Results 1 - 10
of
25
SkyQuery: A Web Service Approach to Federate Databases
- In Proc. CIDR
, 2003
"... Traditional science searched for new objects and phenomena that led to discoveries. Tomorrow's science will combine together the large pool of information in scientific archives and make discoveries. Scientists are currently keen to federate together the existing scientific databases. The major ..."
Abstract
-
Cited by 36 (7 self)
- Add to MetaCart
(Show Context)
Traditional science searched for new objects and phenomena that led to discoveries. Tomorrow's science will combine together the large pool of information in scientific archives and make discoveries. Scientists are currently keen to federate together the existing scientific databases. The major challenge in building a federation of these autonomous and heterogeneous databases is system integration. Ineffective integration will result in defunct federations and under utilized scientific data. Astronomy, in particular, has many autonomous archives spread over the Internet. It is now seeking to federate these, with minimal effort, into a Virtual Observatory that will solve complex distributed computing tasks such as answering federated spatial join queries. In this paper, we present SkyQuery, a successful prototype of an evolving federation of astronomy archives. It interoperates using the emerging Web services standard. We describe the SkyQuery architecture and show how it efficiently evaluates a probabilistic federated spatial join query. 1.
X-GTRBAC Admin: A Decentralized Administration Model for Enterprise Wide Access Control
- In Proceedings of the Ninth ACM Symposium on Access Control Models And Technologies
, 2004
"... The modern enterprise spans several functional units or administrative domains with diverse authorization requirements. Access control policies in an enterprise environment typically express these requirements as authorization constraints. While desirable for access control, constraints can lead to ..."
Abstract
-
Cited by 24 (10 self)
- Add to MetaCart
The modern enterprise spans several functional units or administrative domains with diverse authorization requirements. Access control policies in an enterprise environment typically express these requirements as authorization constraints. While desirable for access control, constraints can lead to conflicts in the overall policy in a multidomain environment. The administration problem for enterprise-wide access control, therefore, not only includes authorization management for users and resources within a single domain but also conflict resolution among heterogeneous access control policies of multiple domains to allow secure interoperation within the enterprise. This work presents design and implementation of X-GTRBAC Admin, an administration model that aims at enabling administration of role-based access control (RBAC) policies in the presence of constraints with support for conflict resolution in a multidomain environment. A key feature of the model is that it allows decentralization of policy administration tasks through the abstraction of administrative domains, which not only simplifies authorization management, but is also fundamental to the concept of decentralized conflict resolution presented. The paper also illustrates the applicability of the outlined administrative concepts in a realistic enterprise environment using an implementation prototype that facilitates policy administration in large enterprises.
Secure collaboration in mediator-free environments
- In Proceedings of the 12th ACM Conference on Computer and Communication Security
, 2005
"... The internet and related technologies have made multidomain collaborations a reality. Collaboration enables domains to effectively share resources; however it introduces several security and privacy challenges. Managing security in the absence of a central mediator is even more challenging. In this ..."
Abstract
-
Cited by 14 (1 self)
- Add to MetaCart
(Show Context)
The internet and related technologies have made multidomain collaborations a reality. Collaboration enables domains to effectively share resources; however it introduces several security and privacy challenges. Managing security in the absence of a central mediator is even more challenging. In this paper, we propose a distributed secure interoperability framework for mediator-free collaboration environments. We introduce the idea of secure access paths which enables domains to make localized access control decisions without having global view of the collaboration. We also present a path authentication technique for proving path authenticity. Furthermore, we present both a proactive and on-demand path discovery algorithms that enable domains to securely discover paths in the collaboration environment.
Privacy-preserving semantic interoperation and access control of heterogeneous databases
- IN: PROC. ACM CONF. ON COMPUTER AND COMMUNICATIONS SECURITY
, 2006
"... Today, many applications require users from one organization to access data belonging to organizations. While traditional solutions offered for the federated and mediated databases facilitate this by sharing metadata, this may not be acceptable for certain organizations due to privacy concerns. In t ..."
Abstract
-
Cited by 12 (0 self)
- Add to MetaCart
(Show Context)
Today, many applications require users from one organization to access data belonging to organizations. While traditional solutions offered for the federated and mediated databases facilitate this by sharing metadata, this may not be acceptable for certain organizations due to privacy concerns. In this paper, we propose a novel solution – Privacy-preserving Access Control Toolkit (PACT) – that enables privacy-preserving secure semantic access control and allows sharing of data among heterogeneous databases without having to share metadata. PACT uses encrypted ontologies, encrypted ontology-mapping tables and conversion functions, encrypted role hierarchies and encrypted queries. The encrypted results of queries are sent directly from the responding system to the requesting system, bypassing the mediator to further improve the security of the system. PACT provides semantic access control using ontologies and semantically expanded authorization tables at the mediator. One of the distinguishing features of the PACT is that it requires very little changes to underlying databases. Despite using encrypted queries and encrypted mediation, we demonstrate that PACT provides acceptable performance.
An RBAC framework for time constrained secure interoperation in multi-domain environments
- In Proceedings of 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems(WORDS’05
, 2005
"... In emerging e-commerce applications, time constrained information sharing between different systems is becoming a common phenomenon. A flexible and efficient mechanism is needed to support short term time-based sharing policies between transient partners. In particular, the interacting domains need ..."
