Data access

About: Data access is a research topic. Over the lifetime, 13141 publications have been published within this topic receiving 172859 citations. The topic is also known as: Data access.

A Security Punctuation Framework for Enforcing Access Control on Streaming Data

Abstract: The management of privacy and security in the context of data stream management systems (DSMS) remains largely an unaddressed problem to date. Unlike in traditional DBMSs where access control policies are persistently stored on the server and tend to remain stable, in streaming applications the contexts and with them the access control policies on the real-time data may rapidly change. A person entering a casino may want to immediately block others from knowing his current whereabouts. We thus propose a novel ";stream-centric"; approach, where security restrictions are not persistently stored on the DSMS server, but rather streamed together with the data. Here, the access control policies are expressed via security constraints (called security punctuations, or short, sps) and are embedded into data streams. The advantages of the sp model include flexibility, dynamicity and speed of enforcement. DSMSs can adapt to not only data-related but also security-related selectivities, which helps reduce the waste of resources, when few subjects have access to data. We propose a security-aware query algebra and new equivalence rules together with cost estimations to guide the security-aware query plan optimization. We have implemented the sp framework in a real DSMS. Our experimental results show the validity and the performance advantages of our sp model as compared to alternative access control enforcement solutions for DSMSs.

Apparatus and method capable of restricting access to a data storage device

Abstract: The present invention is related to a data storage device capable of restricting access to data storage or retrieval when a first code is incompatible with a second code. The data storage device comprises (a) a data storage media having a data storage region; and (b) a controller adapted to compare a first code with a second code and to restrict access to a portion of the data storage region of the data storage device if the first code is incompatible with the second code.

A Practical and Flexible Key Management Mechanism For Trusted Collaborative Computing

Abstract: Trusted collaborative computing (TCC) is a new research and application paradigm Two important challenges in such a context are represented by secure information transmission among the collaborating parties and selective differentiated access to data among members of collaborating groups Addressing such challenges requires, among other things, developing techniques for secure group communication (SGQ), secure dynamic conferencing (SDC), differential access control (DIF-AC), and hierarchical access control (HAC) Cryptography and key management have been intensively investigated and widely applied in order to secure information However, there is a lack of key management mechanisms which are general and flexible enough to address all requirements arising from information transmission and data access This paper proposes the first holistic group key management scheme which can directly support all these functions yet retain efficiency The proposed scheme is based on the innovative concept of access control polynomial (ACP) that can efficiently and effectively support full dynamics, flexible access control with fine-tuned granularity, and anonymity The new scheme is immune from various attacks from both external and internal malicious parties

A language extension for expressing constraints on data access

Abstract: Controlled sharing of information is needed and desirable for many applications and is supported in operating systems by access control mechanisms. This paper shows how to extend programming languages to provide controlled sharing. The extension permits expression of access constraints on shared data. Access constraints can apply both to simple objects, and to objects that are components of larger objects, such as bank account records in a bank's data base. The constraints are stated declaratively, and can be enforced by static checking similar to type checking. The approach can be used to extend any strongly-typed language, but is particularly suitable for extending languages that support the notion of abstract data types.

MobiSense — mobile network services for coordinated participatory sensing

Abstract: Cellular and Wi-Fi networks now form a global substrate that provides billions of mobile phone users with consistent, location-aware communication and multimedia data access. On this substrate is emerging a new class of mobile phone applications that use the phones location, image and acoustic sensors, and enable people to choose what to sense and when to share data about themselves and their surroundings. Peoples' natural movement through and among living, work, and “third” spaces, provides spatial and temporal coverage for these modalities, the character of which is impossible to achieve through embedded instrumentation alone. This paper proposes a network service architecture for participatory sensing, describing challenges in (1) network coordination services enabling applications to efficiently select, incentivize and task mobile users based on measures of coverage, capabilities and interests; (2) attestation mechanisms to enable data consumers to assign trust to the data they access; and (3) participatory privacy regulation mechanisms used by data contributors to control what data they share.