An Authorization System for Temporal Data - Semantic Scholar
Recommend Documents
partment of Management Science and Information Systems, Piscataway, .... ject does not have permission to any individual salary since the mapping (i.e.,.
Hence, we introduce a multiversion data model based on XML schema and define ... For example, the âValid Webâ approach [8] is an XML/XSL infrastructure de-.
Certificate Based Authorization Simulation System. Jie Dai and Jim Alves-Foss. Center for Secure and Dependable Software. University of Idaho. {jiedai ...
an operating system such as machine, user and file ... The mechanism exists in operating systems, ... solve Trojan Horse problem and manage authorization.
Department of Computer and Information Science, Brooklyn College, Brooklyn, NY. Exploring temporal information in narrative. Electronic Medical Records ...
can be specified using a rule of the form: ãu, employees, salary < 30kã, pro-. vided that the database contains a class employee with an attribute salary). By contrast, due to the nature of ...... (http://www.dsi.unimi.it/rapporti.php). 5. E. Gud
The provision of security services is a key enabler in cloud computing architectures. ... Our proposal is based on the Common Information Model (CIM) and ...
the same subregion are hosted by the same server. Com- pared to random partitioning, ordered partitioning con- siderably benefits range scans, as querying all servers in the cluster ...... roDFS works in a best effort manner. .... Each region is assi
May 29, 2015 - For example, Apple's iPhone is tightly integrated with its cloud storage service iCloud, Android phones with Google Drive, and Windows phones with. OneDrive. .... AR2: Bob is allowed to view the business plan from AD2;.
(IJACSA) International Journal of Advanced Computer Science and Applications,. Vol. ... Compared with existing access control mechanisms, the proposed.
Science, Helsinki University of Technology (Espoo, Finland) on Friday, 19th of. March ... concrete secure software architecture for distributed software agents.
Software bug repositories, Multi agent system, Fetching online bug repositories, Parsing ... So data mining can not be applied directly to these online software repositories ... MAS can be used in scenarios where the bigger task can be divided ...
School of Electrical and Electronic Engineering, Nanyang Technological ..... To explore the dynamic characteristics of power segments, third-order auto regression ... segregated into 'training' set and 'validation' set â the former used to train ..
Hai H. Dam, Hussein A. Abbass, Chris Lokan. School of Info. Tech. and Electr. Eng. Univ. College, Univ. of New South Wales. ADFA, Canberra ACT 2600.
a Deutsche Bank Global Technologies, Cary, NC, USA b Arizona ...... We call a strategy that cannot always derive ..... Center for Digital Identity and Cyber Defense Research, and Labo- ... University of North Carolina at Charlotte, Charlotte.
move), one should note that there is a class of applications where ... number of related auxiliary data types, such as pure spatial or temporal types, ..... branches, offices, plants, or stores of a company; coal mines, oil wells, being used for some
DAC that promises to combine the best features of both models. ... in a large enterprise application deployed to thousands of users over the last four years.
Keywords---Wind sensor (speed, direction), Temperature sensor (Ambient, module), Campbell Scientific data logger CR3000, PC 400s 1.5 Data logger software,.
Feb 3, 2003 - instrumentation of a virtual machine, or the use of a customized ..... We have selected an Automated Teller Machine (ATM) simulation (the ...
May 13, 2014 - for Secure Semantic Data Repositories' and the work presented in it are my own. I confirm ... schema with a single storage layer that stores all statements. ... ence policy engine framework that employs authorization control to ...
Spatio-temporal data mining is an emerging research area dedicated to the ... association rules, namely, to define features of a propositional classifier or to ...
miles aircraft. 0..1. â fixed on . . serial no type miles engine. 2..4 . . serial no landings tyre class:((aircraft type)) attribute:((aircraft type,model)) attribute:((aircraft ...
and summary of large amounts of raw data. We suggest the application of temporal data mining mainly to time intervals of temporally abstracted data, instead of ...
Level 3 of PDDL2.1 introduces a model of durative actions which includes local conditions and effects to be satisfied at different times during the execution of the ...
An Authorization System for Temporal Data - Semantic Scholar
110 Frelinghuysen Road Piscataway, NJ 08854-8019 [email protected]. Abstract. We present a system, called Temporal Data Authoriza- tion Model (TDAM) ...
