Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
manali.rajput89@gmail.com patelpratik1@live.in
709
authorization will decide whether the user has access to the spatial data is organized as a spatial object which is saved in
data within the specific regions. Object-based Storage Device (OSD).
On the authorization model above, there are two In this model, the spatial data is organized as a spatial
authorization methods, so we need different access control object saved in OSD but not in spatial database as used in
methods to achieve it. We use Access Control List method spatial database storage models; here the user component
to apply access control and to authorize the end users with and the storage component are separated. Hierarchy
their roles. ACL is easy to implement, though it is time management, naming and user access control functions are
consuming when the resources are massive. provided by the user component. Properties of object data
The second authorization is the fine-grained through the specification of attributes mechanisms can be
authorization. The fine-grained authorization requires the influenced by the user component. GIS application
pre-processing of the polygon information, then according to communicates with the user component using spatial object
the type of authorization, overlay the polygon and obtain the interface.
authorized region. Now detection of conflict of role The storage component is off loaded to the storage
authorization is performed to detect if any conflict is there. device and the interface accessing the storage device
If any conflict found then resolve it and return to the region changes from file/ block interface to spatial object interface.
that the user can access. It is focused on mapping spatial object to the physical
organization of the storage media, and makes the decisions
C. A Secure Access Control Method based on Spatial as to where to allocate storage capacity for individual data
Resolution and the location covered entities and managing free space. In addition to mapping
data, the storage component maintains other information
about the spatial objects that it stored in attributes.
In this work, an access control method is implemented in In order to separate access paths of control, management
which access to the spatial data is controlled at two levels. and data, GIS server, spatial metadata server and the OBSDs
At first level users will be categorized into various classes (OSD devices) are self-existent .The OBSDs are the storage
depending on their authority. Users will access parts of components of the system to be shared. Spatial object is
database on the basis of their authority. Accesses on images stored in abstract containers by the OSD logical unit. Spatial
are controlled on the basis of their resolution. Every class of object in the abstract containers is not addressable using
user has a fixed resolution as up to which image resolution LBAs (Logical Block Addresses).
of images they can access. During registration users are The OSD logical unit allocates space for spatial object
asked with location as to where they want to work. So in the and delivers a unique identifier to the GIS server. The GIS
second level of authorization; when a user accesses the server uses the same unique identifier for subsequent
spatial images, he can access only that location of an image accesses to the spatial object. Metadata server manages the
which he has specified during registration. Due to this metadata of spatial data and OSD, and the GIS server
access time of the image on the network will be less and a directly accesses an OBSD. In this way, 90 % of metadata
significant amount of time will be saved. management is distributed in the OBSDs, so it avoids the
bottleneck problem of metadata in traditional storage
D. Geospatial Data Authorization Model (GSAM) system.
710
In this security model, trusted components are the OBSD GIS Server may be authenticated by the Security
and the Security Manager. For authorized GIS server manager, but the OBSD cannot authenticate the GIS Server.
Credentials are generated by the Security manager, OBSD can only verify the capabilities and integrity check
including capabilities prepared by the Policy/ Storage values sent by the GIS Server.
Manager. A Capability Key is returned by the Security
manager with each Credential. The GIS Server is provided V. A COMPREHENSIVE DATA MODEL FOR
access to specific OSD components by the Credentials GEOSPATIAL DATA
returned by the Security manager. After studying the previously mentioned methodologies
The Capability Key allows the GIS Server and the and the access control policies a data model can be designed
OBSD to authenticate the commands and data they based on the security policies defined by the preceding
exchange with an Integrity Check Value. Credentials and methods. According to these policies a database should be
capability keys are requested by the GIS server from the able to store data in all defined formats, a database which
Security Manager for the command functions it needs to should be able to control access on data by end users. Also it
perform and sends those capabilities in those credentials to should be able to provide relevant web services to clients
the OBSD as part of commands that include an Integrity which use it.
Check Value used as the Capability Key.
Wrapper
GIS Web Services
Traditional GIS
OGC
Framework SECURITY LAYER
Trust & Privacy
Policy Specifications Management
Core &
Application
Schemas Access Control
Mechanism
Geospatial Policy Reasoning Authentic Data
Features Engine Publication
GML
Metadata
DATA INTEROPERATION & ACCESS LAYER
GIS DATA
REPOSITORIES
711
A GIS Data model should have following specification to but not the least, I sincerely express my gratitude to almighty
ensure secure access to data [2, 3]. for his heavenly blessings.
