Elena Ferrari

Department of Computer Science and Communication
University of Insubria
Via Mazzini, 5 – 21100 Varese
Phone: +39 0332 21 8915
Fax: +39 0332 218909
Email: elena.ferrari@uninsubria.it

DVP term expires in December 2013

Enforcing Access Control over Data Streams
Data stream management systems (DSMSs) have been increasingly used to support a wide range of real-time applications (e.g.,battle field monitoring, network monitoring, telecommunications,financial monitoring,
sensor network, and so on). In many of these applications, there is a need to protect sensitive streaming data from unauthorized accesses. For example, in battle field monitoring, the positions of soldiers should only be
accessible to the battleground commanders. Even if data are not sensitive, it may still be of commercial value to restrict their accesses. For example, in a financial monitoring service, stock prices are delivered to paying clients based on the stocks they have subscribed to. Hence, there is a need to integrate access control mechanisms into DSMSs. In this talk, we will discuss which are the peculiar requirements of DSMSs that do not make possible to directly apply standard protection techniques developed for Database Management Systems. Then, we present a role-based access control system for DSMSs. The system adopts query rewriting to enforce access control and is implemented through a middleware able to transparently deploy rewritten (secure) queries into different DSMSs.

Access Control and Privacy in On-line Social Networks: Issues and Solutions
The wide diffusion and usage of On-line Social Networks (OSNs) in the last years have made publicly available a huge amount of personal, possible sensitive, information, which can be used by third-parties with purposes different from the ones of the information owners. This huge repository of available personal information poses both interesting opportunities and challenges, some of the most relevant ones related to privacy and access control. Up to now the research in these areas has mainly focused on privacy-preserving analysis of network data. However, privacy is not a primary concern only when social network data are analyzed off-line by data mining tools, but also during the normal activities of users within an OSN, as also witnessed by the increasing attention to this issue from media, privacy advocates, and citizens. Although many controversial opinions exist on these topics, it should be recognized that concepts such as privacy and confidentiality have evolved over time and OSNs greatly change the way they are perceived. Therefore, new methods and a completely different way of thinking are needed in addressing them. This talk will try to shed light into the research challenges in the area of access control and privacy in OSNs, by discussing the main new issues related to the protection of OSN user personal data and resources.