Cloud and the City: Facilitating Flexible Access Control over Data Streams

TL;DR

This paper presents eXACML+, a framework extending XACML for fine-grained access control over data streams in cloud environments, enabling flexible sharing for real-time analytics in smart city and home applications.

Contribution

It introduces eXACML+, an extension of XACML tailored for data stream access control, and demonstrates its implementation and effectiveness in cloud-based stream processing.

Findings

eXACML+ effectively enforces fine-grained access control on data streams.

The prototype integrates with StreamBase to support real-time data sharing.

Experiments show the framework's feasibility and performance in cloud environments.

Abstract

The proliferation of sensing devices create plethora of data-streams, which in turn can be harnessed to carry out sophisticated analytics to support various real-time applications and services as well as long-term planning, e.g., in the context of intelligent cities or smart homes to name a few prominent ones. A mature cloud infrastructure brings such a vision closer to reality than ever before. However, we believe that the ability for data-owners to flexibly and easily to control the granularity at which they share their data with other entities is very important - in making data owners feel comfortable to share to start with, and also to leverage on such fine-grained control to realize different business models or logics. In this paper, we explore some basic operations to flexibly control the access on a data stream and propose a framework eXACML+ that extends OASIS's XACML model to achieve the same. We develop a prototype using the commercial StreamBase engine to demonstrate a seamless combination of stream data processing with (a small but important selected set of) fine-grained access control mechanisms, and study the framework's efficacy based on experiments in cloud like environments.