|Bibliography||Schilling, Björn; Koldehofe, Boris; Rothermel, Kurt; Ramachandran, Umakishore: Access Policy Consolidation for Complex Event Processing. |
In: IEEE Conference on Networked Systems (NetSys).
University of Stuttgart, Faculty of Computer Science, Electrical Engineering, and Information Technology.
pp. 92-101, english.
IEEE, March 11, 2013.
Article in Proceedings (Conference Paper).
|CR-Schema||C.2.4 (Distributed Systems)|
|Keywords||Event processing; Complex event processing; CEP; Security; Access Control; Bayesian network|
In distributed complex event processing, event streams are processed over a chain of subsequent operators. For large-scale applications like a logistic chain these operators may be hosted by different entities and thus are spread over different security domains. Current approaches for complex event processing cannot preserve the privacy of an operator’s incoming event streams. An adversary may infer the original input stream from its legally received event streams.
In this paper we present a fine-grained access management for complex event processing. We show how to enforce privacy of events throughout the chain of dependent operators by specifying appropriate access policies and proposing an algorithm for policy consolidation. Furthermore, we introduce the calculation of obfuscation achieved in a correlation step. This allows us to ignore access requirements once a sufficient obfuscation level has been achieved, the proposed algorithms is capable to reduce the required overhead in the enforcement of access policies. We prove correctness and evaluate the cost in establishing policy consolidation.
|Full text and|
|PDF (190241 Bytes)|
|Copyright||© 2013 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. |
|Department(s)||University of Stuttgart, Institute of Parallel and Distributed Systems, Distributed Systems|
|Entry date||December 13, 2012|