In-broker access control: A new access control deployment strategy towards optimal end-to-end performance of information brokerage systems
نویسندگان
چکیده
An XML brokerage system is a distributed XML database system that comprises of data sources and brokers which, respectively, hold XML documents and document distribution information. Databases can be queried through brokers with no schema-relevant or geographical difference being noticed. However, all existing information brokerage systems view or handle query brokering and access control as two orthogonal issues: query brokering is a system issue that concerns costs and performance, while access control is a security issue that concerns information confidentiality. As a result, access control deployment strategies (in terms of where and when to do access control) and the impact of such strategies on end-to-end system performance are (in general) neglected by existing information brokerage systems; and data source side access control deployment is taken-for-granted as the “right” thing to do. In this paper, we challenge this traditional, taken-for-granted access control deployment methodology, and we show that query brokering and access control are not two orthogonal issues because access control deployment strategies can have significant impact on the “whole” system’s end-to-end performance. We propose the first in-broker access control deployment strategy where access control is “pushed” from the boundary of an information brokerage system into the “heart” of the system. We design and evaluate the fist in-broker access control scheme for information brokerage systems. Our experimental results indicate that information brokerage system builders should treat access control as a system issue as well.
منابع مشابه
On Effective Protection of Security and Privacy in XML Information Brokering
In contrast with the situations when the information seeker knows where the needed data is located, XML Information Brokering System (IBS) needs to help each information seeking query ”locate” the corresponding data source(s). Unlike early information sharing approaches that only involve a small number of databases, new information sharing applications are often assumed to be built atop a large...
متن کاملAccess control in ultra-large-scale systems using a data-centric middleware
The primary characteristic of an Ultra-Large-Scale (ULS) system is ultra-large size on any related dimension. A ULS system is generally considered as a system-of-systems with heterogeneous nodes and autonomous domains. As the size of a system-of-systems grows, and interoperability demand between sub-systems is increased, achieving more scalable and dynamic access control system becomes an im...
متن کاملAccess and Mobility Policy Control at the Network Edge
The fifth generation (5G) system architecture is defined as service-based and the core network functions are described as sets of services accessible through application programming interfaces (API). One of the components of 5G is Multi-access Edge Computing (MEC) which provides the open access to radio network functions through API. Using the mobile edge API third party analytics applications ...
متن کاملEditorial of Special Issue on Information Assurance
Information assurance is one of the most pressing challenges to various systems of business today, ranging from traditional distributed systems and networks to newly proliferated applications like P2P systems, sensor networks and ubiquitous computing systems. Attackers can access, tamper and delete valuable information by exploiting vulnerabilities of operating systems, protocols, database syst...
متن کاملDistributed Capability-based Access Control for the Internet of Things
The evolution of the Internet towards the Internet of Things is being deployed in emerging cyberphysical systems such as access control solutions, alert networks, building automation, and the extension of all these systems into Smarter Cities. This extension and proliferation of the technology in our lives is also presenting security challenges, since the unexpected leaks of information, and il...
متن کامل