CSDL Home IEEE Transactions on Dependable and Secure Computing 2004 vol.1 Issue No.04 - October-December
Issue No.04 - October-December (2004 vol.1)
Vijayalakshmi Atluri , IEEE Computer Society
Soon Ae Chun , IEEE Computer Society
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2004.32
The advent of commercial observation satellites in the new millennium provides unprecedented access to timely information, as they produce images of the Earth with the sharpness and quality previously available only from US, Russian, and French military satellites. Due to the fact that they are commercial in nature, a broad range of government agencies (including international), the news media, businesses, and nongovernmental organizations can gain access to this information. This may have grave implications on national security and personal privacy. Formal policies for prohibiting the release of imagery beyond a certain resolution, and notifying when an image crosses an international boundary or when such a request is made, are beginning to emerge. Access permissions in this environment are determined by both the spatial and temporal attributes of the data, such as location, resolution level, and the time of image download, as well as those of the user credentials. Since existing authorization models are not adequate to provide access control based on spatial and temporal attributes, in this paper, we propose a Geospatial Data Authorization Model (GSAM). Unlike the traditional access control models where authorizations are specified using subjects and objects, authorizations in GSAM are specified using credential expressions and object expressions. GSAM supports privilege modes including view, zoom-in, download, overlay, identify, animate, and fly by, among others. We present our access control prototype system that enables subject, object as well as authorization specification via a Web-based interface. When an access request is made, the access control system computes the overlapping region of the authorization and the access request. The zoom-in and zoom-out requests can simply be made through a click of the mouse, and the appropriate authorizations will be evaluated when these access requests are made.
Geospatial databases, security, access control.
Vijayalakshmi Atluri, Soon Ae Chun, "An Authorization Model for Geospatial Data", IEEE Transactions on Dependable and Secure Computing, vol.1, no. 4, pp. 238-254, October-December 2004, doi:10.1109/TDSC.2004.32