ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Security and privacy for geospatial data: concepts and research directions
Full text PdfPdf (654 KB)
Source
Geographic Information Systems archive
Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS table of contents
Irvine, California
SESSION: Inaugural paper table of contents
Pages 6-19  
Year of Publication: 2008
ISBN:978-1-60558-324-2
Authors
Elisa Bertino  Purdue University
Bhavani Thuraisingham  University of Texas at Dallas
Michael Gertz  University of Heidelberg, Germany
Maria Luisa Damiani  Università degli Studi di Milano, Italy
Sponsors
SIGSPATIAL : ACM Special Interest Group on Spatial Information
CERIAS : The Center for Education and Research in Information Assurance and Security
OCR : IBM Open Collaboartive Research Initiative
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 65,   Downloads (12 Months): 342,   Citation Count: 1
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1503402.1503406
What is a DOI?

ABSTRACT

Geospatial data play a key role in a wide spectrum of critical data management applications, such as disaster and emergency management, environmental monitoring, land and city planning, and military operations, often requiring the coordination among diverse organizations, their data repositories, and users with different responsibilities. Although a variety of models and techniques are available to manage, access and share geospatial data, very little attention has been paid to addressing security concerns, such as access control, security and privacy policies, and the development of secure and in particular interoperable GIS applications. The objective of this paper is to discuss the technical challenges raised by the unique requirements of secure geospatial data management and to suggest a comprehensive framework for security and privacy for geospatial data and GIS. Such a framework is the first coherent architectural approach to the problem of security and privacy for geospatial data.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
GeoXACML Implementation Specification, http://www.opengeospatial.org/standards/geoxacml.
 
2
Open GIS Consortium Interoperability Demonstration Focuses on Emergency Response Situations, http://xml.coverpages.org/ogc-wsinterop.html.
 
3
The Open Geospatial Consortium (OGC). http://www.opengeospatial.org.
 
4
XML Signature Syntax and Processing, W3C Recommendation, June 2008. http://www.w3.org/TR/xmldsig-core/, 2008.
 
5
Geospatial Interoperability Reference Model (GIRM, V 1.1). http://gai.fgdc.gov/, 2003.
 
6
GML3.1 ISO/TC 211/WG 4/PT 19136 Geographic information, Geography Markup Language (GML), Committee Draft. http://portal.opengeospatial.org/files/?artifact_id=4700, 2004.
 
7
OGC Critical Infrastructure Protection Initiative (CIPI), http://ip.opengis.org/cipi/, 2006.
 
8
Global Earth Observation System of Systems (GEOSS). http://www.epa.gov/geoss/, 2006.
 
9
OpenGIS Geography Language (GML) Encoding Specification, version 3.1.1, http://www.opengeospatial.org/standards/gml, 2007.
 
10
M. Abedin, S. Nessa, L. Khan, and B. M. Thuraisingham. Detection and resolution of anomalies in firewall policy rules. In 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec), 2006.
11
Ashraful Alam , Ganesh Subbiah , Bhavani Thuraisingam , Latifur Khan, Reasoning with semantics-aware access control policies for geospatial web services, Proceedings of the 3rd ACM workshop on Secure web services, November 03-03, 2006, Alexandria, Virginia, USA  [doi>10.1145/1180367.1180380]
 
12
A. Alam and B. Thuraisingham. Geography resource description framework (GRDF) and secure GRDF (S-GRDF). Technical report, The University of Texas at Dallas, 2006.
 
13
Vijayalakshmi Atluri , Soon Ae Chun, An Authorization Model for Geospatial Data, IEEE Transactions on Dependable and Secure Computing, v.1 n.4, p.238-254, October 2004  [doi>10.1109/TDSC.2004.32]
 
14
V. Atluri and P. Mazzoleni. Uniform indexing for geospatial data and authorizations. In Research Directions in Data and Applications Security, IFIP WG 11.3 Sixteenth International Conference on Data and Applications Security, 2002.
 
15
J. C. Baker, B. E. Lachman, D. R. Frelinger, K. M. O'Connell, and A. Hou. Mapping the risks: Assessing the homeland security implications of publicly available geospatial information. Technical Report, RAND National Defense Research Institute, 2004.
16
A. Belussi , E. Bertino , B. Catania , M. L. Damiani , A. Nucita, An authorization model for geographical maps, Proceedings of the 12th annual ACM international workshop on Geographic information systems, November 12-13, 2004, Washington DC, USA  [doi>10.1145/1032222.1032236]
17
A. Belussi , B. Catania , E. Bertino, A reference framework for integrating multiple representations of geographical maps, Proceedings of the 11th ACM international symposium on Advances in geographic information systems, p.33-40, November 07-08, 2003, New Orleans, Louisiana, USA  [doi>10.1145/956676.956681]
 
