In-broker Access Control for Information Brokerage Systems

Author

Fengjun LI, Pennsylvania State University
Bo LUO, Pennsylvania State University
Peng LIU
Dongwon LEE, Pennsylvania State University
Prasenjit Mitra, Pennsylvania State University
Wang-Chien LEE, Pennsylvania State University
Chao-Hsien CHU, Singapore Management UniversityFollow

Publication Type

Journal Article

Publication Date

2007

Abstract

An XML brokerage system is a distributed XML database system that comprises data sources and brokers which, respectively, hold XML documents and document distribution information. Databases can be queried through brokers with no schema-relevant or geographical difference being noticed. However, all existing information brokerage systems view or handle query brokering and access control as two orthogonal issues: query brokering is a system issue that concerns costs and performance, while access control is a security issue that concerns information confidentiality. As a result, access control deployment strategies (in terms of where and when to do access control) and the impact of such strategies on end-to-end system performance are neglected by existing information brokerage systems. In addition, data source side access control deployment is taken-for-granted as the ``right'' thing to do. In this paper, we challenge this traditional, taken-for-granted access control deployment methodology, and we show that query brokering and access control are {\bf not} two orthogonal issues because access control deployment strategies can have significant impact on the ``whole'' system's end-to-end performance. We propose the first in-broker access control deployment strategy where access control is ``pushed'' from the boundary into the ``heart'' of the information brokerage system. We design and evaluate the in-broker access control scheme for information brokerage systems. Our experimental results indicate that information brokerage system builders should treat access control as a system issue as well.

Keywords

Information Brokerage System, Role Based Access Control, XML

Discipline

Computer Sciences | Finance and Financial Management | Management Information Systems

Research Areas

Information Systems and Management

Publication

International Journal on Intelligent Control and Systems

Volume

12

Issue

4

First Page

283

Last Page

292

ISSN

0218-7965

Publisher

Westing Publishing

Citation

LI, Fengjun; LUO, Bo; LIU, Peng; LEE, Dongwon; Mitra, Prasenjit; LEE, Wang-Chien; and CHU, Chao-Hsien. In-broker Access Control for Information Brokerage Systems. (2007). International Journal on Intelligent Control and Systems. 12, (4), 283-292.
Available at: https://ink.library.smu.edu.sg/sis_research/1783

Additional URL

http://www.asmemesa.org/ezconf/IJICS/issue.php?id=16