Multilevel secure data stream management system
Date
2013
Authors
Xie, Xing, author
Ray, Indrakshi, advisor
Ray, Indrajit, committee member
France, Robert, committee member
Turk, Daniel, committee member
Journal Title
Journal ISSN
Volume Title
Abstract
With the advent of mobile and sensor devices, situation monitoring applications are now feasible. The data processing system should be able to collect large amount data with high input rate, compute results on-the-fly and take actions in real-time. Data Stream Management Systems (DSMSs) have been proposed to address those needs. In DSMS the infinite input data is divided by arriving timestamps and buffered in input windows; and queries are processed against the finite data in a fixed size window. The output results are updated by timestamps continuously. However, data streams at various sensitivity levels are often generated in monitoring applications which should be processed without security breaches. Therefore current DSMSs cannot prevent illegal information flow when processing inputs and queries from different levels. We have developed multilevel secure (MLS) stream processing systems that operate input data with security levels. We've accomplished four tasks include: (1) providing formalization of a model and language for representing secure continuous queries, (2) investigating centralized and distributed architectures able to handle MLS continuous queries, and designing authentication models, query rewriting and optimization mechanisms, and scheduling strategies to ensure that queries are processed in a secure and timelymanner, (3) developing sharing approaches between queries to improve quality of service. Besides we've implemented extensible prototypes with experiments to compare performance between different process strategies and architectures, (4) and proposing an information flow control model adapted from the Chinese Wall policy that can be used to protect against sensitive data disclosure, as an extension of multilevel secure DSMS for stream audit applications.
Description
Rights Access
Subject
distributed MLS
trusted MLS
replicated MLS
multilevel security