ABSTRACT
Geospatial data play a key role in a wide spectrum of critical data management applications, such as disaster and emergency management, environmental monitoring, land and city planning, and military operations, often requiring the coordination among diverse organizations, their data repositories, and users with different responsibilities. Although a variety of models and techniques are available to manage, access and share geospatial data, very little attention has been paid to addressing security concerns, such as access control, security and privacy policies, and the development of secure and in particular interoperable GIS applications. The objective of this paper is to discuss the technical challenges raised by the unique requirements of secure geospatial data management and to suggest a comprehensive framework for security and privacy for geospatial data and GIS. Such a framework is the first coherent architectural approach to the problem of security and privacy for geospatial data.
- GeoXACML Implementation Specification, http://www.opengeospatial.org/standards/geoxacml.Google Scholar
- Open GIS Consortium Interoperability Demonstration Focuses on Emergency Response Situations, http://xml.coverpages.org/ogc-wsinterop.html.Google Scholar
- The Open Geospatial Consortium (OGC). http://www.opengeospatial.org.Google Scholar
- XML Signature Syntax and Processing, W3C Recommendation, June 2008. http://www.w3.org/TR/xmldsig-core/, 2008.Google Scholar
- Geospatial Interoperability Reference Model (GIRM, V 1.1). http://gai.fgdc.gov/, 2003.Google Scholar
- GML3.1 ISO/TC 211/WG 4/PT 19136 Geographic information, Geography Markup Language (GML), Committee Draft. http://portal.opengeospatial.org/files/?artifact_id=4700, 2004.Google Scholar
- OGC Critical Infrastructure Protection Initiative (CIPI), http://ip.opengis.org/cipi/, 2006.Google Scholar
- Global Earth Observation System of Systems (GEOSS). http://www.epa.gov/geoss/, 2006.Google Scholar
- OpenGIS Geography Language (GML) Encoding Specification, version 3.1.1, http://www.opengeospatial.org/standards/gml, 2007.Google Scholar
- M. Abedin, S. Nessa, L. Khan, and B. M. Thuraisingham. Detection and resolution of anomalies in firewall policy rules. In 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec), 2006. Google ScholarDigital Library
- A. Alam, G. Subbiah, and B. Thuraisingham. Reasoning with semantics-aware access control policies for geospatial Web services. In ACM Workshop on Secure Web Services (SWS), George Mason University, Fairfax VA, USA, 2006. Google ScholarDigital Library
- A. Alam and B. Thuraisingham. Geography resource description framework (GRDF) and secure GRDF (S-GRDF). Technical report, The University of Texas at Dallas, 2006.Google Scholar
- V. Atluri and S. A. Chun. An authorization model for geospatial data. IEEE Transactions on Dependable and Secure Computing, 1(4):238--254, 2004. Google ScholarDigital Library
- V. Atluri and P. Mazzoleni. Uniform indexing for geospatial data and authorizations. In Research Directions in Data and Applications Security, IFIP WG 11.3 Sixteenth International Conference on Data and Applications Security, 2002.Google Scholar
- J. C. Baker, B. E. Lachman, D. R. Frelinger, K. M. O'Connell, and A. Hou. Mapping the risks: Assessing the homeland security implications of publicly available geospatial information. Technical Report, RAND National Defense Research Institute, 2004.Google Scholar
- A. Belussi, E. Bertino, B. Catania, M. L. Damiani, and A. Nucita. An authorization model for geographical maps. In 12th ACM International Workshop on Geographic Information Systems, (ACM-GIS), 2004. Google ScholarDigital Library
- A. Belussi, B. Catania, and E. Bertino. A reference framework for integrating multiple representations of geographical maps. In Proceedings of the Eleventh ACM International Symposium on Advances in Geographic Information Systems (ACM GIS), 2003. Google ScholarDigital Library
- F. L. Ber and A. Napoli. Design and comparison of lattices of topological relations for spatial representation and reasoning. Journal of Experimental & Theoretical Artificial Intelligence, 15(3):331--371, 2003.Google ScholarCross Ref
- E. Bertino, P. A. Bonatti, and E. Ferrari. Trbac: A temporal role-based access control model. ACM Transactions on Information and System Security, 4(3):191--233, 2001. Google ScholarDigital Library
- E. Bertino, B. Catania, E. Ferrari, and P. Perlasca. A logical framework for reasoning about access control models. ACM Transactions on Information and System Security, 6(1):71--127, 2003. Google ScholarDigital Library
