StreamShield Project

StreamShield Project

Goal

The goal of our research in the StreamShield project is to investigate security and privacy constraints on both data and queries in the context of data stream management systems (DSMS). Unlike in traditional DBMSs where access control policies are persistently stored on the server and tend to remain stable, in streaming applications the contexts and with them the access control policies on the real-time data may rapidly change. We propose a novel "stream-centric" approach, where security restrictions are not persistently stored on the server, but rather streamed together with the data. The data provider access control policies are expressed via security constraints called "data security punctuations" (or short, dsps). Server-side policies are specified by administrators in the form of "continuous policy queries" which emit query security constraints called "query security punctuations" (or short, qsps). The advantages of our model include flexibility, dynamicity and speed of enforcement as both data and query security punctuations are embedded inside data streams. Administrators can specify complex context-aware authorization policy queries. At run-time, continuous policy queries are evaluated, authorizations are produced and the engine can enforce any context-aware policy automatically. Moreover, DSMSs can adapt to not only data-related but also security-related selectivities, which helps reduce the waste of resources, when few subjects have access to data.

Our Architecture

People

Rimma V. Nehme (Purdue)
Hyo-Sang Lim (Purdue)
Elisa Bertino (Purdue)
Elke A. Rundensteiner (WPI)

Publications

Conference and Workshop Publications:

Rimma V. Nehme, Elke A. Rundensteiner and Elisa Bertino. "Security Punctuation Framework for Enforcing Access Control on Streaming Data", IEEE International Conference on Data Engineering, (ICDE), Cancun, Mexico, April 2008. (.pdf) (.ppt) (DBclip)

Technical Reports:

Rimma V. Nehme, Elke A. Rundensteiner, Elisa Bertino. "Security and Privacy in Data Stream Management Systems". CERIAS TR 2006-29, Purdue University, West Lafayette, IN, September 2006 (.pdf)

Posters:

Rimma V. Nehme, Elke A. Rundensteiner, Elisa Bertino. "Exploiting Security Punctuations to Enforce Security and Preserve Privacy in Data Stream Management Systems". The 7th Annual CERIAS Information Security Symposium, Purdue University, West Lafayette, IN, March 2006 (.pdf)

Rimma V. Nehme, Hyo-Sang Lim, Elisa Bertino. "Continuous Security Policy Enforcement in Streaming Environments". The 9th Annual CERIAS Information Security Symposium, Purdue University, West Lafayette, IN, March 2008 (.pdf)