Abstract
-
Cited by 7 (0 self)
- Add to MetaCart
(Show Context)
In emerging e-commerce applications, time constrained information sharing between different systems is becoming a common phenomenon. A flexible and efficient mechanism is needed to support short term time-based sharing policies between transient partners. In particular, the interacting domains need to establish a time-based inter-domain access policy without violating the original time-based security policies of the individual systems. In this paper, we address this issue using the Generalized Temporal Role Based Access Control (GTRBAC) framework. The proposed mechanism involves a system processing an inter-domain access requirement specification to extend or restructure its local GTRBAC policy with proper temporal constraints to allow its external partner domain to access its resources. The transformed local GTRBAC policy facilitates the inter-domain accesses while still conforming to the original local policy requirements. 1.
Privacy-preserving schema matching using mutual information
- of Lecture Notes in Computer Science
"... The problem of schema or ontology matching is to define mappings among schema or ontology elements. Such mappings are typically defined between two schemas or two ontologies at a time. Ideally, using the defined mappings, one would be able to issue a single query that will be rewritten automatically ..."
Abstract
-
Cited by 3 (3 self)
- Add to MetaCart
(Show Context)
The problem of schema or ontology matching is to define mappings among schema or ontology elements. Such mappings are typically defined between two schemas or two ontologies at a time. Ideally, using the defined mappings, one would be able to issue a single query that will be rewritten automatically to all the databases, instead of manually writing a query to each database. In a centrally mediated architecture a query is written in terms of a global schema or ontology that integrates all the database schemas or ontologies, while in a peer-to-peer architecture a query is written in terms of the schema or of the ontology of any of the peer databases. Automatic schema matching approaches can use only the schema, only the instances, or a combination of both. Mappings can take into account not only concept properties (e.g., string similarity), but also constraints (e.g., relationship cardinality) and schema structure (e.g., graph similarity) [9]. Security and privacy issues arise in the context of data integration. For example, previous work looks into secure access to mediated data [2, 4]. Other work has defined the concept of minimal necessary information sharing that applies to querying: in computing
A Model for Secure Multimedia Document Database System in a Distributed Environment
- IEEE Transaction on Multimedia
, 2002
"... The Internet provides a universal platform for largescale distribution of information and supports inter-organizational services, system integration, and collaboration. Use of multimedia documents for dissemination and sharing of massive amounts of information is becoming a common practice for Inter ..."
Abstract
-
Cited by 2 (0 self)
- Add to MetaCart
(Show Context)
The Internet provides a universal platform for largescale distribution of information and supports inter-organizational services, system integration, and collaboration. Use of multimedia documents for dissemination and sharing of massive amounts of information is becoming a common practice for Internet-based applications and enterprises. With the rapid proliferation of multimedia data management technologies over the Internet, there is growing concern about security and privacy of information. Composing multimedia documents in a distributed heterogeneous environment involves integrating media objects from multiple security domains that may employ different access control policies for media objects. In this paper, we present a security model for distributed document management system that allows creation, storage, indexing, and presentation of secure multimedia documents. The model is based on a time augmented Petri-net and provides a flexible, multilevel access control mechanism that allows clearance-based access to different levels of information in a document. In addition, the model provides detailed multimedia synchronization requirements including deterministic and nondeterministic temporal relations and incomplete timing information among media objects.
Mediating between Strangers: A Trust Management Based Approach
- In 2nd Annual PKI Research Workshop
, 2003
"... Data sources in i-mediation, following property-based security policies, aim at supporting a wide range of potential clients, which are in general unknown in advance and may belong to heterogeneous and autonomous security domains. This raises the challenge how remote and autonomous entities can ..."
Abstract
-
Cited by 1 (1 self)
- Add to MetaCart
(Show Context)
Data sources in i-mediation, following property-based security policies, aim at supporting a wide range of potential clients, which are in general unknown in advance and may belong to heterogeneous and autonomous security domains. This raises the challenge how remote and autonomous entities can agree on a common understanding of certified properties, and other issues related to these properties (e.g. encoding formats). This paper proposes solutions that are based on secure i-mediation and a hybrid PKI model, which unifies X.509 and SPKI. We present a mediation functionality, called f-mediation. Secure f -mediation assists entities in finding partners for i-mediation and providing them with appropriate certificates and credentials. Thereby, among others, f -mediation deals with delegation and conversion of free properties into capability-like bound properties.
Security Architecture of the Multimedia Mediator
- Proceedings of the 14th Annual IFIP WG 11.3 Working Conference on Database Security, Schoorl
, 2001
"... Mediation is a powerful paradigm for advanced interoperable information systems. The Multimedia Mediator has been designed and implemented as a widely applicable component which can be instantiated for a specific application. This paper presents the architecture of its security module which enforces ..."
Abstract
-
Cited by 1 (1 self)
- Add to MetaCart
Mediation is a powerful paradigm for advanced interoperable information systems. The Multimedia Mediator has been designed and implemented as a widely applicable component which can be instantiated for a specific application. This paper presents the architecture of its security module which enforces a previously reported approach to secure mediation. In this approach, a user submits cryptographically signed credentials containing both personal authorization attributes and his public encryption key, and data sources decide on the query access on the basis of shown personal authorization attributes and return encrypted answers. The security module uniformly represents the query access authorizations of the sources, controls the intermediate usage of credentials, assists users in submitting appropriate credentials, selects and forwards credentials for subqueries, and exploits credentials for query optimization. The architecture features a layered structure co-existing with the functional layers, enrichments of embeddings (for application objects into proxy objects of source items) with authorization data, a knowledge base for authorizations with credentials as grantees, and qualication and inference procedures for credentials.