18
F. L. Ber and A. Napoli. Design and comparison of lattices of topological relations for spatial representation and reasoning. Journal of Experimental & Theoretical Artificial Intelligence, 15(3):331--371, 2003.
19
Elisa Bertino , Piero Andrea Bonatti , Elena Ferrari, TRBAC: A temporal role-based access control model, ACM Transactions on Information and System Security (TISSEC), v.4 n.3, p.191-233, August 2001  [doi>10.1145/501978.501979]
20
Elisa Bertino , Barbara Catania , Elena Ferrari , Paolo Perlasca, A logical framework for reasoning about access control models, ACM Transactions on Information and System Security (TISSEC), v.6 n.1, p.71-127, February 2003  [doi>10.1145/605434.605437]
 
21
Elisa Bertino , Maria Luisa Damiani , Davide Momini, An Access Control System for a Web Map Management Service, Proceedings of the 14th International Workshop on Research Issues on Data Engineering: Web Services for E-Commerce and E-Government Applications (RIDE'04), p.33-39, March 28-29, 2004
22
Elisa Bertino , Elena Ferrari, Secure and selective dissemination of XML documents, ACM Transactions on Information and System Security (TISSEC), v.5 n.3, p.290-331, August 2002  [doi>10.1145/545186.545190]
23
Elisa Bertino , Sushil Jajodia , Pierangela Samarati, A flexible authorization mechanism for relational data management systems, ACM Transactions on Information Systems (TOIS), v.17 n.2, p.101-140, April 1999  [doi>10.1145/306686.306687]
 
24
Elisa Bertino , Ravi Sandhu, Database Security-Concepts, Approaches, and Challenges, IEEE Transactions on Dependable and Secure Computing, v.2 n.1, p.2-19, January 2005  [doi>10.1109/TDSC.2005.9]
25
Rafae Bhatti , Arif Ghafoor , Elisa Bertino , James B. D. Joshi, X-GTRBAC: an XML-based policy specification framework and architecture for enterprise-wide access control, ACM Transactions on Information and System Security (TISSEC), v.8 n.2, p.187-227, May 2005  [doi>10.1145/1065545.1065547]
 
26
Soon Ae Chun , Vijayalakshmi Atluri, Protecting Privacy from Continuous High-resolution Satellite Surveillance, Proceedings of the IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security: Data and Application Security, Development and Directions, p.233-244, August 21-23, 2000
27
Michael J. Covington , Wende Long , Srividhya Srinivasan , Anind K. Dev , Mustaque Ahamad , Gregory D. Abowd, Securing context-aware applications using environment roles, Proceedings of the sixth ACM symposium on Access control models and technologies, p.10-20, May 2001, Chantilly, Virginia, United States  [doi>10.1145/373256.373258]
28
Maria Luisa Damiani , Elisa Bertino , Barbara Catania , Paolo Perlasca, GEO-RBAC: A spatially aware RBAC, ACM Transactions on Information and System Security (TISSEC), v.10 n.1, p.2-es, February 2007  [doi>10.1145/1210263.1210265]
 
29
Premkumar Devanbu , Michael Gertz , April Kwong , Charles Martel , Glen Nuckolls , Stuart G. Stubblebine, Flexible authentication of XML documents, Journal of Computer Security, v.12 n.6, p.841-864, December 2004
 
30
Premkumar Devanbu , Michael Gertz , Charles Martel , Stuart G. Stubblebine, Authentic data publication over the internet, Journal of Computer Security, v.11 n.3, p.291-314, 1 March 2003
 
31
J. Dobson. Is GIS a privacy threat? GIS World, 1198.
 
32
A. Entchev. GIS and privacy. Directions Magazine, 2005.
 
33
ESRI. OpenGIS Interoperability Add-ons for ArcGIS, http://www.esri.com/software/standards/ogc-download.html, 2005.
 
34
M. Gertz, Q. Hart, C. Rueda, S. Singhal, and J. Zhang. A data and query model for streaming geospatial image data. In 11th International Workshop on Foundations of Models and Languages for Data and Objects (Query Languages and Query Processing - QLQP), Revised Selected Papers. LNCS 4254, Springer, 687--699. 2006.
 
35
M. Gertz, A. Kwong, C. Martel, G. Nuckolls, P. Devanbu, and S. Stubblebine. Databases that tell the truth: Authentic data publication. Bulletin of the Technical Committee on Data Engineering, 7(1):21--41, 2004.
 
36
Michael Gertz , Sushil Jajodia, Handbook of Database Security: Applications and Trends, 2007
 
37
M. Gertz and A. M. Rosenthal. Database Security. In Bidgoli, H. (editor) Handbook of Information Security, Threats, Vulnerabilities, Prevention, Detection and Management, pages 380--395, Wiley. 2006.
 
