180 likes | 314 Views
Security & Privacy Preserved Information Brokerage System. Fengjun Li fli@ist.psu.edu College of IST, Penn State University. Introduction. Privacy-preserved mechanism. 1. 2. 3. 4. 5. Conclusion and Q&A. Information Brokerage Systems. Security-preserved mechanism.
E N D
Security & Privacy Preserved Information Brokerage System Fengjun Li fli@ist.psu.edu College of IST, Penn State University F. Li 05/15/06
Introduction Privacy-preserved mechanism 1 2 3 4 5 Conclusion and Q&A Information Brokerage Systems Security-preserved mechanism F. Li 05/15/06
Universal Connectivity content/location discovery … … security & privacy risks poor usability F. Li 05/15/06
Information Brokerage System Security & privacy? Data sources connected with the help of brokers User send query to local broker that help route it to targeted data sources F. Li 05/15/06
Security Enforcement – from the perspective of performance • Access Control • Traditional AC enforcement and IBS architecture • Any other choice F. Li 05/15/06
Or further • If we could drag the AC out of DBMS … F. Li 05/15/06
Why dragging security check out of DBMS and pushing it to the brokers? • – A performance based reason F. Li 05/15/06
Preliminary • XML Access Control Model • Role-based Access Control • 5-tuple access control rules (ACR) • QFilter: enforcing AC via query written • Using Non-deterministic Finite Automata (NFA) to hold ACR • Query either rejected or accepted (w/o rewritten) F. Li 05/15/06
QFilter Example F. Li 05/15/06
Our Approach • Merge the QFilters of several roles to an integrated Multi-Role QFilter • A naïve approach – QFilter Array • Use the similar NFA-based mechanism to represent the routing information (called index rules) • Merge index rules into Multi-Role QFilter for further performance improvement F. Li 05/15/06
An Example of Multi-Role QFilter An Example of Index Rules F. Li 05/15/06
An Example of Indexed Multi-Role QFilter - Merging index rules into Multi-Role QFilter F. Li 05/15/06
Why dragging security check out of DBMS and pushing it to the brokers? • – Previous example re-visit F. Li 05/15/06
Performance Metrics 1 - Memory Consumption Performance Metrics 2 – In-broker Query Response Time & Overall Query Response Time • Performance Metrics 3 –Network Traffic • - Save 87.5% (by analyzing) F. Li 05/15/06
Privacy Preserving Mechanism • Possible privacy breaches: • Privacy of the query location • Privacy of the query content • Privacy of the access control rule • Privacy of the data location • Privacy of the data content F. Li 05/15/06
Information Brokerage System • New architecture F. Li 05/15/06
Trust Relationship F. Li 05/15/06