This Article 
 Bibliographic References 
 Add to: 
An Authorization Model for Geospatial Data
October-December 2004 (vol. 1 no. 4)
pp. 238-254
Vijayalakshmi Atluri, IEEE Computer Society
Soon Ae Chun, IEEE Computer Society
The advent of commercial observation satellites in the new millennium provides unprecedented access to timely information, as they produce images of the Earth with the sharpness and quality previously available only from US, Russian, and French military satellites. Due to the fact that they are commercial in nature, a broad range of government agencies (including international), the news media, businesses, and nongovernmental organizations can gain access to this information. This may have grave implications on national security and personal privacy. Formal policies for prohibiting the release of imagery beyond a certain resolution, and notifying when an image crosses an international boundary or when such a request is made, are beginning to emerge. Access permissions in this environment are determined by both the spatial and temporal attributes of the data, such as location, resolution level, and the time of image download, as well as those of the user credentials. Since existing authorization models are not adequate to provide access control based on spatial and temporal attributes, in this paper, we propose a Geospatial Data Authorization Model (GSAM). Unlike the traditional access control models where authorizations are specified using subjects and objects, authorizations in GSAM are specified using credential expressions and object expressions. GSAM supports privilege modes including view, zoom-in, download, overlay, identify, animate, and fly by, among others. We present our access control prototype system that enables subject, object as well as authorization specification via a Web-based interface. When an access request is made, the access control system computes the overlapping region of the authorization and the access request. The zoom-in and zoom-out requests can simply be made through a click of the mouse, and the appropriate authorizations will be evaluated when these access requests are made.

[1], 2002.
[2] http:/, 2000.
[3] CIMIC Rutgers: NASA Regional Application Center, http://cimic.rutgers.edurac/, 1997.
[4] US Gazetteer,, 2001
[5] N.R. Adam, V. Atluri, E. Bertino, and E. Ferrari, “A Content-Based Authorization Model for Digital Libraries,” IEEE Trans. Knowledge and Data Eng., vol. 14, no. 2, pp. 296-315, Mar. 2002.
[6] V. Atluri and W. Huang, “An Authorization Model for Workflows,” Lecture Notes in Computer Science, no. 1146, Springer-Verlag, Sept. 1996.
[7] V. Atluri and A. Gal, “An Authorization Model for Temporal and Derived Data: Securing Information Portals,” ACM Trans. Information Systems Security, vol. 5, no. 1, pp. 62-94, Feb. 2002.
[8] J.C. Baker, K.M. O'Connell, and R.A. Willamson, Commercial Observation Satellites. Rand Edition, 2001.
[9] T. Barclay, J. Gray, E. Strand, S. Ekblad, and J. Richter, “Terraservice. net: An Introduction to Web Services,” Technical Report MS-TR-2002-53, Advanced Technology Division, Microsoft Research, June 2002.
[10] E. Bertino, C. Bettini, E. Ferrari, and P. Samarati, “A Temporal Access Control Mechanism for Database Systems,” IEEE Trans. Knowledge and Data Eng., vol. 8, no. 1, pp. 67-80, 1996.
[11] E. Bertino, P.A. Bonatti, and E. Ferrari, “TRBAC: A Temporal Role-Based Access Control Model,” ACM Trans. Information and System Security, vol. 4, no. 3, pp. 191-233, 2001.
[12] E. Bertino, S. Castano, E. Ferrari, and M. Mesiti, “Specifying and Enforcing Access Control Policies for XML Document Sources,” World Wide Web J., vol. 3, no. 3, 2000.
[13] E. Bertino, E. Ferrari, and V. Atluri, “An Approach for the Specification and Enforcement of Authorization Constraints in Workflow Management Systems,” ACM Trans. Information Systems Security, vol. 2, no. 1, Feb. 1999.
[14] E. Bertino, P. Samarati, and S. Jajodia, “Authorizations in Relational Database Management Systems,” Proc. First ACM Conf. Computer and Comm. Security, Nov. 1993.
[15] E. Bertino, J. Fan, E. Ferrari, M.-S. Hacid, A.K. Elmagarmid, and X. Zhu, “A Hierarchical Access Control Model for Video Database Systems,” ACM Trans. Information Systems, vol. 21, no. 2, pp. 155-191, 2003.
[16] T. Black, “Commercial Satellites: Future Threats or Allies?” Naval War College Rev., 1999.
[17] P.A. Bonatti and P. Samarati, “A Uniform Framework for Regulating Service Access and Information Release on the Web,” J. Computer Security, vol. 10, no. 3, pp. 241-271, 2002.
[18] S. Chun and V. Atluri, “Protecting Privacy from Continuous High-resolution Satellite Surveillance,” Proc. 14th IFIP WG 11.3 Workshop Database Security, pp. 399-420, Aug. 2000.