38
F. Hansen and V. A. Oleshchuk. Spatial role-based access control model for wireless networks. In IEEE Vehicular Technology Conference VTC2003-Fall, 2003.
39
Sushil Jajodia , Pierangela Samarati , Maria Luisa Sapino , V. S. Subrahmanian, Flexible support for multiple access control policies, ACM Transactions on Database Systems (TODS), v.26 n.2, p.214-260, June 2001  [doi>10.1145/383891.383894]
 
40
John R. Jensen, Introductory Digital Image Processing: A Remote Sensing Perspective, Prentice Hall PTR, Upper Saddle River, NJ, 1995
 
41
James B. D. Joshi , Elisa Bertino , Usman Latif , Arif Ghafoor, A Generalized Temporal Role-Based Access Control Model, IEEE Transactions on Knowledge and Data Engineering, v.17 n.1, p.4-23, January 2005  [doi>10.1109/TKDE.2005.1]
42
M. Koch , L. V. Mancini , F. Parisi-Presicce, On the specification and evolution of access control policies, Proceedings of the sixth ACM symposium on Access control models and technologies, p.121-130, May 2001, Chantilly, Virginia, United States  [doi>10.1145/373256.373280]
 
43
Ron Lake , David Burggraf , Milan Trninic , Laurie Rae, Geography Mark-Up Language: Foundation for the Geo-Web, John Wiley & Sons, 2004
44
Markus Lorch , Seth Proctor , Rebekah Lepro , Dennis Kafura , Sumit Shah, First experiences using XACML for access control in distributed systems, Proceedings of the 2003 ACM workshop on XML security, October 31-31, 2003, Fairfax, Virginia  [doi>10.1145/968559.968563]
 
45
Paul M. Mather, Computer Processing of Remotely-Sensed Images: An Introduction, John Wiley & Sons, 2004
46
Andreas Matheus, Declaration and enforcement of fine-grained access restrictions for a service-based geospatial data infrastructure, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden  [doi>10.1145/1063979.1063983]
47
P. Mazzoleni , E. Bertino , B. Crispo , S. Sivasubramanian, XACML policy integration algorithms: not to be confused with XACML policy combination algorithms!, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA  [doi>10.1145/1133058.1133089]
 
48
FGDC. Guidelines for providing appropriate access to geospatial data in response to security concerns. http://www.fgdc.gov/policyandplanning/Access_Guidelines.pdf, June 2005.
 
49
FGDC. National Spatial Data Infrastructure (NSDI). http://www.fgdc.gov/nsdi/nsdi.html.
 
50
H. J. Onsrud, J. P. Johnson, and X. Lopez. Protecting personal privacy in using geographic information systems. Photogrammetic Engineering and Image Processing, 60(9):1083--1095, 1994.
51
Dimitris Papadias , Max J. Egenhofer , Jayant Sharma, Hierarchical reasoning about direction relations, Proceedings of the 4th ACM international workshop on Advances in geographic information systems, p.105-112, November 1996, Rockville, Maryland, United States  [doi>10.1145/258319.258348]
 
52
Spatial databases with application to GIS, Morgan Kaufmann Publishers Inc., San Francisco, CA, 2001
 
53
Pierangela Samarati , Sabrina De Capitani di Vimercati, Access Control: Policies, Models, and Mechanisms, Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures, p.137-196, September 01, 2000
 
54
Hanan Samet, Applications of spatial data structures: Computer graphics, image processing, and GIS, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1990
55
Ravi Sandhu , Venkata Bhamidipati , Qamar Munawer, The ARBAC97 model for role-based administration of roles, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.105-135, Feb. 1999  [doi>10.1145/300830.300839]
 
56
Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996  [doi>10.1109/2.485845]
 
57
B. Thuraisingham. Database and Applications Security, Integrating Data Management and Applications Security. CRC Press/Auerbach, 2005.
 
58
Bhavani Thuraisingham , William Ford, Security Constraint Processing in a Multilevel Secure Distributed Database Management System, IEEE Transactions on Knowledge and Data Engineering, v.7 n.2, p.274-293, April 1995  [doi>10.1109/69.382297]
 
59
C. D. Tomlin. Geographic Information Systems and Cartographic Modeling. Prentice-Hall, 1990.
 
60
Y. Wang and J. Vassileva. Bayesian network trust model in peer-to-peer networks. In Second International Workshop on Agents and Peer-to-Peer Computing (AP2PC 2003), 2003.
 
61
M. Winslett , N. Ching , V. Jones , I. Slepchin, Using digital credentials on the World Wide Web, Journal of Computer Security, v.5 n.3, p.255-267, June 1997
 
62
T. Wright. Geographic information systems. Ontario Offce of Information and Privacy Commissioner, 1997.
 
63
Y. Yang, S. Papadopoulos, D. Papadias, and G. Kollios. Spatial outsourcing for location-based services. In Proceedings of the 24th International Conference on Data Engineering, ICDE 2008, 1082--1091, 2008.

CITED BY
Maria Luisa Damiani , Herve Martin , Yucel Saygin , Maria Rita Spada , Cedric Ulmer, Spatio-temporal access control: challenges and applications, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy

INDEX TERMS

Primary Classification:
  H. Information Systems
  H.2 DATABASE MANAGEMENT
      H.2.8 Database applications
          Subjects: Spatial databases and GIS

Additional Classification:
  K. Computing Milieux
  K.4 COMPUTERS AND SOCIETY
      K.4.1 Public Policy Issues
          Subjects: Privacy
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)


General Terms:
Legal Aspects, Management, Security, Theory


Keywords:
GIS, geospatial data, privacy, security

Collaborative Colleagues:
Elisa Bertino: colleagues
Bhavani Thuraisingham: colleagues
Michael Gertz: colleagues
Maria Luisa Damiani: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player