research-article

Security and privacy for geospatial data: concepts and research directions

Authors:
Elisa Bertino

Purdue University

Purdue University
View Profile

,
Bhavani Thuraisingham

University of Texas at Dallas

University of Texas at Dallas
View Profile

,
Michael Gertz

University of Heidelberg, Germany

University of Heidelberg, Germany
View Profile

,
Maria Luisa Damiani

Università degli Studi di Milano, Italy

Università degli Studi di Milano, Italy
View Profile

SPRINGL '08: Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBSNovember 2008Pages 6–19https://doi.org/10.1145/1503402.1503406

Published:04 November 2008Publication History

SPRINGL '08: Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS

Pages 6–19

ABSTRACT

Geospatial data play a key role in a wide spectrum of critical data management applications, such as disaster and emergency management, environmental monitoring, land and city planning, and military operations, often requiring the coordination among diverse organizations, their data repositories, and users with different responsibilities. Although a variety of models and techniques are available to manage, access and share geospatial data, very little attention has been paid to addressing security concerns, such as access control, security and privacy policies, and the development of secure and in particular interoperable GIS applications. The objective of this paper is to discuss the technical challenges raised by the unique requirements of secure geospatial data management and to suggest a comprehensive framework for security and privacy for geospatial data and GIS. Such a framework is the first coherent architectural approach to the problem of security and privacy for geospatial data.

References

GeoXACML Implementation Specification, http://www.opengeospatial.org/standards/geoxacml.Google Scholar
Open GIS Consortium Interoperability Demonstration Focuses on Emergency Response Situations, http://xml.coverpages.org/ogc-wsinterop.html.Google Scholar
The Open Geospatial Consortium (OGC). http://www.opengeospatial.org.Google Scholar
XML Signature Syntax and Processing, W3C Recommendation, June 2008. http://www.w3.org/TR/xmldsig-core/, 2008.Google Scholar
Geospatial Interoperability Reference Model (GIRM, V 1.1). http://gai.fgdc.gov/, 2003.Google Scholar
GML3.1 ISO/TC 211/WG 4/PT 19136 Geographic information, Geography Markup Language (GML), Committee Draft. http://portal.opengeospatial.org/files/?artifact_id=4700, 2004.Google Scholar
OGC Critical Infrastructure Protection Initiative (CIPI), http://ip.opengis.org/cipi/, 2006.Google Scholar
Global Earth Observation System of Systems (GEOSS). http://www.epa.gov/geoss/, 2006.Google Scholar
OpenGIS Geography Language (GML) Encoding Specification, version 3.1.1, http://www.opengeospatial.org/standards/gml, 2007.Google Scholar
M. Abedin, S. Nessa, L. Khan, and B. M. Thuraisingham. Detection and resolution of anomalies in firewall policy rules. In 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec), 2006. Google ScholarDigital Library
A. Alam, G. Subbiah, and B. Thuraisingham. Reasoning with semantics-aware access control policies for geospatial Web services. In ACM Workshop on Secure Web Services (SWS), George Mason University, Fairfax VA, USA, 2006. Google ScholarDigital Library
A. Alam and B. Thuraisingham. Geography resource description framework (GRDF) and secure GRDF (S-GRDF). Technical report, The University of Texas at Dallas, 2006.Google Scholar
V. Atluri and S. A. Chun. An authorization model for geospatial data. IEEE Transactions on Dependable and Secure Computing, 1(4):238--254, 2004. Google ScholarDigital Library
V. Atluri and P. Mazzoleni. Uniform indexing for geospatial data and authorizations. In Research Directions in Data and Applications Security, IFIP WG 11.3 Sixteenth International Conference on Data and Applications Security, 2002.Google Scholar
J. C. Baker, B. E. Lachman, D. R. Frelinger, K. M. O'Connell, and A. Hou. Mapping the risks: Assessing the homeland security implications of publicly available geospatial information. Technical Report, RAND National Defense Research Institute, 2004.Google Scholar
A. Belussi, E. Bertino, B. Catania, M. L. Damiani, and A. Nucita. An authorization model for geographical maps. In 12th ACM International Workshop on Geographic Information Systems, (ACM-GIS), 2004. Google ScholarDigital Library
A. Belussi, B. Catania, and E. Bertino. A reference framework for integrating multiple representations of geographical maps. In Proceedings of the Eleventh ACM International Symposium on Advances in Geographic Information Systems (ACM GIS), 2003. Google ScholarDigital Library
F. L. Ber and A. Napoli. Design and comparison of lattices of topological relations for spatial representation and reasoning. Journal of Experimental & Theoretical Artificial Intelligence, 15(3):331--371, 2003.Google ScholarCross Ref
E. Bertino, P. A. Bonatti, and E. Ferrari. Trbac: A temporal role-based access control model. ACM Transactions on Information and System Security, 4(3):191--233, 2001. Google ScholarDigital Library
E. Bertino, B. Catania, E. Ferrari, and P. Perlasca. A logical framework for reasoning about access control models. ACM Transactions on Information and System Security, 6(1):71--127, 2003. Google ScholarDigital Library
E. Bertino, M. L. Damiani, and D. Momini. An access control system for a web map management service. In 14th International Workshop on Research Issues in Data Engineering (RIDE-WS-ECEG 2004), Web Services for E-Commerce and E-Government Applications, 2004. Google ScholarDigital Library
E. Bertino and E. Ferrari. Secure and selective dissemination of xml documents. ACM Transactions on Information and System Security, 5(3):290--331, 2002. Google ScholarDigital Library
E. Bertino, S. Jajodia, and P. Samarati. A Flexible authorization mechanism for relational database systems. ACM Transactions on Information Systems, 17(2):101--140, 1999. Google ScholarDigital Library
E. Bertino and R. S. Sandhu. Database security-concepts, approaches, and challenges. IEEE Transactions on Dependable and Secure Computing, 2(1):2--19, 2005. Google ScholarDigital Library
R. Bhatti, A. Ghafoor, E. Bertino, and J. Joshi. X-GTRBAC: an XML-based policy specification framework and architecture for enterprise-wide access control. ACM Transactions on Information and System Security, 8(2):187--227, 2005. Google ScholarDigital Library
S. A. Chun and V. Atluri. Protecting privacy from continuous high-resolution satellite surveillance. In Data and Application Security, Development and Directions, IFIP TC11/WG11.3 Fourteenth Annual Working Conference on Database Security, 2000. Google ScholarDigital Library
M. J. Covington, W. Long, S. Srinivasan, M. A. Anind K. Dey, and G. D. Abowd. Securing context-aware applications using environment roles. In 6th ACM Symposium on Access Control Models and Technologies, 2001. Google ScholarDigital Library
M. Damiani, E. Bertino, B. Catania, and P. Perlasca. Geo-RBAC: a spatially-aware RBAC. ACM Transactions on Information and System Security, 10(1):2, 2007. Google ScholarDigital Library
P. Devanbu, M. Gertz, A. Kwong, C. Martel, and S. Stubblebine. Flexible authentication of XML documents. Journal of Computer Security, 12(6):841--864, 2004. Google ScholarDigital Library
P. Devanbu, M. Gertz, C. Martel, and S. Stubblebine. Authentic data publication over the Internet. Journal of Computer Security, 11(3):291--314, 2003. Google ScholarDigital Library
