1 / 112

Geospatial Database Security

Geospatial Database Security. Nguyễn Minh Nhật Nguyễn Ngọc Hương Thảo Lê Trần Hoài Thu. Content. Part 01. Basic Knowledge about GIS I s some basic information to know about GIS. Part 02. Authorization in GIS Database

aliya
Download Presentation

Geospatial Database Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Geospatial Database Security Nguyễn Minh Nhật Nguyễn Ngọc Hương Thảo Lê Trần Hoài Thu

  2. Content Part 01 Basic Knowledge about GIS Is some basic information to know about GIS Part 02 Authorization in GIS Database Is one of regular way to authorization about users and their privileges. Part 03 Some GIS Security Model Is some of Security model common used.

  3. Contents of Basic GIS Introduction of GIS & Geospatial database GIS database structure

  4. What is GIS? Application? USER GIS Geographical Information Systems REAL WORLD

  5. GIS: history background • This technology has developed from: • Digital cartography and CAD • Data Base Management Systems 1 2 3 CAD System DataBaseManagement System

  6. Geospatial Database Database map Attribute values

  7. Contents of Basic GIS Introduction of GIS & Geospatial database GIS database structure

  8. Representation of Geographical Information • Many spatial databases are partitioned internally: • Partitions defined spatially • Partitions defined thematically • Both • Tile: a geographical partition of a database • Layer: a thematic partition

  9. LAYER • A layer: logical grouping of geographic feature, that can also be referred to as a coverage. Thematic Map of the Continental United States

  10. States Rivers Lakes Roads Capitals Maps are composed of Layers LAYER

  11. GIS database structure • Layers contain features or surfaces • Layers are represented by: • Vector model • Raster model • TIN model • GIS database structure: • Database map: spatial data • Attribute map: non-spatial data features surfaces

  12. Representing data with vector • Vector model: geometric objects: • Points • Lines • Polygons • Spaghetti model and Topology model

  13. Spaghetti model • Stores by x, y co-ordinate • Represents relational spatial data for each object • Represents attribute data

  14. Spaghetti model • Advantages: • Simple , easy to represent • Disadvantages: • Unable to represent relational spatial data among these objects • Polygons: boundary is stored twice

  15. Topology model • Spatial data • Relational spatial data topology • Arc-Node topology • Polygon-Arc topology

  16. Representing data with vector • Advantage: • Allowing precise representation of points, boundaries, and linear features. • Disadvantage: • The boundaries of the resultant map polygons discrete, whereas in reality the map polygons may represent continuous gradation or gradual change

  17. Representing data with raster • Raster model as image files: • Composed of grid-cells (pixels) • A value attribute table (VAT) keeps track of your value classification. • Add custom attributes by adding more columns. • Disadvantage? • Raster data has one or more bands. • Each band has an identical grid layout representing a different attribute.

  18. Representing data with raster • Representing well indistinct boundaries • Thematic information on soil types, soil moisture, vegetation, ground temperatures • Being used as reconnaissance satellites and aerial surveys use raster-based scanners, the information (scanned images) can be directly incorporated into GIS • The higher the grid resolution, the larger the data file is going to be.

  19. Representing data with TIN • TIN: Triangulated Irregular Networks • Representing continuous surfaces

  20. Representing data with TIN • Network structure

  21. Attribute data • Features are stored in a database along with information describing them. • Attributes of a street: name, street type, length, street code, number of lanes, pavement type. • Attributes of a park: name, area, hours of operation, maintenance schedule.

  22. Attribute data 3 1 4 2 • Attribute values in a GIS are stored as relational database table. • Each feature within in GIS layer will be represented as a record in a table

  23. Content Part 01 Basic Knowledge about GIS Is some basic information to know about GIS Part 02 Authorization in GIS Database Is one of regular way to authorization about users and their privileges. Part 03 Some GIS Security Model Is some of Security model common used.

  24. Contents of Authorization in GIS Why is authorization in GIS important? Topological spatial data model (TSDM) Basic components of the model The geographic access control model Authorization control mechanism

  25. Why is authorization in GIS important? • Geographical data have a strategic relevance in a large variety of contexts • Gathering and analyzing intelligence • Protecting critical infrastructure • Responding to complex emergencies • Preparing for disease outbreaks and bioterrorism • Securing complex events

  26. Topological spatial data model (TSDM) • Geometric layer: • Shape and location on the earth surface of features • Geometric value: set of points, set of simple connected (or not) polylines, set of simple polygons • Topological layer: • Describing the topological relations of the feature with others features of the map • Relation: {Disjoint, Touch, In, Contains, Equal, Cross, Overlap}

