2014 Fourth International Conference on Communication Systems and Network Technologies
A Comparative Study on Various Aspects of Security of Geospatial Data
Manali Singh Rajpoot
Geo-Informatics & Its Applications
Maulana Azad National Institute of Technology,
Bhopal, 462051, (M.P) India
manali.rajput89@gmail.com
Abstract—Geographical Information System contains
geospatial data which is data about the surface of earth. It is
highly sensitive and high precision data. Nowadays GIS
systems are widely spreading in government organizations,
municipalities, military affairs, disaster defense, public
security, electronic government affairs, electric power, digital
city and utilities. Thus geospatial data requires the definition
and administration of user tailored security policies. In this
work a comprehensive study over the security concerns of
geospatial data is performed. Various security policies which
should be applied over geospatial data are discussed and a
comprehensive data model for geospatial data is presented.
Keywords-Geospatial Data; Geographical Information System;
SpatialData Security; Geospatial Data Model;
I. INTRODUCTION
Due to the advancements in sensor technologies, satellite
imagery, and field surveys have made it possible to collect
large amount of spatial data with high precision, with large
coverage of area and with high resolution. Due to these
issues nowadays sensitivity of spatial data advancements
have recently raised many data security, privacy, and
safeguarding concerns, not only by the public but also by
federal, state, and local government organizations.
Today the big challenge is to ensure secure access to
spatial data on network as geographical data may contain
sensitive information, so data cannot be freely disclosed.
The users of Spatial Web services, such as public
administrations, urban planners, surveyors and
professionals, because of their different roles and expertise,
need to be assigned appropriate rights for operating on data.
Thus a controlled access to corporate and government data is
also of utmost importance for the development of Spatial
Data Infrastructures.
In this paper section 1 presents the introduction followed
by security concerns of geospatial data in section 2. Data
modeling methods implemented are presented in section 3.
In sections 4 various existing access control policies are
978-1-4799-3070-8/14 $31.00 © 2014 IEEE
DOI 10.1109/CSNT.2014.149
Pratik Patel
Department of Computer Science
Parul Institute of Technology,
Vadodara, (Gujarat) India
patelpratik1@live.in
discussed. In section 5 a comprehensive geospatial data
model is discussed followed by conclusion in section 6.
II. SECURITY ISSUES FOR GEOSPATIAL DATA
Data providers need to protect the resources they publish
on the Web. There are men in the middle attacks and
password attacks during access between clients and servers.
To resolve security problems of spatial database access and
transmission, we should focus on identity management,
authentication, access control and secret data transmission.
Here some points are discussed; which should be
implemented in any GIS data model to ensure secure access
to the geospatial data [1].
x Design and develop a trust management component
which describes what level of trust should be
placed on end users and also describe the
authentication for the geospatial data sets in
dynamic and context-based scenarios, basically for
those in the context of dynamic GIS repository
coalitions.
x Develop a privacy-centric security policy and
enforcement component that will handle both
trusted and untrusted GIS applications that require
exact geospatial data for a service.
x Develop mechanisms and techniques that allow
users to verify the trustworthiness of geospatial
data through authentic data publication schemes,
ideally in combination with GIS Web Services.
III. SPATIAL DATA MODELING METHODS
The two important spatial data modeling methods
reviewed are as follows-
A. The Layer Approach
First approach of GIS data modeling is layer approach;
which is used traditionally and currently [13]. Since the late
seventies, the most successful approach to spatial data
708
 modeling has been the grouping of graphic elements into
theme oriented information or layers.
A layer is a functionally related set of features that are
frequently accessed together. A feature is a spatial entity
such as a building or a stream, either taken from a map or
surveyed directly from the real world. Each layer depicts
one or more aspects of interest for a company and may
contain an unlimited number of point features, linear and
polygon networks, all of which are related by information
type or some other user-defined relationship.
The basic overlay organization foresees one map for the
entire area of interest with one or more overlays for, each
category of objects. Different layers can be overlaid on the
same cartographic base: political-administrative districts,
land use (commercial, residential, industrial, and public),
parcels, planimetric features, service networks, floodplain,
topographic features, geodesic/survey control, etc.
B. The Object Oriented Approach
Another GIS model is based on the object-oriented
approach [13]. The basic idea of this method is to enable the
analyst to deal with structures which are closer to the real
world instead of more computer-oriented structures such as