REFERENCES
x GIS data model should provide sensitive dataset to
[1] Bertino E., Thuraisingham B., Gertz M., and Damiani M. L.,
authorized users with applying appropriate “Security and privacy for geospatial data: Concepts and Research
authentication to the sensitive elements while serving Directions”, Inaugural Paper for SPRINGL Workshop, SPRINGL,
the portions of the same dataset that have no Irvine USA, Vol., pp., 2008.
restrictions to general users. [2] Bertino E., and Damiani M. L., “A controlled access to spatial data on
x An access control mechanism to ensure web”, Conference on Geographic Information Science, AGILE
Conference, Heraklion, Greece, Vol., pp., April 29-May 1, 2004.
confidentiality and integrity of spatial data on the
[3] Folger P., “Geospatial information and geographic information
Web. Ensuring confidentiality means preventing systems (GIS): Current issues and future challenges”, Congressional
improper disclosure of information to users that are Research Service, Vol., pp.1-24, January 23, 2010.
not authorized to access it. Ensuring integrity means [4] Hansen F., and Oleshchuk V., “Spatial role-based access control
to protect data from unauthorized modifications. model for wireless networks”, IEEE International, Vol., pp., 2003.
x A strong encryption method on the spatial data [5] Keating G. N., Rich P. M., and Witkowski M. S., “Challenges for
enterprise GIS”, URISA Journal, Vol. 15, pp. 2, 2003.
should be applied so that intruders over the network
[6] Kiefer R. W., Lillesand T. M., and Chipman J. W., “Remote sensing
cannot access (read or modify) the transmitted data and image interpretation,” John Willey and Sons, V edition,
and cannot capture the sensitive information. University of Wisconsin, Madison, pp. 1-25, 2009.
x [7] Li G., Li C., Yu W., and Xie J., “Security accessing model A for web
geospatial data model that is able to express service based geo-spatial data sharing application” Digital Earth
Summit, ISDE, Nessebar, BulgariaVol., pp., June 12-14, 2010.
different types of geospatial and spatio-temporal data
(geographic features and field-based data), and that [8] Li G., “Research of key technologies on encrypting vector spatial data
in Oracle spatial”, IEEE International, Vol., pp., 2010.
provides a rich set of typical operations on geospatial [9] Atluri V., and Chun S. A., “An Authorization Model for Geospatial
data (image operations and spatial transforms). Data”, IEEE, Vol. 1, October-December 2004.
x [10] A control
Ma F., Gao Y., and Yan M., “The fine-grained security access
security policy reasoning tool able to determine of spatial data”, the National Hi-Tech Research and Development
inconsistent and redundant policies at policy compile Program of China, the National Natural Science Foundation of China,
National key Technologies R&D Program of China, Vol., pp., 2007.
time and/or data access time. One approach towards
[11] McLane T. J., and Yan Y., “Enterprise spatial data deployment
the development of such tool is to extend existing strategies in a global engineering environment”, IEEE International,
logic-based reasoning approaches to incorporate Vol., pp., 2006.
specifics of geospatial data, such as topological and [12] Mclnerney D., “Introduction to spatial data types”, UII Summer
temporal properties. School, Vol., pp., June 16, 2009.
[13] Orlandl E., “Integrity and security in AM/FM-GIS”, IEEE
International, Roma, Italy, Vol., pp. 26-00151, 1993.
VI. CONCLUSION [14] Wu C., Li C., Lv. X., and Li J., “Geological data access security
In this paper, existing issues regarding the security of mechanism based on grid GIS”, Grid GIS Soft and Important
geospatial data and existing access control methods defined Application, Grid GIS Business System Research, IEEE International,
Vol., pp., 2011.
for geospatial data are presented. Apart from this, the security
[15] Sayed E., and Stoltzfus E., “Spatial databases GIS case studies”, UC
policies which should be implemented in any GIS data model Berkeley, IEOR, Vol., pp., Dec 4, 2002.
to ensure secure access over it are presented. At the end a [16] Zeng Y. H., Wei Z. K., and Yin Q., “Research on spatial database: A
comprehensive data model for geospatial data is presented, secure access mechanism,” Machine Learning & Cybernetics, IEEE
which fulfills the security requirements for geospatial data International Conference, Hong-Kong, Vol. 6, No., pp. 1-4, 19-22
discussed in preceding sections. August 2007.
[17] Zhang Y., and Wang Q., “Security model for distributed GIS spatial
ACKNOWLEDGMENT data”, Symposium on Information Science and Engineering, IEEE
International, Vol., pp., 2008.
This work would not have been possible without the
[18] Zhou L., and Wan L., “GIS spatial data integration based on grid
guidance and help of my supervisors Dr. S K Katiyar and Dr. computing”, Modeling and Simulation, IEEE International
Deepak Singh Tomar, who in one way or another contributed conference, Vol., pp., 2010.
and extended their valuable assistance in the preparation and
completion of this study. I am also grateful to my parents and
my family members for their love, support and prayers. Last
712