  27. Topological spatial data model (TSDM) Example of a geographical database the railway network

  28. Topological spatial data model (TSDM) Topological relations among the features of the Region and the County feature types

  29. Topological spatial data model (TSDM) • Geometric layer • Topological layer • Operators: • Feature-based operators • Map-based operators • Mixed operators

  30. Basic components of the model • Subject and object • Subject: All users that interact with the system • Object: • Schema objects • Instance objects • Group objects • privileges • Instances privileges • Insertion privileges • Schema privileges

  31. Basic components of the model • Authorization sign and type • Sign • (+) A subject is authorized for a given privilege • (-) A subject is denied access to a given object under a given privilege • Type: specifies whether an authorization can be overridden or not • Weak authorizations • Strong authorizations • Queries and windows • Grant option: Only (+) authorizations can be delegated

  32. The geographic access control model • Authorization • Authorization extension • Correct authorization

  33. Authorization • A tuple containing all the basic components of the model • The form: (u, p, pt, g, go, o ,t, w, q) • Example: • Set A = { a8 = (Ted, selM(2,geo),+,Bob,false,M_rail,st,Milan, ┴), a9 = (Ted, updF(0,space,+, Bod, false,Accident,wk, Milan, N=‘wrong manouevre’Name=‘X’(Accident)) }

  34. Derivation rule • Derivation over object relationships • Derivation over privilege relationships • An authorization granting a privilege to objects with a certain dimension has to be propagated to objects with lower dimension • An authorization denying a privilege to objects with a certain dimension has to be propagated to objects with higher dimension

  35. Derivation rule

  36. Derivation rule

  37. Algorithms for access control • Given an access request r = (u,p,o) • An authorization: a = (u,p,pt,g,go,o,t,w,q) • The access request can be satisfied if: • R depends on a strong positive authorization and on no strong negative authorization • R depends on a weak positive authorization, on no weak negative authorization and on no strong authorization.

  38. Content Part 01 Basic Knowledge about GIS Is some basic information to know about GIS Part 02 Authorization in GIS Database Is one of regular way to authorization about users and their privileges. Part 03 Some GIS Security Model Is some of Security model common used.

  39. Contents of GIS Security Model Aspects in Security of Database System Analysis of Access Control Mechanisms for Spatial DB Secure Access Control in a Multi-User Geodatabase Access control model for spatial data on web Q&A

  40. Aspects in Security of Database System  • Privacy • Confidential • Secrecy • Integrity • Accuracy • Granularity • Availability How????

  41. Privacy & Secrecy  Access limit control • User private access right. • GIS User-level based. • Problems: • Non module GIS database. • Module GIS database. User 1 User 2 GIS Database GIS Database Aspects in Security of Database System

  42. Privacy & Secrecy (cont)  Change 01 User 01 Change 02 User 02 GIS Database Change 03 User 03 Change 04 User 04 Change 05 User 05 Change 06 User 06 Change 07 User 07 Change …. User …. Aspects in Security of Database System

  43. Availability  • Storage Structure Data Database Management • Application • Web Service • Web Users • Operating System Data Image Aspects in Security of Database System

  44. Availability (cont)  • Database Restore • Loss of power • Disconnect. • Hardware or Software errors. forwarding Packet Aspects in Security of Database System

  45. Granularity  • Metadata Aspects in Security of Database System

  46. Integrity & Accuracy  • Data type • Not Null Definitions • Default Definitions  • Identity Properties • Constraints • Rules • Triggers • Indexes • Advanced Query Techniques Integrity & Accuracy = Can’t be tampered (added, deleted, or altered) by illegal users. Aspects in Security of Database System

  47. Confidentialy  Network Data Data User Data Data Data Poison Data Poison Data Confidentialy = only user knows data Attacker Aspects in Security of Database System

  48. Contents of GIS Security Model Aspects in Security of Database System Analysis of Access Control Mechanisms for Spatial DB Efficient Techniques for Realizing Geo-Spatial Access Control Secure Access Control in a Multi-User Geodatabase Access control model for spatial data on web

  49. Introduction Two possible solution to restricting access to database: • SDE-based access control mechanism. • View-based access control mechanism. SDE-based access control mechanism View-based access control mechanism. Analysis of Access Control Mechanisms for Spatial DB

  50. SDE-based access control mechanism • SDE (Spatial Data Engine). • Function: manage unstructured spatial data in structure RDBMS (Relational database management system) http://en.wikipedia.org/wiki/Relational_database_management_system Analysis of Access Control Mechanisms for Spatial DB

More Related