- E. Bertino, M. L. Damiani, and D. Momini. An access control system for a web map management service. In 14th International Workshop on Research Issues in Data Engineering (RIDE-WS-ECEG 2004), Web Services for E-Commerce and E-Government Applications, 2004. Google ScholarDigital Library
- E. Bertino and E. Ferrari. Secure and selective dissemination of xml documents. ACM Transactions on Information and System Security, 5(3):290--331, 2002. Google ScholarDigital Library
- E. Bertino, S. Jajodia, and P. Samarati. A Flexible authorization mechanism for relational database systems. ACM Transactions on Information Systems, 17(2):101--140, 1999. Google ScholarDigital Library
- E. Bertino and R. S. Sandhu. Database security-concepts, approaches, and challenges. IEEE Transactions on Dependable and Secure Computing, 2(1):2--19, 2005. Google ScholarDigital Library
- R. Bhatti, A. Ghafoor, E. Bertino, and J. Joshi. X-GTRBAC: an XML-based policy specification framework and architecture for enterprise-wide access control. ACM Transactions on Information and System Security, 8(2):187--227, 2005. Google ScholarDigital Library
- S. A. Chun and V. Atluri. Protecting privacy from continuous high-resolution satellite surveillance. In Data and Application Security, Development and Directions, IFIP TC11/WG11.3 Fourteenth Annual Working Conference on Database Security, 2000. Google ScholarDigital Library
- M. J. Covington, W. Long, S. Srinivasan, M. A. Anind K. Dey, and G. D. Abowd. Securing context-aware applications using environment roles. In 6th ACM Symposium on Access Control Models and Technologies, 2001. Google ScholarDigital Library
- M. Damiani, E. Bertino, B. Catania, and P. Perlasca. Geo-RBAC: a spatially-aware RBAC. ACM Transactions on Information and System Security, 10(1):2, 2007. Google ScholarDigital Library
- P. Devanbu, M. Gertz, A. Kwong, C. Martel, and S. Stubblebine. Flexible authentication of XML documents. Journal of Computer Security, 12(6):841--864, 2004. Google ScholarDigital Library
- P. Devanbu, M. Gertz, C. Martel, and S. Stubblebine. Authentic data publication over the Internet. Journal of Computer Security, 11(3):291--314, 2003. Google ScholarDigital Library
- J. Dobson. Is GIS a privacy threat? GIS World, 1198.Google Scholar
- A. Entchev. GIS and privacy. Directions Magazine, 2005.Google Scholar
- ESRI. OpenGIS Interoperability Add-ons for ArcGIS, http://www.esri.com/software/standards/ogc-download.html, 2005.Google Scholar
- M. Gertz, Q. Hart, C. Rueda, S. Singhal, and J. Zhang. A data and query model for streaming geospatial image data. In 11th International Workshop on Foundations of Models and Languages for Data and Objects (Query Languages and Query Processing - QLQP), Revised Selected Papers. LNCS 4254, Springer, 687--699. 2006. Google ScholarDigital Library
- M. Gertz, A. Kwong, C. Martel, G. Nuckolls, P. Devanbu, and S. Stubblebine. Databases that tell the truth: Authentic data publication. Bulletin of the Technical Committee on Data Engineering, 7(1):21--41, 2004.Google Scholar
- M. Gertz and S. Jajodia (Editors). The Handbook of Database Security: Applications and Trends. Springer, 2007. Google ScholarDigital Library
- M. Gertz and A. M. Rosenthal. Database Security. In Bidgoli, H. (editor) Handbook of Information Security, Threats, Vulnerabilities, Prevention, Detection and Management, pages 380--395, Wiley. 2006.Google Scholar
- F. Hansen and V. A. Oleshchuk. Spatial role-based access control model for wireless networks. In IEEE Vehicular Technology Conference VTC2003-Fall, 2003.Google ScholarCross Ref
- S. Jajodia, P. Samarati, M. L. Sapino, and V. S. Subrahmanian. Flexible support for multiple access control policies. ACM Transactions on Database Systems, 26(2):214--260, 2001. Google ScholarDigital Library
- J. R. Jensen. Introductory Digital Image Processing. Third Edition, Prentice Hall, 2004. Google ScholarDigital Library
- J. Joshi, E. Bertino, U. Latif, and A. Ghafoor. A generalized temporal role-based access control model. IEEE Transactions on Knowledge Data Eng, 17(1):4--23, 2005. Google ScholarDigital Library
- M. Koch, L. V. Mancini, and F. Parisi-Presicce. On the specification and evolution of access control policies. In 6th ACM Symposium on Access Control Models and Technologies (SACMAT 2001), 2001. Google ScholarDigital Library
- R. Lake, D. S. Burggraf, M. Trninic, and L. Rae. Geography Markup Language-Foundation for the Geo-Web. Wiley, 2004. Google ScholarDigital Library
- M. Lorch, S. Proctor, R. Lepro, D. Kafura, and S. Shah. Access control: First experiences using XACML for access control in distributed systems. In ACM workshop on XML security, 2003. Google ScholarDigital Library
- P. M. Mather. Computer Processing of Remotely-Sensed Images. Wiley, 2004. Google ScholarDigital Library
- A. Matheus. Declaration and enforcement of fine-grained access restrictions for a service-based geospatial data infrastructure. In 10th ACM Symposium on Access Control Models and Technologies (SACMAT 2005), 2005. Google ScholarDigital Library
- P. Mazzoleni, E. Bertino, and B. Crispo. XACML policy integration algorithms: not to be confused with XACML policy combination algorithms! In SACMAT, 2006. Google ScholarDigital Library
- FGDC. Guidelines for providing appropriate access to geospatial data in response to security concerns. http://www.fgdc.gov/policyandplanning/Access_Guidelines.pdf, June 2005.Google Scholar
- FGDC. National Spatial Data Infrastructure (NSDI). http://www.fgdc.gov/nsdi/nsdi.html.Google Scholar
- H. J. Onsrud, J. P. Johnson, and X. Lopez. Protecting personal privacy in using geographic information systems. Photogrammetic Engineering and Image Processing, 60(9):1083--1095, 1994.Google Scholar
- D. Papadias, M. J. Egenhofer, and J. Sharma. Hierarchical reasoning about direction relations. In Proceedings of the 4th ACM international workshop on Advances in geographic information systems, 1996. Google ScholarDigital Library
- P. Rigaux, M. Scholl, and A. Voisard. Spatial Databases: With Application to GIS. Morgan Kaufmann, 2002. Google ScholarDigital Library
- P. Samarati and S. D. C. di Vimercati. Foundations of Security Analysis and Design, Tutorial Lectures (FOSAD 2000), chapter Access Control: Policies, Models, and Mechanisms, pages 137--196. LNCS 2171, Springer, 2001. Google ScholarDigital Library
- H. Samet. Applications of Spatial Data Structures: Computer Graphics, Image Processing and GIS. Addison-Wesley, 1989. Google ScholarDigital Library
- R. S. Sandhu, V. Bhamidipati, and Q. Munawer. The ARBAC97 model for role-based administration of roles. ACM Transactions on Information and System Security, 2(1):105--135, 1999. Google ScholarDigital Library
- R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-based access control models. IEEE Computer, 29(2):38--47, 1996. Google ScholarDigital Library
- B. Thuraisingham. Database and Applications Security, Integrating Data Management and Applications Security. CRC Press/Auerbach, 2005.Google ScholarCross Ref
- B. Thuraisingham and W. Ford. Security constraint processing in a multilevel secure distributed database system. IEEE Transactions on Knowledge and Data Engineering, 7(2):274--293, 1995. Google ScholarDigital Library
- C. D. Tomlin. Geographic Information Systems and Cartographic Modeling. Prentice-Hall, 1990.Google Scholar
- Y. Wang and J. Vassileva. Bayesian network trust model in peer-to-peer networks. In Second International Workshop on Agents and Peer-to-Peer Computing (AP2PC 2003), 2003. Google ScholarDigital Library
- M. Winslett, N. Ching, V. E. Jones, and I. Slepchin. Using digital credentials on the world wide web. Journal of Computer Security, 5(3):255--266, 1997. Google ScholarDigital Library
- T. Wright. Geographic information systems. Ontario Offce of Information and Privacy Commissioner, 1997.Google Scholar
- Y. Yang, S. Papadopoulos, D. Papadias, and G. Kollios. Spatial outsourcing for location-based services. In Proceedings of the 24th International Conference on Data Engineering, ICDE 2008, 1082--1091, 2008. Google ScholarDigital Library
Index Terms
- Security and privacy for geospatial data: concepts and research directions
Recommendations
A Comparative Study on Various Aspects of Security of Geospatial Data
CSNT '14: Proceedings of the 2014 Fourth International Conference on Communication Systems and Network TechnologiesGeographical Information System contains geospatial data which is data about the surface of earth. It is highly sensitive and high precision data. Nowadays GIS systems are widely spreading in government organizations, municipalities, military affairs, ...
Internet of Things security
The Internet of things (IoT) has recently become an important research topic because it integrates various sensors and objects to communicate directly with one another without human intervention. The requirements for the large-scale deployment of the ...
A Need-Finding Study with Users of Geospatial Data
CHI '23: Proceedings of the 2023 CHI Conference on Human Factors in Computing SystemsGeospatial data is playing an increasingly critical role in the work of Earth and climate scientists, social scientists, and data journalists exploring spatiotemporal change in our environment and societies. However, existing software and programming ...
Comments