Cloud and the City: Facilitating Flexible Access Control over Data Streams
This work addresses the need for data owners to control data sharing granularity in smart city and home applications, though it is incremental as it builds on existing XACML standards.
The paper tackles the problem of enabling flexible, fine-grained access control for data streams in cloud environments, proposing the eXACML+ framework that extends XACML and demonstrating its efficacy through a prototype with experiments in cloud-like settings.
The proliferation of sensing devices create plethora of data-streams, which in turn can be harnessed to carry out sophisticated analytics to support various real-time applications and services as well as long-term planning, e.g., in the context of intelligent cities or smart homes to name a few prominent ones. A mature cloud infrastructure brings such a vision closer to reality than ever before. However, we believe that the ability for data-owners to flexibly and easily to control the granularity at which they share their data with other entities is very important - in making data owners feel comfortable to share to start with, and also to leverage on such fine-grained control to realize different business models or logics. In this paper, we explore some basic operations to flexibly control the access on a data stream and propose a framework eXACML+ that extends OASIS's XACML model to achieve the same. We develop a prototype using the commercial StreamBase engine to demonstrate a seamless combination of stream data processing with (a small but important selected set of) fine-grained access control mechanisms, and study the framework's efficacy based on experiments in cloud like environments.