{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T12:13:01Z","timestamp":1763467981470,"version":"3.41.0"},"reference-count":37,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2010,7,1]],"date-time":"2010-07-01T00:00:00Z","timestamp":1277942400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001352","name":"National University of Singapore","doi-asserted-by":"publisher","award":["R-252-000-307-112"],"award-info":[{"award-number":["R-252-000-307-112"]}],"id":[{"id":"10.13039\/501100001352","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Inf. Syst. Secur."],"published-print":{"date-parts":[[2010,7]]},"abstract":"<jats:p>Although access control is currently a key component of any computational system, it is only recently that mechanisms to guard against unauthorized access to streaming data have started to be investigated. To cope with this lack, in this article, we propose a general framework to protect streaming data, which is, as much as possible, independent from the target stream engine. Differently from RDBMSs, up to now a standard query language for data streams has not yet emerged and this makes the development of a general solution to access control enforcement more difficult. The framework we propose in this article is based on an expressive role-based access control model proposed by us. It exploits a query rewriting mechanism, which rewrites user queries in such a way that they do not return tuples\/attributes that should not be accessed according to the specified access control policies. Furthermore, the framework contains a deployment module able to translate the rewritten query in such a way that it can be executed by different stream engines, therefore, overcoming the lack of standardization. In the article, besides presenting all the components of our framework, we prove the correctness and completeness of the query rewriting algorithm, and we present some experiments that show the feasibility of the developed techniques.<\/jats:p>","DOI":"10.1145\/1805974.1805984","type":"journal-article","created":{"date-parts":[[2010,8,2]],"date-time":"2010-08-02T13:15:22Z","timestamp":1280754922000},"page":"1-31","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":45,"title":["A framework to enforce access control over data streams"],"prefix":"10.1145","volume":"13","author":[{"given":"Barbara","family":"Carminati","sequence":"first","affiliation":[{"name":"DICOM, University of Insubria, Varese, Italy"}]},{"given":"Elena","family":"Ferrari","sequence":"additional","affiliation":[{"name":"DICOM, University of Insubria, Varese, Italy"}]},{"given":"Jianneng","family":"Cao","sequence":"additional","affiliation":[{"name":"National University of Singapore, Singapore"}]},{"given":"Kian Lee","family":"Tan","sequence":"additional","affiliation":[{"name":"National University of Singapore, Singapore"}]}],"member":"320","published-online":{"date-parts":[[2010,7,30]]},"reference":[{"volume-title":"Proceedings of the Conference on Innovative Data System Research (CIDR'05)","year":"2005","author":"Abadi D.","key":"e_1_2_1_1_1"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00778-003-0095-z"},{"volume-title":"Proceedings of the 29th International Conference on Very Large Data Bases (VLDB'03)","author":"Aggarwal C. C.","key":"e_1_2_1_3_1"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1014052.1014110"},{"key":"e_1_2_1_5_1","unstructured":"Ali M. ElTabakh M. and Nita-Rotaru C. 2005. FT-RC4: A robust security mechanism for data stream systems. Tech. rep. TR-05-024 Purdue University.  Ali M. ElTabakh M. and Nita-Rotaru C. 2005. FT-RC4: A robust security mechanism for data stream systems. Tech. rep. TR-05-024 Purdue University."},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/872757.872854"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00778-004-0132-6"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/543613.543615"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1379272.1379284"},{"volume-title":"Proceedings of the 10th International Conference on Super Computing (ISC'07)","author":"Biskup J.","key":"e_1_2_1_10_1"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1015231126594"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE.2009.25"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/1266840.1266845"},{"volume-title":"Proceedings of the 12th International Conference on Database Systems for Advanced Applications (DASFAA '07)","author":"Carminati B.","key":"e_1_2_1_14_1"},{"key":"e_1_2_1_15_1","unstructured":"Carminati B. Ferrari E. Tan K.-L. and Cao J. 2008. A framework to enforce access control over data streams. Tech. rep. University of Insubria. http:\/\/www.dicom.uninsubria.it\/~barbara.carminati\/TR\/TR_Framework_AC_stream.pdf.  Carminati B. Ferrari E. Tan K.-L. and Cao J. 2008. A framework to enforce access control over data streams. Tech. rep. University of Insubria. http:\/\/www.dicom.uninsubria.it\/~barbara.carminati\/TR\/TR_Framework_AC_stream.pdf."},{"volume-title":"Proceedings of the Conference of Innovative Data System Research (CIDR'03)","year":"2003","author":"Chandrasekaran S.","key":"e_1_2_1_16_1"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/342009.335432"},{"key":"e_1_2_1_18_1","unstructured":"Coral8. 2008. Coral8 homepage. http:\/\/www.coral8.com\/.  Coral8. 2008. Coral8 homepage. http:\/\/www.coral8.com\/."},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/872757.872838"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/772862.772864"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1083784.1083789"},{"volume-title":"Proceedings of the 27th International Conference on Very Large Data Bases (VLDB'01)","author":"Gilbert A. C.","key":"e_1_2_1_22_1"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/776985.776986"},{"volume-title":"Proceedings of the 29th International Conference on Very Large Data Bases (VLDB'03:)","author":"Hammad M. A.","key":"e_1_2_1_24_1"},{"volume-title":"Proceedings of the 30th international Conference on Very Large Data Bases (VLDB'04)","author":"Law Y.-N.","key":"e_1_2_1_25_1"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/IDEAS.2006.40"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/69.790816"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1561\/0400000002"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE.2008.4497449"},{"volume-title":"Proceedings of the 33rd International Conference on Very Large Data Bases (VLDB'07)","author":"Papadopoulos S.","key":"e_1_2_1_30_1"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/1007568.1007631"},{"volume-title":"Proceedings of the 17th International Conference on Very Large Data Bases (VLDB'91)","author":"Schreier U.","key":"e_1_2_1_32_1"},{"key":"e_1_2_1_33_1","unstructured":"StreamBase. 2008. StreamBase homepage. http:\/\/www.streambase.com\/.  StreamBase. 2008. StreamBase homepage. http:\/\/www.streambase.com\/."},{"volume-title":"Proceedings of the 22th International Conference on Very Large Data Bases (VLDB'96)","year":"1996","author":"Sullivan M.","key":"e_1_2_1_34_1"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/130283.130333"},{"key":"e_1_2_1_36_1","unstructured":"Truviso. 2008. Truviso homepage http:\/\/www.truviso.com\/.  Truviso. 2008. Truviso homepage http:\/\/www.truviso.com\/."},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/1007568.1007617"}],"container-title":["ACM Transactions on Information and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1805974.1805984","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1805974.1805984","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T11:22:42Z","timestamp":1750245762000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1805974.1805984"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010,7]]},"references-count":37,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2010,7]]}},"alternative-id":["10.1145\/1805974.1805984"],"URL":"https:\/\/doi.org\/10.1145\/1805974.1805984","relation":{},"ISSN":["1094-9224","1557-7406"],"issn-type":[{"type":"print","value":"1094-9224"},{"type":"electronic","value":"1557-7406"}],"subject":[],"published":{"date-parts":[[2010,7]]},"assertion":[{"value":"2008-01-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2009-02-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2010-07-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}