Psychology

A Security Model Based on Relational Model for Semantic Sensor Networks

Description
This paper proposes a novel security model for secure query processing in semantic sensor networks. A semantic sensor network (SSN) is a sensor network including semantics of sensory data and context information, and relationships between the
Categories
Published
of 16
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Share
Transcript
  Wireless Pers Commun (2011) 56:131–146DOI 10.1007/s11277-009-9878-x A Security Model Based on Relational Model forSemantic Sensor Networks Dongwon Jeong  ·  Hyejin Jeong  ·  Soo-Hyun Park  · Young-Sik Jeong  ·  Sangkyung Kim  ·  Changhwa Kim Published online: 2 December 2009© Springer Science+Business Media, LLC. 2009 Abstract  This paper proposes a novel security model for secure query processing insemantic sensor networks. A semantic sensor network (SSN) is a sensor network includingsemantics of sensory data and context information, and relationships between the semanticsbyusingSemanticWebtechnologies.EventhoughmuchresearchhasbeenactivatedonSSN,there is little activity on how to securely access data in semantic sensor networks. Most of storages have been developed based on relational database model and the relational databasemodel provides a secure and robust security support. Therefore, we need to devise a securitymodel considering such a real environment. This paper proposes a new access control modelfor secure query processing in semantic sensor networks. The proposed security model isbased on relational database security model. This paper shows the overall framework and D. Jeong ( B )  ·  H. JeongDepartment of Informatics and Statistics, Kunsan National University,San 68, Miryong-dong, Gunsan, Jeollabuk-do 573-701, Koreae-mail: djeong@kunsan.ac.krH. Jeonge-mail: xhyejin86x@kunsan.ac.krS.-H. Park Department of Business Information Technology, Kookmin University,861-1, Jeongneung-dong, Seongbuk-gu, Seoul 136-702, Koreae-mail: shpark21@kookmin.ac.krY.-S. Jeong ( B )Department of Computer Engineering, Wonkwang University,344-2 Sinyong-Dong, Iksan, Jeollabuk-do 570-749, Koreae-mail: ysjeong@wku.ac.krS. Kim  ·  C. Kim ( B )Department of Computer Science and Engineering, Kangnung National University,120 Gangneung Daehangno, Gangneung, Gangwon-do, 210-702, Koreae-mail: kch@kangnung.ac.krS. Kime-mail: skkim98@kangnung.ac.kr  1 3  132 D. Jeong et al. definitionsoftheproposal,andtheexperimentandevaluationisdescribedtoshowvalidityof ourproposal.Withtheexperimentandevaluation,itisclearthattheproposedmodelprovidesa secure access control support for SSNs. Keywords  Sensor network   ·  Semantic web  ·  Access control  ·  RBAC  ·  Security 1 Introduction As the Semantic Web (SW) technology increasingly grows, many research fields such asGrid computing, Sensor Network (SN) and Geographical Information System (GIS) havebeen tried to adopt the SW technologies [1–3]. A semantic sensor network (SSN) is defined as an extension of the current sensor network (SN) in which sensor data and context infor-mation are given semantics, i.e., well-defined meanings. To realize the SSN environment,the SW technologies such as the Resources Description Language (RDF and RDF Schema),OWL (Web Ontology Language) are used [4–6]. Until now, most research on SSN has been focused on reasoning [7], integration [8], visualization [9–11], data fusion, metadata man- agement [12,13], and so on [14,15]. Even though security issue is very important in the SSN environment, little attention has been given to this issue.WhydoesanappropriatesecuritymodelintheSSNenvironmentisrequired?Asaforemen-tioned, information in a semantic sensor network is semantically connected each other usingthe SW technologies. Therefore, many relationships between data in a semantic sensor net-work are defined. It means we need to verify authority considering the relationships for guar-anteeing secure access by users. However, existing access control models have been devisedwithoutsuchconsiderationofrelationshipsbetweeninformationinsemanticsensornetworks.Toaddresssuchasecurityissue,thispaperproposesasecuritymodelfortheSSNenviron-ment. The proposed model is based on RBAC (Role-Based Access Control) and the model isnamed SS-RBAC (Semantic Sensor Networks based on RBAC). As already mentioned, SSNis an extension of the current SN using