Towards a Secure Data Stream Management System

Todays data stream management systems (DSMSs) lack security functionality. Based on adversary scenarios we show how a DSMS architecture can be protected. We sketch a general DSMS architecture and introduce security issues that need to be considered. To face the threats we develop an extended system architecture that provides the necessary security mechanisms. We descuss the chosen concepts and illustrate how they can be realized by various system components. Our design focus is, considering the unique properties of data stream engines, to keep the impact on existing system components as little as possible and to limit the effect on the overall performance to a minimum.

[1]  Frederick Reiss,et al.  TelegraphCQ: Continuous Dataflow Processing for an Uncertain World , 2003, CIDR.

[2]  Silvana Castano,et al.  Database Security , 1997, IFIP Advances in Information and Communication Technology.

[3]  Michael Stonebraker,et al.  High-availability algorithms for distributed stream processing , 2005, 21st International Conference on Data Engineering (ICDE'05).

[4]  David K. Hsiao,et al.  Privacy and Security of Data Communications and Data Bases , 1978, VLDB.

[5]  Jennifer Widom,et al.  STREAM: The Stanford Stream Data Manager , 2003, IEEE Data Eng. Bull..

[6]  Johannes Gehrke,et al.  Database management systems (3. ed.) , 2003 .

[7]  Qiang Chen,et al.  Aurora : a new model and architecture for data stream management ) , 2006 .

[8]  Daniel J. Abadi,et al.  An Integration Framework for Sensor Networks and Data Stream Management Systems , 2004, VLDB.

[9]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[10]  Ying Xing,et al.  The Design of the Borealis Stream Processing Engine , 2005, CIDR.

[11]  Bernhard Seeger,et al.  PIPES: a public infrastructure for processing and exploring streams , 2004, SIGMOD '04.

[12]  R. Sandhu,et al.  Access control: principles and practice , 1994, IEEE Commun. Mag..

[13]  Michael Stonebraker,et al.  Contract-Based Load Management in Federated Distributed Systems , 2004, NSDI.

[14]  Ying Xing,et al.  Scalable Distributed Stream Processing , 2003, CIDR.

[15]  Stephen T. Kent,et al.  Security Mechanisms in High-Level Network Protocols , 1983, CSUR.

[16]  Michael Stonebraker,et al.  The Aurora and Medusa Projects , 2003, IEEE Data Eng. Bull..

[17]  Elisa Bertino,et al.  TRBAC: a temporal role-based access control model , 2000, RBAC '00.