Secure shared continuous query processing

Data stream management systems (DSMSs) are being used in diverse application domains (e.g., stock trading), however, the need for processing data securely is becoming critical to several stream applications (e.g., patient monitoring). In this paper, we introduce a novel three stage (preprocessing, query processing, and postprocessing) framework to enforce access control in DSMSs. As opposed to existing systems, our framework allows continuous queries to be shared when they have same or different privileges, does not modify the query plans, introduces no new security operators, and checks a tuple only once irrespective of the number of active continuous queries. In addition, it does not affect the DSMS quality of service improvement mechanisms as query plans are not modified. We discuss the prototype implementation using the MavStream Data Stream Management System. Finally, we discuss experimental evaluations to demonstrate the low overhead and feasibility of our approach.

[1]  Jennifer Widom,et al.  Models and issues in data stream systems , 2002, PODS.

[2]  Jennifer Widom,et al.  A Data Stream Management System for Network Traffic Management , 2001 .

[3]  Qingchun Jiang,et al.  MavEStream: Synergistic Integration of Stream and Event Processing , 2007, 2007 Second International Conference on Digital Telecommunications (ICDT'07).

[4]  Ying Xing,et al.  The Design of the Borealis Stream Processing Engine , 2005, CIDR.

[5]  Sharma Chakravarthy,et al.  The Anatomy of a Stream Processing System , 2006, BNCOD.

[6]  Elisa Bertino,et al.  StreamShield: a stream-centric approach towards security and privacy in data stream environments , 2009, SIGMOD Conference.

[7]  Jennifer Widom,et al.  Query Processing, Resource Management, and Approximation ina Data Stream Management System , 2002 .

[8]  Sharma Chakravarthy,et al.  NFM/sup i/: an inner-domain network fault management system , 2005, 21st International Conference on Data Engineering (ICDE'05).

[9]  Elisa Bertino,et al.  A Security Punctuation Framework for Enforcing Access Control on Streaming Data , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[10]  Jennifer Widom,et al.  The CQL continuous query language: semantic foundations and query execution , 2006, The VLDB Journal.

[11]  Michael Stonebraker,et al.  Monitoring Streams - A New Class of Data Management Applications , 2002, VLDB.

[12]  Jörg Meier,et al.  Securing the Borealis Data Stream Engine , 2006, 2006 10th International Database Engineering and Applications Symposium (IDEAS'06).

[13]  M. Gallaher,et al.  The Economic Impact of Role-Based Access Control , 2002 .

[14]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[15]  Sharma Chakravarthy,et al.  Stream Data Processing: A Quality of Service Perspective - Modeling, Scheduling, Load Shedding, and Complex Event Processing , 2009, Advances in Database Systems.

[16]  Kian-Lee Tan,et al.  Enforcing access control over data streams , 2007, SACMAT '07.

[17]  Sharma Chakravarthy,et al.  Data stream management system for MavHome , 2004, SAC '04.

[18]  Rajeev Motwani,et al.  Chain: operator scheduling for memory minimization in data stream systems , 2003, SIGMOD '03.

[19]  Hira Agrawal,et al.  Stream query processing for healthcare bio-sensor applications , 2004, Proceedings. 20th International Conference on Data Engineering.

[20]  Jennifer Widom,et al.  Continuous queries over data streams , 2001, SGMD.

[21]  Kian-Lee Tan,et al.  ACStream: Enforcing Access Control over Data Streams , 2009, 2009 IEEE 25th International Conference on Data Engineering.