[19] D.D. Clark and D.R. Wilson, “A Comparison of Commercial and Military Computer Security Policies,” Proc. IEEE Symp. Security and Privacy, pp. 184-194, Apr. 1987.
[20] E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, and P. Samarati, “Securing XML Documents,” Proc. 2000 Int'l Conf. Extending Database Technology (EDBT2000), Mar. 2000.
[21] D. Buckley, “A Review of Geo-Spatial Data and Technology Solutions for Addressing Fire and Fuel Management Requirements,” technical report, GIS Solutions, Space Imaging LLC, 2002.
[22] S. De Capitani di Vimercati and P. Samarati, “Authorization Specification and Enforcement in Federated Database Systems,” J. Computer Security, vol. 5, no. 2, pp. 155-188, 1997.
[23] B. Drogin, “Sale to Public of Satellite Photos Debated,” Los Angeles Times, Jan. 2000.
[24] E. Bertino, M.L. Damiani, and D. Momini, “An Access Control System for a Web Map Management Service,” Proc. 14th Int'l Workshop Research Issues in Data Eng., Web Services for E-Commerce and E-Government Applications, pp. 33-39, Mar. 2004.
[25] E.B. Fernandez, E. Gudes, and H. Song, “A Security Model for Object-Oriented Databases,” Proc. IEEE Symp. Security and Privacy, pp. 110-115, May 1989.
[26] M. Fleck, D. Forsyth, and C. Bregler, “Finding Naked People,” Proc. Fourth European Conf. Computer Vision, pp. 593-602, 1996.
[27] H.M. Gladney, “Safeguarding Digital Library Contents and Users, Document Access Control,” D-Lib Magazine, June 1997.
[28] L.L. Hill, “Core Elements of Digital Gazetteers: Placenames, Categories, and Footprints,” Research and Advanced Technology for Digital Libraries: Proc. Fourth European Conf., pp. 280-290, 2000.
[29] S. Jajodia, P. Samarati, M.L. Sapino, and V.S. Subrahmanian, “Flexible Support for Multiple Access Control Policies,” ACM Trans. Database Systems, vol. 26, no. 2, pp. 214-260, 2001.
[30] D. Jonscher and K.R. Dittrich, “An Approach for Building Secure Database Federations,” Proc. 20th Int'l Conf. Very Large Data Bases, J.B. Bocca, eds., pp. 24-35, 1994.
[31] J. Joshi, E. Bertino, and A. Ghafoor, “Temporal Hierarchies and Inheritance Semantics for GTRBAC,” Proc. Seventh ACM Symp. Access Control Models and Technologies, pp. 74-83, 2002.
[32] M. Kudo and S. Hada, “XML Document Security Based on Provisional Authorization,” Proc. ACM Conf. Computer and Comm. Security (CCS 2000), Nov. 2000.
[33] R. Merle, “US Probes Military's Use of Commercial Satellites,” Washington Post, Dec. 2002.
[34] A. Rezgui, M. Ouzzani, A. Bouguettaya, and B. Medjahed, “Preserving Privacy in Web Services,” Proc. Fourth ACM CIKM Int'l Workshop Web Information and Data Management (WIDM 2002), pp. 56-62, 2002.
[35] P. Samarati, P. Ammann, and S. Jajodia, “Propagation of Authorizations in Distributed Database Systems,” Proc. Second ACM Conf. Computer and Comm. Security, Nov. 1994.
[36] P. Samarati, E. Bertino, and S. Jajodia, “An Authorization Model for a Distributed Hypertext System,” IEEE Trans. Knowledge and Data Eng., vol. 8, no. 4, pp. 555-562, 1996.
[37] D.L. Spooner, “The Impact of Inheritance on Security in Object-oriented Database Systems,” Database Security, II: Status and Prospects, pp. 141-160, 1989.
[38] R.K. Thomas and R.S. Sandhu, “Discretionary Access Control in Object-Oriented Databases,” Proc. 16th Nat'l Computer Security Conf., pp. 63-74 Sept. 1993.
[39] J. Wang, J. Li, G. Wiederhold, and O. Firschein, “System for Classifying Objectionable Websites,” Proc. Int'l Workshop Interactive Distributed Multimedia Systems and Telcomm. Services, Sept. 1998.
[40] T.Y.C. Woo and S.S. Lam, “Authorization in Distributed Systems: A Formal Approach,” Proc. IEEE Symp. Security and Privacy, pp. 33-50, May 1992.
[41] R. Wright, “Private Eyes,” The New York Times Magazine, 1999.

Index Terms:
Geospatial databases, security, access control.
Vijayalakshmi Atluri, Soon Ae Chun, "An Authorization Model for Geospatial Data," IEEE Transactions on Dependable and Secure Computing, vol. 1, no. 4, pp. 238-254, Oct.-Dec. 2004, doi:10.1109/TDSC.2004.32
Usage of this product signifies your acceptance of the Terms of Use.