tables, records, and layers.
In this method the term object is used with a meaning
different from the definition given by Booch. Booch defines
an object as an abstract data type: a model of a real world
entity that combines both data and operations (methods) on
that data. Objects form classes, and classes form hierarchy
through which data and methods can be inherited. For
instance, the feature class approach common to several GIS
products, introduces only some aspects of object-oriented
design: hierarchy and inheritance.
To solve problems such as element grouping, the
concept of compounded feature class has been introduced. A
compounded class is used to relate an arbitrary number of
objects belonging to different classes, and treats them as a
new entity with its own attributes. Very few recent products
present most of the characteristics of an object-oriented
environment.
x Nested tabular organization.
x Object data plus methods.
x Channel linkage between objects.
x Message taking to an object.
x Encapsulation.
IV. EXISTING ACCESS CONTROL METHODS
AND AUTHORIZATION MODELS
To ensure secure access to spatial data on network is an
important issue as geographical data may contain sensitive
information, so data cannot be freely disclosed. Three
important access control methods for geospatial data are as
follows-
709
A. Role Based Access Control Method
According to the method proposed in [16], discussed the
relationship of roles and authorities is saved on a role control
table which is maintained on the database server. For a client
to access spatial database, firstly he has to register himself to
spatial database server, and send his basic information
including his name, ID, password, authorization code, role
and ID. Once he submits his basic information, database
server returns authorization code and based on his
authorization code, he can register his certificate from
database server by right of their login password.
When users access the spatial database, they transmit
their own certificates and roles to the database server, and
then the server confirms the validity of their identities based
on their certificates and lookups the role control table based
on their roles in order to decide their authorities.
Certificates of the server agent, clients and Registration
authority (RA), are generated and maintained by the
Certificate authority service (CAS), its main task is to
generate and manage certificates. Registration of all clients
and distribution of roles to them is maintained by the
Registration Authority (RA). The server agent is an agency
between spatial database enterprise (SDE) and spatial
database, with which clients submit their access requests to
Spatial Database Management System (SDBMS) and SDE
To clients.
Clients are facilitated to register and download their
certificates by right of their login password and decompress
their PFX files including certificates and keys protected by
certificate passwords everywhere. Once a client logouts
from the database server, his certificate and personal key are
automatically deleted from main memory and only is the
PFX file saved on the local system. Until next usage, the
PFX file is not decompressed, so that the certificate and key
are secrete and cruising.
B. Fine Grained Security Access Control
One another method is Fine Grained Security Access
Control method discussed in [10]. It is based on Role Based
Access Control Method. In this method the authorization
mechanism used is a double authorization, and it is refined
gradually. The two authorization methods used restrict the
user’s access in two directions horizontal & vertical
respectively. Similarly to RBAC, by the first authorization,
in this authorization all users are provided with their
appropriate roles and users get the appropriate permissions
of the role. It is the authorization to layers, with a horizontal
layer as a unit.
The Secondary authorization judge whether the user has
access to the data within a particular region based on the
attribute information of the user stored. It is processed
through layers in the vertical direction. In the
implementation process, a user gets the layers about location
through the horizontal authorization firstly. When the
second authorization is further required, the vertical
authorization will decide whether the user has access to the
data within the specific regions.
On the authorization model above, there are two
authorization methods, so we need different access control
methods to achieve it. We use Access Control List method
to apply access control and to authorize the end users with
their roles. ACL is easy to implement, though it is time
consuming when the resources are massive.
The second authorization is the fine-grained
authorization. The fine-grained authorization requires the
pre-processing of the polygon information, then according to
the type of authorization, overlay the polygon and obtain the
authorized region. Now detection of conflict of role
authorization is performed to detect if any conflict is there.
If any conflict found then resolve it and return to the region
that the user can access.
C. A Secure Access Control Method based on Spatial
Resolution and the location covered
In this work, an access control method is implemented in
which access to the spatial data is controlled at two levels.
At first level users will be categorized into various classes
depending on their authority. Users will access parts of
database on the basis of their authority. Accesses on images
are controlled on the basis of their resolution. Every class of
user has a fixed resolution as up to which image resolution
of images they can access. During registration users are
asked with location as to where they want to work. So in the
second level of authorization; when a user accesses the
spatial images, he can access only that location of an image
which he has specified during registration. Due to this
access time of the image on the network will be less and a
significant amount of time will be saved.
D. Geospatial Data Authorization Model (GSAM)
In this authorization model [9] security policies are
specified based on user’s geospatial and temporal
characteristics of the credentials, and based on the geospatial
and temporal extents associated with the data objects. In this
model access control policies are specified which are 1)
based on temporal attributes (e.g., timestamp, resolution), 2)
on a geospatial object as a whole, or on the area covered or
contained within it, or 3) based on the subject identities and
credentials, where credentials may be associated with spatial
and temporal attributes indicating the limits of their validity
to a certain region and temporal interval.
E. A Security Model for Distributed GIS Spatial Data
In this method the model of GIS spatial data storage is
based on Object-Based Storage (OBS) [17]. This method
offers high-performance storage services and also provides
secure data sharing over the network. GIS server, metadata
server and storage device are separate components, and
710
spatial data is organized as a spatial object which is saved in
Object-based Storage Device (OSD).
In this model, the spatial data is organized as a spatial
object saved in OSD but not in spatial database as used in
spatial database storage models; here the user component
and the storage component are separated. Hierarchy
management, naming and user access control functions are
provided by the user component. Properties of object data
through the specification of attributes mechanisms can be
influenced by the user component. GIS application
communicates with the user component using spatial object
interface.
The storage component is off loaded to the storage
device and the interface accessing the storage device
changes from file/ block interface to spatial object interface.
It is focused on mapping spatial object to the physical
organization of the storage media, and makes the decisions
as to where to allocate storage capacity for individual data
entities and managing free space. In addition to mapping
data, the storage component maintains other information
about the spatial objects that it stored in attributes.
In order to separate access paths of control, management
and data, GIS server, spatial metadata server and the OBSDs
(OSD devices) are self-existent .The OBSDs are the storage
components of the system to be shared. Spatial object is
stored in abstract containers by the OSD logical unit. Spatial
object in the abstract containers is not addressable using
LBAs (Logical Block Addresses).
The OSD logical unit allocates space for spatial object
and delivers a unique identifier to the GIS server. The GIS
server uses the same unique identifier for subsequent
accesses to the spatial object. Metadata server manages the
metadata of spatial data and OSD, and the GIS server
directly accesses an OBSD. In this way, 90 % of metadata
management is distributed in the OBSDs, so it avoids the
bottleneck problem of metadata in traditional storage
system.
Credential Capability
GIS Security Storage
Server Manager Manager
Credential Capability
Send
Capability
from
Credential
to OSD
device Shared
Secret
OBSD
Figure 1: Security model transactions
 In this security model, trusted components are the OBSD
and the Security Manager. For authorized GIS server
Credentials are generated by the Security manager,
including capabilities prepared by the Policy/ Storage
Manager. A Capability Key is returned by the Security
manager with each Credential. The GIS Server is provided
access to specific OSD components by the Credentials
returned by the Security manager.
The Capability Key allows the GIS Server and the
OBSD to authenticate the commands and data they
exchange with an Integrity Check Value. Credentials and
capability keys are requested by the GIS server from the
Security Manager for the command functions it needs to
perform and sends those capabilities in those credentials to
the OBSD as part of commands that include an Integrity
Check Value used as the Capability Key.
GIS Server may be authenticated by the Security
manager, but the OBSD cannot authenticate the GIS Server.
OBSD can only verify the capabilities and integrity check
values sent by the GIS Server.
V. A COMPREHENSIVE DATA MODEL FOR
GEOSPATIAL DATA
After studying the previously mentioned methodologies
and the access control policies a data model can be designed
based on the security policies defined by the preceding
methods. According to these policies a database should be
able to store data in all defined formats, a database which
should be able to control access on data by end users. Also it
should be able to provide relevant web services to clients
which use it.

