1996, Proceedings of the Third Forum on Research and Technology Advances in Digital Libraries,.

[18]  Sushil Jajodia,et al.  Exploring steganography: Seeing the unseen , 1998 .

[19]  M.Y. Javed,et al.  A Performance Comparison of Data Encryption Algorithms , 2005, 2005 International Conference on Information and Communication Technologies.

[20]  Jeffrey B. Lotspiech,et al.  Safeguarding Digital Library Contents and Users: Digital Watermarking , 1997, D Lib Mag..

[21]  Jean Bacon,et al.  Access control and trust in the use of widely distributed services , 2003, Softw. Pract. Exp..

[22]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[23]  William Stallings,et al.  Cryptography and network security , 1998 .

[24]  Marianne Winslett,et al.  Assuring security and privacy for digital library transactions on the Web: client and server security policies , 1997, Proceedings of ADL '97 Forum on Research and Technology. Advances in Digital Libraries.