the SW technologies. For example, for describingmetadata (semantics, meanings) of sensory data and context information, RDF, one of themost basic SW technologies, can be used. The description is formed as an ontology. In thispaper, the ontology for SSN is defined as SSN ontology (SSNO, Semantic Sensor Network Ontology). The ontology for SSN, i.e., the SSN ontology might be stored into a storagesystem. Many storage systems have been developed to store Web ontologies such as DLDB[16], Sesame [17], OWLJessKB [18], Jena [19], Jeong et al. [20], and so on. It means that we can choose any of ontology storage systems developed and used in the SW field.A remarkable point is that most storage systems in the SW field are based on relationaldatabase model. In other words, an ontology built for a SSN environment is naturally storedinto a relational database management system. Fortunately, the relational database modelprovides a stable security model, and the security model of relational database is also basedon RBAC.Theapproachofourproposalisdefinedasarelation-orientedsecuritymodel.Ontheotherhand, we can develop a graph-oriented security model because in practice, an ontology isconsidered as a set of concepts and their relations and is formed as a graph. However, such agraph-oriented security model has many problems as follows: (1) Low practicality, (2) Lowstability, (3) High graph search time, and (4) High complexity for definition of fine-grainedsecurity policy.  1 3  A Security Model Based on Relational Model for Semantic Sensor Networks 133 Table 1  A definition of notations Notations DescriptionN A set of nodes; includes URIs; might be subjects andobjectsE A set of edges (arcs); corresponds to predicates in RDFgraphsL A set of literals, constant valuesB Black nodesS A set of subjects, S = {s 1 , s 2 , . . . , s n }s i  One of subjects, S; s i  ∈  SO A set of objects, O = {o 1 , o 2 , . . . , o n }o i  One of objects, O; o i  ∈  OP A set of predicates, P = {p 1 , p 2 , . . . , p n }p i  One of predicates, P; p i  ∈  PT A set of tables in a relational databaset i  One of tables, T; t i  ∈  Tt i . f   j  A field of the table t i t i . f   j .v k   The  k  th value of the field f   j  in the table t i , where  k   ≥  1V A set of views, V = {v 1 , v 2 , . . . , v n }R A set of roles, R = {r 1 , r 2 ,…, r n }U A set of users, U = {u 1 , u 2 ,…, u n }C A set of classes, C = {c 1 , c 2 ,…, c n }c i  One of classes, C; c i  ∈  CI A set of instances (same with individuals),I = {i 1 , i 2 ,…, i n }i k   One of instances, I; i i  ∈  I Asaresult,consideringsucharealsituation,weneedtodevelopasecuritymodelbasedonrelationalsecuritymodelfortheSSNenvironment.Therefore,theSS-RBACmodelproposedin this paper is designed based on RBAC, precisely relational data model. 2 Notations, Constraints, and Assumptions Thissectiondescribeskeynotations usedinthispaper.Also,severalconstraintsandassump-tions are predefined. A set of notations in Table 1 is defined to formally describe content of this paper.Thispaperdescribestheproposedmodelwithconstraints.Theconstraintsaresummarizedas follows: •  RDF and RDF Schema not OWL: As described in Sect. 1, an ontology can be described in RDF or RDF Schema or OWL. However, this paper mainly focuses ontology in RDFand RDF Schema. •  Simplestoragemodel:Therearemanystoragesystemsbasedonrelationaldatabasemodel.In this paper, a basic-simple storage model is defined to make the implementation of theproposed model easy.RDF and RDF Schema are a well-known technology. However, this paper first defines anddescribes RDF/S (RDF and RDF Schema) to help users’ understanding. RDF (ResourceDescription Language) has been developed as language to represent information on Webresources by W3C. The RDF model is defined as follows:  1 3  134 D. Jeong et al. RDF = (N, B, E, L), •  N: A set of nodes containing URI •  B: A set of black nodes •  E: A set of arcs (edges), which means property (relation, relationship) •  L: A set of literals without URIRDF Schema, simply RDF-S extends RDF and includes additional vocabularies, suchsubClassOf and subPropertyOf. Therefore, we can define hierarchically ontologies.Our proposed security model is a RDB-oriented approach, but an ontology is expressedas a graph. This paper assumes an SSN ontology is stored to a relational database. It requirestwo functions. The first is the function for storing an SSN ontology to a relational database,and the other is the SPARQL-to-SQL translation function. To query the ontology, SPARQLdeveloped by W3C is usually used [22]. SPARQL is based on the Triple model. A triple is a statementandaunitofontology.Inaword,anontologyisasetoftriples.ForstoringtheSSNontology, we select and use the Jena function. As for the second function, there are severalSPARQL-to-SQL translation algorithms [23–25], and thus we can implement the translation function using one of them. This paper uses Jena’s sparql2sql translation function to developa prototype system. 