Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Secure Dependable Stream Data Management Vana Kalogeraki (UC Riverside) Dimitrios Gunopulos (UC Riverside) Ravi Sandhu (UT San Antonio) Bhavani Thuraisingham (UT Dallas) May 2008 Outline Dependable Information Management - Integrating Real-time and Security Policies Secure Real-Time TMO - Apply RBAC and UCON models Stream Data/Information Management - Overview, Data Manager, Security Policy, Directions QoS-based Stream Execution Model Dependable Sensor Information Management Dependable sensor information management includes - secure sensor information management - fault tolerant sensor information - High integrity and high assurance computing - Real-time computing Conflicts between different features - Security, Integrity, Fault Tolerance, Real-time Processing - E.g., A process may miss real-time deadlines when access control checks are made - Trade-offs between real-time processing and security - Need flexible security policies; real-time processing may be critical during a mission while security may be critical during non-operational times Secure Dependable Information Management Example: Next Generation AWACS Navigation Data Analysis Programming Group (DAPG) Data Links Sensors Sensor Detections Multi-Sensor Tracks Technology Future App provided by Future App the project Data Mgmt. Data Xchg. MSI App Infrastructure Services Real-time Operating System Hardware Future App Display Processor & Refresh Channels Consoles (14) •Security being considered after the system has been designed and prototypes implemented •Challenge: Integrating real-time processing, security and fault tolerance Secure Dependable Information Management: Directions Challenge: How does a system ensure integrity, security, fault tolerant processing, and still meet timing constraints? Develop flexible security policies; when is it more important to ensure real-time processing and ensure security? Secure dependable models and architectures for the policies; Examine real-time algorithms – e.g., query and transaction processing Research for databases as well as for applications; what assumptions do we need to make about operating systems, networks and middleware? Developing dependable sensor objects RBAC (Sandhu et al) and ABAC (Network Centric Enterprise Services) RBAC - Access to information sources including structured and unstructured data both within the organization and external to the organization - Access based on roles - Hierarchy of roles: handling conflicts - Controlled dissemination and sharing of the data ABAC (Attribute based access control) - User presents credentials - Depending on the user credentials user is granted access - Suitable for open web environments UCON (Sandhu et al) RBAC model is incorporated into UCON and useful for various applications - Authorization component Obligations Obligations are actions required to be performed before an access is permitted - Obligations can be used to determine whether an expensive knowledge search is required Attribute Mutability - Used to control the scope of the knowledge search Condition - Can be used for resource usage policies to be relaxed or tightened - UCON (Sandhu et al)) TMO (Kane Kim et al) TMO model A TMO object ODSS ODSS2 EAC 1 AAC: Autonomous Activation Condition Service Request Queue Remote TMO Clients Object Data Store (ODS) AA C AA C SpM1 SpM2 Capability for accessing other TMOs and network environment including logical multicast channels and I/O devices Lock/Condition/CREW for Concurrent Access Time-triggered(TT) Spontaneous Methods(SpMs) Deadlines SvM1 SvM2 Concurrency Control Message-triggered(MT) Service Methods(SvMs) RT-RBAC (Jungin Kim and Thuraisingham) Access Control mechanisms - - Role Based Access Control (RBAC) model Users (TMO objects) are associated with roles Roles are associated with permissions (Write, Read, Execution, All) A user has permission only if the user has an authorized role which is associated with that permission Inadequate for distributed real-time system Server side centralized model Need constraints on temporal behaviors of spontaneous methods in TMO RT-UCON (Jungin Kim and Thuraisingham) Basic authorization components for access control in TMO • • • • Continuity: dynamic and seamless constraints Mutability: control the scope of access Conditions: control the amount of access, access time Obligations: pre-conditions for determining access decisions Adequate for distributed real-time system • Space and Time domain; Server and Client side control; Dynamic and Flexible Implemented access control through a separated object Checks access right, maintain access policies in the system • • • ODS: stores static and dynamic access policies SpM: controls access policies in ODS SvM: handles access decision requests Secure CAMIN (Jungin Kim and Thuraisingham) Mission: Defend target objects both in the sea and on the land from the hostile objects in the sky Access control checks policies and security levels Some malicious objects are added Secure Sensor/Stream Information Management Sensor network consists of a collection of autonomous and interconnected sensors that