1 / 16

Semantic Video Access Control Model: An Overview and Implementation

This article presents an access control model for video database systems focusing on video semantics. Topics include video data modeling, authorization rules, access control techniques, system architecture, and future work. The authorization model is based on logical video segments and concepts, with examples provided for credential expressions and object specifications. The goal is to provide secure and organized access to video databases by exploiting the expressive power in video semantics.

ami
Download Presentation

Semantic Video Access Control Model: An Overview and Implementation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Access Control Model for Video Database SystemsAs a joint work of: Elisa Bertino1, Ahmed K. Elmagarmid 2 and Moustafa M. Hammad21Dipartimento di Scienze dell'Informazione. Universit degli Studi di Milano. Via Comelico, 39/41 20135 Milano, Italy. bertino@dsi.unimi.it. 2Computer Science Department, Purdue University. 1398 Computer Science Bld., West Lafayette IN 47907. {ake,mhammad}@cs.purdue.edu.

  2. Introduction • Video data possess unique features that distinguished them from other data types. ( e.g. different media types - visual, audio and text-, schemaless, massive volume, time and space-variant, rich semantic contents - a picture worth 1000 words, what about video????) • Different approaches to model video data like: • Segmentation-based, physical features oriented; color histogram, textures, audio, text. • Annotation-based, semantic features oriented. Video description is used to access video. • Large amount of digital video > 1.8 M Gbytes, and a large investments, MPEG-2 has created the entirely new digital television industry worth ~30 billion $. • Hence a need to provide secure and organized access to video database !!!! or access control. • Is Access Control based on physical or semantic content? Our work is focused on access control based on video semantics to exploit the expressive power in video.

  3. Topics of Discussion • Video data model. • Authorization model for video database. • Access control techniques. • System architecture. • Conclusion and future work.

  4. Video Data Model Physical video segment Physical video stream Hot Object Life time interval or logical video segment John plying with his bicycle

  5. Authorization Model • Closed system access control ( no access permission unless explicitly specified in the system). • User access requests are checked against authorization rules. • Authorization rule specification entails: • Subject Specification, • Object Specification, and • Mode Specification. Access request Authorization rules Request satisfies authorization rules Yes No Grant Deny

  6. Subject Specification • Use of credential • Characteristic and attributes of users (user profiles) instead of only user identifiers. • Example: (Name: John, Age: 8, Job: student,……). • Suitable for video data. • Credential type (schema), credential and credential expression. • We specify a simple language for credential expressions. • Examples of credential expressions: • Student(x): representing all users that are students. • x.age < 18: denoting all users having age < 18. • Student(x) AND x.age < 18: Students with age < 18. • Credential expression is finally evaluated to a set of user identifiers. • Subject is specified as either: • list of users identifiers or credential expression.

  7. Object Specification • We base our access model on logical video level to: • be easy to apply and modify, and • allow specification of access based on semantic video contents. • Video objects possess more than just physical characteristic (semantic contents). • Annotations describe video semantic and one can extract concepts from video annotation. (e.g. FIAT and MAZDA are CARS). • In its simplest form concepts represent just annotation keywords. • We use concepts that describe video semantics to specify video security.

  8. Object Specification (Cont.) • Concept expression involves one or more concepts with video operators between them. Video operators are either spatial, temporal, spatio-temporal or Boolean operators. • Concept expression: • The set CPE of concept expressions is built from atoms and operation  , video operation. • Atoms can be of the following types: • c , where c set of concepts. • c1 c2 , where c1, c2 are concepts and  set of video operations. • Then the set CPE of concept expressions is recursively defined as follows: • Every atom is a concept expression. • If CpE1 and CpE2 are concept expressions, then CpE1 CpE1, CpE1CpE1, CpE1 , (CpE1) are also concept expressions.

  9. Object Specification (Cont.) • Concepts expression finally evaluates to set of logical video segments that contain concepts satisfying the expression. • Examples of concept expressions: • “World War IIDigol” denotes all frame intervals that have General Digol as a hot object and deal with World War II. • “ Ortiga DURING drug trial” denotes all frame intervals that have former Colombian president Ortiga” during the drug trial in court video. • “ DISCOVERY CLOSE spying satellite” denotes all frame intervals that have DISCOVERY space shuttle fixing or close to a spying satellite in NASA video library. • Video Object can be specified either: • by providing a set of logical video elements. • by providing concept expression.

  10. Authorized Object • Consists of two parts: • protected objects (po): which represent video elements user wants to access, and • restricted objects (ro) : which represent video elements user is restricted to access. • Authorized objects (ao) is defined as the following expression: • ao = po ro, where is defined as the exclusion of restricted object from protected ones. Protected object Restricted object = Authorized Object

  11. Relations Between Different Object Specification Terms

  12. Mode Specification • low level operations like (read and write) are not suitable in video access control. • More abstract level operations are used to specify different access modes: • View (annotations), View(Rframes), Play(period, quality), Edit(annotation), Edit(logical-video), Edit(Physical-video). • Those operations are in increasing power, the successor subsumes the predecessor.

  13. Access Control Mechanism • A user submits a request to access video element, • The access control routine checks the authorization rule repository for an authorization rule satisfies : • User is one of the subjects, • The accessed object is one of the protected objects, • The operation is equal or less than the specified mode. • If not found, user is unauthorized. • Else If the object is a restricted one Then apply operator and authorize the subject to the new object. Else authorize the subject.

  14. System Architecture

  15. Conclusion and future work • Provide access control based on video semantic not only physical features. • Support for different video granularity access control. • Not a dump guard but smart manager (apply filter effects). • Provide categories of video privileges. • Use of credentials instead of just identifiers. • Providing modular access control architecture. • The model can be adapted to video models that provide content description mechanisms (MPEG-7).

  16. Conclusion and future work (cont.) • Real time provision of access control. • Distributed implementation. • PICS (Platform for Internet Content Selection).

More Related