3 SS-RBAC Model Thissectiondescribestheconceptualmodel,overallframework,classificationofaccesstypes(granularity types), and key definitions for the proposed security model, SS-RBAC.3.1 Conceptual ModelSS-RBACisbasedonrelationaldatabasesecuritymodel.Ithastwomeanings.First,itmeansthatontologystoragesbasedonrelationalmodelareusedformanaginganontologyincludingsensorydata,contextinformation,concepts,andrelationshipsofaSSN.Thesecondmeaningis that access control of the ontology is realized by using the relational security model.The relational database model is based on RBAC and physically establishes security pol-icies using the GRANT operator. The relational security model supports the concepts suchas privilege, role, and user group. Using the concepts, we can define fine-grained securitypolicies for the semantic sensor ontology.Figure1illustratestheconceptualmodelforSS-RBACproposedinthispaper.Inaddition,this paper employs Oracle as one of DBMSs for implementation of the prototype system.Especially, VPD (Virtual Private Database), one of Oracle security models, is used for theimplementation and experiment [27]. A current SN consists of several types of data as follows [8]. •  Sensory data: states acquired from sensors •  Context information: Information in which the sensory data is generated; physical prop-erties of sensor nodes such as time, position, data types, etc.However, a SSN additionally includes metadata containing the both types of data. The meta-data refers to concepts and relationships between concepts. Figure 2 shows an example of semantic sensor ontology for SSN in [7]. In Fig. 2, VideoSegment_1 is one of sensory data and BwayAt42nd is one of contextdata describing the location of the traffic camera “Traffic Camera 10036-1”. “Traffic Camera  1 3  A Security Model Based on Relational Model for Semantic Sensor Networks 135 Relational Database Security Model RBAC (Role-Based Access Control) PrivilegesRolesPoliciesGRANTT, set of tablesV, set of views <<realize>> Create <<employ>> T, set of tablesV, set of views   <<authorized>><<created>> DBMS (Oracle) VPD, Oracle Security Model Policy FunctionsPolicies Semantic Seonsor Ontology <<control>>//securequeryprocessing <<realize>> Fig. 1  Conceptual model for SS-RBAC Sensor Location Con g estionLevelM u ltimediaDataSo u ndSensorCameraFixed P ositionTrafficCameraIntersectionBwayAt42ndTraffic Camera10036-1BwayAt43thF u sedCon g estionLevelA u dioSe g mentVideoSe g mentTrafficVideoSe g mentxsd:d u rationcapt u redBys u bclassOf s u bclassOf  s u bclassOf s u bclassOf s u bclassOf s u bclassOf s u bclassOf s u bclassOf typetypetypeatLocationhasSe g mentWidth   Sensor Location Con g estionLevelM u ltimediaDataSo u ndSensorCameraFixed P ositionTrafficCameraIntersectionBwayAt42ndTraffic Camera10036-1BwayAt43thF u sedCon g estionLevelA u dioSe g mentVideoSe g mentTrafficVideoSe g mentxsd:d u rationcapt u redBys u bclassOf s u bclassOf  s u bclassOf s u bclassOf s u bclassOf s u bclassOf s u bclassOf s u bclassOf typetypetypeatLocationhasSe g mentWidth Fig. 2  A semantic sensor ontology example 10036-1” is one of instances (Individuals) of the class “Fixed Position Traffic Camera”. “hasSegment Width” is a relation between “Audio Segment” and “xsd:duration” correspondingto a subject and an object in RDF graph.3.2 Definition of SS-RBACBefore describing the SS-RBAC model, the relational database model is first briefly definedas Definition 1. Definition 1  (Relational Database) A relational database is denoted by 2-tuple ˇR =  (T, V),where •  T is a set of base tables storing initially a given sensor ontology, •  V is a set of views including a set of data in the base tables.  1 3
Search
Tags
Related Search
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks