Xing Xie
ABSTRACT
In the near future, clouds will provide situational monitoring services using streaming data. Examples of such services include health monitoring, stock market monitoring, shopping cart monitoring, and emergency control and threat management. Offering such services require securely processing data streams generated by multiple, possibly competing and/or complementing, organizations. Processing of data streams also should not cause any overt or covert leakage of information across organizations. We propose an information flow control model adapted from the Chinese Wall policy that can be used to protect against sensitive data disclosure. We propose architectures that are suitable for securely and efficiently processing streaming information belonging to different organizations. We discuss how performance can be further improved by sharing the processing of multiple queries. We demonstrate the feasibility of our approach by implementing a prototype of our system and show the overhead incurred due to the information flow constraints.
- D. J. Abadi, Y. Ahmad, M. Balazinska, U. Çetintemel, M. Cherniack, J. Hwang, W. Lindner, A. Maskey, A.Rasin, E.Ryvkina, N.Tatbul, Y.Xing, and S. B. Zdonik. The Design of the Borealis Stream Processing Engine. In Proc. of the CIDR, pages 277--289, 2005.Google Scholar
- M. D. Abrams, S. G. Jajodia, and H. J. Podell, editors. Information Security: An Integrated Collection of Essays. IEEE Computer Society Press, Los Alamitos, CA, USA, 1st edition, 1995. Google ScholarDigital Library
- R. Adaikkalavan and S. Chakravarthy. SnoopIB: Interval-based Event Specification and Detection for Active Databases. DKE, 59(1):139--165, 2006. Google ScholarDigital Library
- R. Adaikkalavan and T. Perez. Secure Shared Continuous Query Processing. In Proc. of the ACM SAC (Data Streams Track), pages 1005--1011, Taiwan, 2011. Google ScholarDigital Library
- R. Adaikkalavan, I. Ray, and X. Xie. Multilevel Secure Data Stream Processing. In Proc. of the DBSec, pages 122--137, 2011. Google ScholarDigital Library
- A. Arasu, B. Babcock, S. Babu, J. Cieslewicz, M. Datar, K. Ito, R. Motwani, U. Srivastava, and J. Widom. STREAM: The Stanford Data Stream Management System. Technical Report 2004--20, Stanford InfoLab, 2004.Google Scholar
- A. Arasu, S. Babu, and J. Widom. The CQL Continuous Query Language: Semantic Foundations and Query Execution. VLDB Journal, 15(2):121--142, 2006. Google ScholarDigital Library
- B. Babcock, S. Babu, M. Datar, R. Motwani, and J. Widom. Models and Issues in Data Stream Systems. In Proc. of the PODS, pages 1--16, 2002. Google ScholarDigital Library
- H. Balakrishnan, M. Balazinska, D. Carney, U. Çetintemel, M. Cherniack, C. Convey, E. Galvez, J. Salz, M. Stonebraker, N. Tatbul, R. Tibbetts, and S. B. Zdonik. Retrospective on Aurora. VLDB Journal: Special Issue on Data Stream Processing, 13(4):370--383, 2004. Google ScholarDigital Library
- D. E. Bell and L. J. LaPadula. Secure Computer System: Unified Exposition and MULTICS Interpretation. Technical Report MTR-2997 Rev. 1 and ESD-TR-75--306, rev. 1, The MITRE Corporation, Bedford, MA 01730, 1976.Google ScholarCross Ref
- D. F. C. Brewer and M. J. Nash. The Chinese Wall Security Policy. In Proc. of the IEEE S & P, pages 206--214, 1989.Google ScholarCross Ref
- J. Cao, B. Carminati, E. Ferrari, and K. Tan. ACStream: Enforcing Access Control over Data Streams. In Proc. of the ICDE, pages 1495--1498, 2009. Google ScholarDigital Library
- B. Carminati, E. Ferrari, and K. L. Tan. Enforcing Access Control over Data Streams. In Proc. of the ACM SACMAT, pages 21--30, 2007. Google ScholarDigital Library
- D. Carney, U. Çetintemel, M. Cherniack, C. Convey, S. Lee, G. Seidman, M. Stonebraker, N. Tatbul, and S. B. Zdonik. Monitoring Streams - A New Class of Data Management Applications. In Proc. of the VLDB, pages 215--226, 2002. Google ScholarDigital Library
- S. Chakravarthy and R. Adaikkalavan. Event and Streams: Harnessing and Unleashing Their Synergy. In Proc. of the DEBS, pages 1--12, 2008. Google ScholarDigital Library
- S. Chakravarthy and Q. Jiang. Stream Data Processing: A Quality of Service Perspective Modeling, Scheduling, Load Shedding, and Complex Event Processing. Advances in Database Systems , Vol. 36. Springer, 2009. Google ScholarDigital Library
- M. Cherniack, H. Balakrishnan, M. Balazinska, D. Carney, U. Çetintemel, Y. Xing, and S. B. Zdonik. Scalable Distributed Stream Processing. In Proc. of the CIDR, 2003.Google Scholar
- T. Jaeger, R. Sailer, and Y. Sreenivasan. Managing the Risk of Covert Information Flows in Virtual Machine Systems. In Proc. of the ACM SACMAT, pages 81--90, 2007. Google ScholarDigital Library
- Q. Jiang and S. Chakravarthy. Anatomy of a Data Stream Management System. In ADBIS Research Communications, 2006.Google Scholar
- W. Lindner and J. Meier. Securing the Borealis Data Stream Engine. In IDEAS, pages 137--147, 2006. Google ScholarDigital Library
- R. V. Nehme, H. Lim, E. Bertino, and E. A. Rundensteiner. StreamShield: A Stream-Centric Approach towards Security and Privacy in Data Stream Environments. In Proc. of the ACM SIGMOD, pages 1027--1030, 2009. Google ScholarDigital Library
- R. V. Nehme, E. A. Rundensteiner, and E. Bertino. A Security Punctuation Framework for Enforcing Access Control on Streaming Data. In Proc. of the ICDE, pages 406--415, 2008. Google ScholarDigital Library
- R. Sandhu. Lattice-Based Enforcement of Chinese Walls. Computers & Security, 11(8):753--763, 1992. Google ScholarDigital Library
- T. Tsai, Y. Chen, H. Huang, P. Huang, and K. Chou. A Practical Chinese Wall Security Model in Cloud Computing. In Proc. of the APNOMS, pages 1--4, 2011.Google ScholarCross Ref
- R. Wu, G. Ahn, H. Hu, and M. Singhal. Information Flow Control in Cloud Computing. In Proc. of the CollaborateCom, pages 1--7, 2010.Google ScholarCross Ref
- R. Xie and R. Gamble. A Tiered Strategy for Auditing in the Cloud. In Proc. of IEEE CLOUD, 2012. Google ScholarDigital Library
Index Terms
- Information flow control for stream processing in clouds
Recommendations
Practical Storage-Compute Elasticity for Stream Data Processing
Middleware '23: Proceedings of the 24th International Middleware Conference: Industrial TrackStream processing pipelines need to handle workload fluctuations (e.g., daily patterns, popularity spikes) by scaling up/down the resources contributed to running jobs. While there have been efforts proposing auto-scaling mechanisms for stream processing ...
Bounding substreams in distributed stream processing
AbstractA common problem in distributed stream processing is to split a stream into finite chunks of messages (substreams) and to determine their boundaries: stateful streaming operators should clear outdated state; time window operators ...
Highlights- Punctuations can be inefficient for substreams bounding due to high network overhead.
Stream WatDiv: A Streaming RDF Benchmark
SBD'18: Proceedings of the International Workshop on Semantic Big DataWe present Stream WatDiv -- an open-source benchmark for streaming RDF data management systems. The proposed benchmark extends the existing WatDiv benchmark, and includes a streaming data generator, a query generator that can produce a diverse set of ...
Comments