Schematized Access Control for Data Cubes and Trees Claudio Marxer Christian Tschudin < claudio.marxer@unibas.ch > < christian.tschudin@unibas.ch > Computer Networks Group · University of Basel · Switzerland ACM ICN ’17, Berlin · September 28, 2017
How to Control Read Access to a Data Packet? Name-Based Access Control and others: – Data Encryption Keys (DEK) to secure data. – Key Encryption Keys (KEK) for those who got read access. 2
How to Control Read Access to a Data Packet? Name-Based Access Control and others: – Data Encryption Keys (DEK) to secure data. – Key Encryption Keys (KEK) for those who got read access. Fine for single items with one name, or for a collection, using conventions (probably one for each app namespace). But: – no support for derived data (e.g. supress time stamps but leave GPS locations) – key names usually linked to data namespace 2
How to Control Read Access to a Data Packet? Name-Based Access Control and others: – Data Encryption Keys (DEK) to secure data. – Key Encryption Keys (KEK) for those who got read access. Fine for single items with one name, or for a collection, using conventions (probably one for each app namespace). But: – no support for derived data (e.g. supress time stamps but leave GPS locations) – key names usually linked to data namespace How complex does a access control system for NDN and NFN become that wants to be generic? 2
The Answer . . . We did not expect this: At least four schemata! 3
Zoom to the Schemata . . . Document Primary describes Type Documents Definition(s) (raw) defines mapping Data Type Schema 4
Zoom to the Schemata . . . Derivation Document Primary Derived (cooking) describes Type Documents Documents Definition(s) (raw) (cooked) Data Type Schema 4
Recommend
More recommend