DATA PRESENTATION LAYER

Wrapper
GIS Web Services
Traditional GIS

OGC
Framework SECURITY LAYER
Trust & Privacy
Policy Specifications Management
Core &
Application
Schemas Access Control
Mechanism
Geospatial Policy Reasoning Authentic Data
Features Engine Publication
GML

Metadata
DATA INTEROPERATION & ACCESS LAYER

GIS Interoperation Services & GIS Data Repository Access

GIS DATA
REPOSITORIES

Figure 2: A Comprehensive Geospatial Data Model

711
 A GIS Data model should have following specification to but not the least, I sincerely express my gratitude to almighty
ensure secure access to data [2, 3]. for his heavenly blessings.
x GIS data model should provide sensitive dataset to
[1]
authorized users with applying appropriate
authentication to the sensitive elements while serving
the portions of the same dataset that have no
restrictions to general users. [2]
x An access control mechanism to ensure
confidentiality and integrity of spatial data on the
[3]
Web. Ensuring confidentiality means preventing
improper disclosure of information to users that are
not authorized to access it. Ensuring integrity means [4]
to protect data from unauthorized modifications.
x A strong encryption method on the spatial data [5]
should be applied so that intruders over the network
[6]
cannot access (read or modify) the transmitted data
and cannot capture the sensitive information.
x [7]
geospatial data model that is able to express
different types of geospatial and spatio-temporal data
(geographic features and field-based data), and that [8]
provides a rich set of typical operations on geospatial [9]
data (image operations and spatial transforms).
x [10]
security policy reasoning tool able to determine
inconsistent and redundant policies at policy compile
time and/or data access time. One approach towards
[11]
the development of such tool is to extend existing
logic-based reasoning approaches to incorporate
specifics of geospatial data, such as topological and [12]
temporal properties.
[13]
VI. CONCLUSION [14]
In this paper, existing issues regarding the security of
geospatial data and existing access control methods defined
for geospatial data are presented. Apart from this, the security
[15]
policies which should be implemented in any GIS data model
to ensure secure access over it are presented. At the end a [16]
comprehensive data model for geospatial data is presented,
which fulfills the security requirements for geospatial data
discussed in preceding sections.
[17]
ACKNOWLEDGMENT
This work would not have been possible without the
[18]
guidance and help of my supervisors Dr. S K Katiyar and Dr.
Deepak Singh Tomar, who in one way or another contributed
and extended their valuable assistance in the preparation and
completion of this study. I am also grateful to my parents and
my family members for their love, support and prayers. Last
712
REFERENCES
Bertino E., Thuraisingham B., Gertz M., and Damiani M. L.,
“Security and privacy for geospatial data: Concepts and Research
Directions”, Inaugural Paper for SPRINGL Workshop, SPRINGL,
Irvine USA, Vol., pp., 2008.
Bertino E., and Damiani M. L., “A controlled access to spatial data on
web”, Conference on Geographic Information Science, AGILE
Conference, Heraklion, Greece, Vol., pp., April 29-May 1, 2004.
Folger P., “Geospatial information and geographic information
systems (GIS): Current issues and future challenges”, Congressional
Research Service, Vol., pp.1-24, January 23, 2010.
Hansen F., and Oleshchuk V., “Spatial role-based access control
model for wireless networks”, IEEE International, Vol., pp., 2003.
Keating G. N., Rich P. M., and Witkowski M. S., “Challenges for
enterprise GIS”, URISA Journal, Vol. 15, pp. 2, 2003.
Kiefer R. W., Lillesand T. M., and Chipman J. W., “Remote sensing
and image interpretation,” John Willey and Sons, V edition,
University of Wisconsin, Madison, pp. 1-25, 2009.
Li G., Li C., Yu W., and Xie J., “Security accessing model A for web
service based geo-spatial data sharing application” Digital Earth
Summit, ISDE, Nessebar, BulgariaVol., pp., June 12-14, 2010.
Li G., “Research of key technologies on encrypting vector spatial data
in Oracle spatial”, IEEE International, Vol., pp., 2010.
Atluri V., and Chun S. A., “An Authorization Model for Geospatial
Data”, IEEE, Vol. 1, October-December 2004.
A control
Ma F., Gao Y., and Yan M., “The fine-grained security access
of spatial data”, the National Hi-Tech Research and Development
Program of China, the National Natural Science Foundation of China,
National key Technologies R&D Program of China, Vol., pp., 2007.
McLane T. J., and Yan Y., “Enterprise spatial data deployment
strategies in a global engineering environment”, IEEE International,
Vol., pp., 2006.
Mclnerney D., “Introduction to spatial data types”, UII Summer
School, Vol., pp., June 16, 2009.
Orlandl E., “Integrity and security in AM/FM-GIS”, IEEE
International, Roma, Italy, Vol., pp. 26-00151, 1993.
Wu C., Li C., Lv. X., and Li J., “Geological data access security
mechanism based on grid GIS”, Grid GIS Soft and Important
Application, Grid GIS Business System Research, IEEE International,
Vol., pp., 2011.
Sayed E., and Stoltzfus E., “Spatial databases GIS case studies”, UC
Berkeley, IEOR, Vol., pp., Dec 4, 2002.
Zeng Y. H., Wei Z. K., and Yin Q., “Research on spatial database: A
secure access mechanism,” Machine Learning & Cybernetics, IEEE
International Conference, Hong-Kong, Vol. 6, No., pp. 1-4, 19-22
August 2007.
Zhang Y., and Wang Q., “Security model for distributed GIS spatial
data”, Symposium on Information Science and Engineering, IEEE
International, Vol., pp., 2008.
Zhou L., and Wan L., “GIS spatial data integration based on grid
computing”, Modeling and Simulation, IEEE International
conference, Vol., pp., 2010.