J. Dobson. Is GIS a privacy threat? GIS World, 1198.Google Scholar
A. Entchev. GIS and privacy. Directions Magazine, 2005.Google Scholar
ESRI. OpenGIS Interoperability Add-ons for ArcGIS, http://www.esri.com/software/standards/ogc-download.html, 2005.Google Scholar
M. Gertz, Q. Hart, C. Rueda, S. Singhal, and J. Zhang. A data and query model for streaming geospatial image data. In 11th International Workshop on Foundations of Models and Languages for Data and Objects (Query Languages and Query Processing - QLQP), Revised Selected Papers. LNCS 4254, Springer, 687--699. 2006. Google ScholarDigital Library
M. Gertz, A. Kwong, C. Martel, G. Nuckolls, P. Devanbu, and S. Stubblebine. Databases that tell the truth: Authentic data publication. Bulletin of the Technical Committee on Data Engineering, 7(1):21--41, 2004.Google Scholar
M. Gertz and S. Jajodia (Editors). The Handbook of Database Security: Applications and Trends. Springer, 2007. Google ScholarDigital Library
M. Gertz and A. M. Rosenthal. Database Security. In Bidgoli, H. (editor) Handbook of Information Security, Threats, Vulnerabilities, Prevention, Detection and Management, pages 380--395, Wiley. 2006.Google Scholar
F. Hansen and V. A. Oleshchuk. Spatial role-based access control model for wireless networks. In IEEE Vehicular Technology Conference VTC2003-Fall, 2003.Google ScholarCross Ref
S. Jajodia, P. Samarati, M. L. Sapino, and V. S. Subrahmanian. Flexible support for multiple access control policies. ACM Transactions on Database Systems, 26(2):214--260, 2001. Google ScholarDigital Library
J. R. Jensen. Introductory Digital Image Processing. Third Edition, Prentice Hall, 2004. Google ScholarDigital Library
J. Joshi, E. Bertino, U. Latif, and A. Ghafoor. A generalized temporal role-based access control model. IEEE Transactions on Knowledge Data Eng, 17(1):4--23, 2005. Google ScholarDigital Library
M. Koch, L. V. Mancini, and F. Parisi-Presicce. On the specification and evolution of access control policies. In 6th ACM Symposium on Access Control Models and Technologies (SACMAT 2001), 2001. Google ScholarDigital Library
R. Lake, D. S. Burggraf, M. Trninic, and L. Rae. Geography Markup Language-Foundation for the Geo-Web. Wiley, 2004. Google ScholarDigital Library
M. Lorch, S. Proctor, R. Lepro, D. Kafura, and S. Shah. Access control: First experiences using XACML for access control in distributed systems. In ACM workshop on XML security, 2003. Google ScholarDigital Library
P. M. Mather. Computer Processing of Remotely-Sensed Images. Wiley, 2004. Google ScholarDigital Library
A. Matheus. Declaration and enforcement of fine-grained access restrictions for a service-based geospatial data infrastructure. In 10th ACM Symposium on Access Control Models and Technologies (SACMAT 2005), 2005. Google ScholarDigital Library
P. Mazzoleni, E. Bertino, and B. Crispo. XACML policy integration algorithms: not to be confused with XACML policy combination algorithms! In SACMAT, 2006. Google ScholarDigital Library
FGDC. Guidelines for providing appropriate access to geospatial data in response to security concerns. http://www.fgdc.gov/policyandplanning/Access_Guidelines.pdf, June 2005.Google Scholar
FGDC. National Spatial Data Infrastructure (NSDI). http://www.fgdc.gov/nsdi/nsdi.html.Google Scholar
H. J. Onsrud, J. P. Johnson, and X. Lopez. Protecting personal privacy in using geographic information systems. Photogrammetic Engineering and Image Processing, 60(9):1083--1095, 1994.Google Scholar
D. Papadias, M. J. Egenhofer, and J. Sharma. Hierarchical reasoning about direction relations. In Proceedings of the 4th ACM international workshop on Advances in geographic information systems, 1996. Google ScholarDigital Library
P. Rigaux, M. Scholl, and A. Voisard. Spatial Databases: With Application to GIS. Morgan Kaufmann, 2002. Google ScholarDigital Library
P. Samarati and S. D. C. di Vimercati. Foundations of Security Analysis and Design, Tutorial Lectures (FOSAD 2000), chapter Access Control: Policies, Models, and Mechanisms, pages 137--196. LNCS 2171, Springer, 2001. Google ScholarDigital Library
H. Samet. Applications of Spatial Data Structures: Computer Graphics, Image Processing and GIS. Addison-Wesley, 1989. Google ScholarDigital Library
R. S. Sandhu, V. Bhamidipati, and Q. Munawer. The ARBAC97 model for role-based administration of roles. ACM Transactions on Information and System Security, 2(1):105--135, 1999. Google ScholarDigital Library
R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-based access control models. IEEE Computer, 29(2):38--47, 1996. Google ScholarDigital Library
B. Thuraisingham. Database and Applications Security, Integrating Data Management and Applications Security. CRC Press/Auerbach, 2005.Google ScholarCross Ref
B. Thuraisingham and W. Ford. Security constraint processing in a multilevel secure distributed database system. IEEE Transactions on Knowledge and Data Engineering, 7(2):274--293, 1995. Google ScholarDigital Library
C. D. Tomlin. Geographic Information Systems and Cartographic Modeling. Prentice-Hall, 1990.Google Scholar
Y. Wang and J. Vassileva. Bayesian network trust model in peer-to-peer networks. In Second International Workshop on Agents and Peer-to-Peer Computing (AP2PC 2003), 2003. Google ScholarDigital Library
M. Winslett, N. Ching, V. E. Jones, and I. Slepchin. Using digital credentials on the world wide web. Journal of Computer Security, 5(3):255--266, 1997. Google ScholarDigital Library
T. Wright. Geographic information systems. Ontario Offce of Information and Privacy Commissioner, 1997.Google Scholar
Y. Yang, S. Papadopoulos, D. Papadias, and G. Kollios. Spatial outsourcing for location-based services. In Proceedings of the 24th International Conference on Data Engineering, ICDE 2008, 1082--1091, 2008. Google ScholarDigital Library

Index Terms

Security and privacy for geospatial data: concepts and research directions

Recommendations

A Comparative Study on Various Aspects of Security of Geospatial Data
CSNT '14: Proceedings of the 2014 Fourth International Conference on Communication Systems and Network Technologies

Geographical Information System contains geospatial data which is data about the surface of earth. It is highly sensitive and high precision data. Nowadays GIS systems are widely spreading in government organizations, municipalities, military affairs, ...
Read More
Internet of Things security

The Internet of things (IoT) has recently become an important research topic because it integrates various sensors and objects to communicate directly with one another without human intervention. The requirements for the large-scale deployment of the ...
Read More
A Need-Finding Study with Users of Geospatial Data
CHI '23: Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems

Geospatial data is playing an increasingly critical role in the work of Earth and climate scientists, social scientists, and data journalists exploring spatiotemporal change in our environment and societies. However, existing software and programming ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SPRINGL '08: Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS
November 2008
94 pages
ISBN:9781605583242
DOI:10.1145/1503402
General Chairs:
Elisa Bertino
CERIAS, Purdue University, USA
,
Maria Luisa Damiani
Universita degli Studi di Milano, Italy
Copyright © 2008 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 4 November 2008
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
GIS
geospatial data
privacy
security
Qualifiers
- research-article
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 21
  Total Citations
  View Citations
- 1,636
  Total Downloads
- Downloads (Last 12 months)67
- Downloads (Last 6 weeks)5
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Security and privacy for geospatial data: concepts and research directions

SPRINGL '08: Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS

ABSTRACT

References

Cited By

Index Terms

Recommendations

A Comparative Study on Various Aspects of Security of Geospatial Data

Internet of Things security

A Need-Finding Study with Users of Geospatial Data

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

Security and privacy for geospatial data: concepts and research directions

SPRINGL '08: Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS

ABSTRACT

References

Cited By

Index Terms

Recommendations

A Comparative Study on Various Aspects of Security of Geospatial Data

Internet of Things security

A Need-Finding Study with Users of Geospatial Data

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media