An Authorization System for Temporal Data Avigdor Gal Technion — Israel Institute of Technology Faculty of Industiral Engineering & Management Technion City, Haifa 32000, Israel and Rutgers University Department of Management Science & Information Systems 94 Rockafeller Road, Piscataway, NJ 08854-8054 [email protected] Vijayalakshmi Atluri Rutgers University Department of Management Science & Information Systems 180 University Avenue, Newark, NJ 07102 [email protected] Gang Xu Rutgers University Division of Computer & Information Sciences 110 Frelinghuysen Road Piscataway, NJ 08854-8019 [email protected]
Abstract We present a system, called Temporal Data Authorization Model (TDAM), for managing authorizations for temporal data. TDAM is capable of expressing access control policies based on the temporal characteristics of data. TDAM extends existing authorization models to allow the specifications of temporal constraints on data, based on data validity, data capture time, and replication time, using either absolute or relative time references. The ability to specify access control based on such temporal aspects were not supported before. The formulae are evaluated with respect to various temporal assignments to ensure the correctness of access control.
1 Introduction Temporal datum is a data value associated with information such as the time at which data has been captured and the time interval during which a data value is valid. Given
a specific data model, temporal data can be collected into versions of objects, distinguished from one another on the basis of their temporal specifications. The use of temporal data has become widespread in recent years, within applications such as data warehouses (e.g., daily sales and seasonal catalogs), spatiotemporal databases, and electronic commerce (with applications in finance and digital libraries). For example, a digital library should be able to enforce access control based on the time at which a document has been “checked-out,” (referred to as replication time) to allow flexible digital library policies for restricting access to a digital book after the expiry of the temporal-based authorization. In this demo, we present a system, implementing aspects of TDAM (Temporal Data Authorization Model) [1], for managing authorizations for temporal data. TDAM is capable of expressing access control policies based on the temporal characteristics of data. TDAM extends existing authorization models to allow the specifications of temporal constraints on data, based on data validity, data capture time, and replication time, using either absolute or relative time references. We introduce language, which allows
Figure 1. Demo architecture TDAM to express security policies such as “a subject is allowed to read financial data 15 minutes after it has been captured,” “only managers are allowed to read prospective product plans,” and “a digital book can be read for 21 days from time of download.” The ability to specify access control based on such temporal aspects were not supported before. The formulae are evaluated with respect to various temporal assignments to ensure the correctness of access control.
Figure 1 provides a three-tier model, consisting of a client, a communication server, and a database server. The communication between the client and the server is based on Java Servlet Technology. All in all, we have built 31 classes, grouped into 7 packages. The core of the system lies at the database server, which implements the temporal authorization model. In short, it appends users ACL to each query request and puts it into its WHERE clause. Standard JDBC-ODBC bridge is used to isolate the database from external SQL operations. In order to achieve high-performance, a pool of connections are built into the server. Furthermore, the server will remember each established http session and when the user comes back with another request, the server will reuse the open connection. We use as an example scenario the financial information, as provided to the readers of a fictitious journal, the E-WS Journal. The demo has three types of subjects, namely publisher, subscriber, and user. The publisher is the sysadmin of the site, and therefore can insert new articles and set authorizations. A publisher is allowed to add news items
through this screen. For the purpose of the demo, we have also added a utility that generates random “news items” and publishes them authomatically. All authorizations in the system are of the form (pg; o; m; sign; ), where pg is a privileged group (e.g., publisher, subscriber, and user), o is an object (e.g., news article), m is a privilege mode (e.g., read), sign 2 f+; g indicating access or denial, and is a well-formed formula, which is our novel addition. In this demo instance, we have assumed three privileged groups, one type of object (news article), and one privilege mode (read). In this instance, a subscriber is allowed to see all news items that are more than three minutes old. In the T DAM language, such an authorization is stated using = tr > ts + 3, where tr stands for a request time and ts stands for the valid time starting time point. A user is allowed to see 25 minutes delayed information only . In the T DAM language, such an authorization is stated as = tr > ts + 25. Throughout the demo, we shall demonstrate the capabilities of the system in changing the user temporal authorizations.
Acknowledgment The system is supported by ITECC: Information Technologies and Electronic Commerce Clinic at the Rutgers School of Business.
References [1] V. Atluri and A. Gal. An authorization model for temporal and derived data: Securing information portals. ACM Transactions on Information and System Security (TISSEC), 5(1), 2002. to appear.