continuously sense and store information about some local phenomena - May be employed in battle fields, seismic zones, pavements Data streams emanate from sensors; for geospatial applications these data streams could contain continuous data of maps, images, etc. Data has to be fused and aggregated Continuous queries are posed, responses analyzed possibly in real- time, some streams discarded while rest may be stored Recent developments in sensor information management include sensor database systems, sensor data mining, distributed data management, layered architectures for sensor nets, storage methods, data fusion and aggregation Secure sensor data/information management has received very little attention; need a research agenda Secure Sensor/Stream Information Management: Data Manager Continuous Query Response Sensor Data Manager Input Data Update Processor Processes input data, Carries out action, Stores some data in stable storage, Throws away transient data; data Checks access control rules and constraints Query Processor Processes continuous queries and gives responses periodically;. periodically Checks access control rules and constraints Data to and from Stable Storage Stable Sensor Data Storage Transient Data Policy Specification and Enforcement: Elena Ferrari and Barbara Carminati et al Example: Aurora Stream Model develop by Stonebraker et al Model Operators - Filter: Select on streams based on predicates; results is a sequence of streams - Map: Project onto attributes by applying certain functions - Aggregate: Aggregate/fuse streams Secure Model Operators Secure Filter: Form of secure selection where access to resulting streams are controlled - Secure Map: Access to resulting attributes are controlled - Secure Aggregation: Access to resulting stream is controlled - Access to original streams are controlled but not to the results - Secure Sensor/Stream Information Management: Inference/Aggregation Control Inference Controller: Inferenceaggregation Controller Controls Controller Sensor Data Manager Security Manager: Manages Security Manager constraints Update Processor: Processes constraints Update Processor and enters sensor data at the appropriate levels Query Processor: Query Processor Processes constraints during query operation and prevent certain information from being retrieved Data to and from Stable Storage Stable Sensor Data Storage Secure Sensor/Stream Information Management: Security Policy Integration (MURI Project) AdditionalFederated security constraints for Privacy Controller Inference Control IntegratedFederated Policy forData the Management Sensor Network Export Engine Policy Generic Privacy Policy for A Controller Component Data System Policy for Sensor AgencyAA Export Engine Policy Export Engine Policy Generic Privacy Controller Policy for C Generic Privacy Controller Policy for B Component Data System Policy For Sensor for AgencyCC Component Data System Policy for Sensor AgencyBB Real-time Knowledge Discovery (RT-KDD) How does a data mining technique meet the timing constraint? - E.g., if an association rule mining algorithm has a 5 minutes constraint, then should it output as many rules as possible within 5 minutes - How does this affect the accuracy of the results? - Will there be an increase in false positives and negatives? Approximate data mining - Are there techniques analogous to techniques in approximate query processing - Are incomplete results better than no results What are the applications for RT-KDD - Give the results to the first responder/law enforcement official in 5 minutes so that he can take appropriate actions Secure RT-KDD? Secure Sensor/Stream Information Management: Directions Individual sensors may be compromised and attacked; need techniques for detecting, managing and recovering from such attacks Aggregated sensor data may be sensitive; need secure storage sites for aggregated data; variation of the inference and aggregation problem? Security has to be incorporated into sensor database management - Policies, models, architectures, queries, etc. Evaluate costs for incorporating security especially when the sensor data has to be fused, aggregated and perhaps mined in real-time Data may be emanating from sensors and other devices at multiple locations - Data may pertain to individuals (e.g. video information, images, surveillance information, etc.); Data may be mined to extract useful information; Need to maintain privacy Secure Stream based Execution Model: Integrate Kalogeraki stream model with UCON QoS based Infrastructure support for hosting stream based applications Component Discovery - Data summarization and dissemination to propagate components and resource information to the appropriate nodes - Bloom filter data structure based techniques QoS aware composition - For each application request the user specifies the data source, application graph (describing the application components and their invocations) and real-0time requirements Apply UCON model as the basis for security - Integrate concepts from RT-UCON with stream based policies Our approach: Specify security policies and prove that the resulting system is secure