SpringerLink
Log in

Towards Secure Mediation

  • Chapter
Sicherheit und Electronic Commerce

Part of the book series: DuD-Fachbeiträge ((DUD))

Abstract

A secure mediated information system should support scenarious where dynamically changing information sources advertise their information resources, and application specific mediators collect and assemble these resources into useful information in order to support the requests of their spontaneous clients. While doing this, the mediators should enforce security constraints in the application environments. In this paper, we compare mediated information systems with federated database systems with respect to design issues and security issues in order to clarify the different motivations of both systems. Furthermore, we present our secure mediated querying protocol using the concepts of credentials for authentic authorization. We also highlight some multimedia specific security requirements and mechanisms.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

Bibliography

  1. A., K. C; Ambite, J. L. (1997). Agents for Information Gathering. In: Bradshaw, J. M. (ed.): Software Agents. MIT Press, Cambridge. http://www.isi.edu/sims/knoblock/info-agents.html.

    Google Scholar 

  2. Altenschmidt, C.; Biskup, J.; Freitag, J.; Sprick, B. (1998). Weakly constraining multimedia types based on a type embedding ordering. In: Proc. 4th Int. Workshop on Multimedia Information Systems, pages 121–129. Istanbul, Turkey.

    Google Scholar 

  3. Anderson, R. (ed.) (1996). 1st International Workshop on Information Hiding, LNCS, Cambridge, England. Springer-Verlag.

    Google Scholar 

  4. Arens, Y.; Knoblock, C. A.; Shen, W. (1996). Query Reformulation for Dynamic Information Integration. Journal of of Intelligent Information Systems 6 (2–3).

    Google Scholar 

  5. Bayardo, R. J. et al. (1997). InfoSleuth: Agent-based Semantic Integration of Information in Open and Dynamic Environments. In: SIGMOD’97, pages 195- 206. Tucson, AZ, USA.

    Google Scholar 

  6. Biskup, J.; Freitag, J.; Karabulut, Y.; Sprick, B. (1997a). A Mediator for multimedia systems. In: Proc. 3rd Int. Workshop on Multimedia Information Systems, pages 145–153. Como, Italia.

    Google Scholar 

  7. Biskup, J.; Freitag, J.; Karabulut, Y.; Sprick, B. (1997b). Query Evaluation in an object-oriented multimedia mediator. In: Proc. 4th Int. Conf. on Object-Oriented Information Systems, pages 31–43. Springer Verlag, Brisbane, Australia.

    Google Scholar 

  8. Biskup, J.; Flegel, U.; Karabulut, Y. (1998). Secure Mediation: Requirements and Design. In: 12th Annual IFIP WG 11. 3 Working Conference on Database Security. Chalkidiki, Greece.

    Google Scholar 

  9. Candan, K. S.; Jajodia, S.; Subrahmanian, V. S. (1996). Secure Mediated Databases. In: Y. W. Su, S. (ed.): 12th International Conference on Data Eng., pages 28–37. IEEE, IEEE Computer Society Press, New Orleans, Louisiana, USA.

    Google Scholar 

  10. Carey, M. J. et al. (1995). Towards Heterogeneous Multimedia Information Systems: The Garlic Approach. In: Proceedings of the Fifth International Workshop on Research Issues in Data Engineering(RIDE): Distributed Object Management, pages 123–130. L. A., California.

    Google Scholar 

  11. Chaum, D. (1985). Security without identification: Transaction systems to make big brother obsolete. Communications of the ACM 28 (10), pages 1030–1044.

    Article  Google Scholar 

  12. Cheng, H.; Li, X. (1996). On the application of image decomposition to image compression and encryption. In: Hörster, P. (ed.): Proceedings of the IFIP TC6/TC11 International Conference on Communications and Multimedia Security, pages 116–127. Chapman andx Hall, Essen, Germany.

    Google Scholar 

  13. Crusselles, E. et al. (1995). Secure Communications in Broadband Networks. In: Proceedings of the 3rd International Conference on Telecommunication Systems, pages 114–122. Nashville, Tennessee, USA.

    Google Scholar 

  14. Genesereth, M.; Ketchpel, S. (1994). Software Agents. Communications of the ACM 37 (7), pages 48 - 53.

    Article  Google Scholar 

  15. Heimbigner, D.; McLeod, D. (1985). A federated architecture for information management. ACM Transactions on Office Information Systems 3 (3), pages 253–278.

    Article  Google Scholar 

  16. Hull, R.; Zhou, G. (1996). A Framework for Supporting Data Integration Using the Materialized and Virtual Approaches. In: ACM SIGMOD’96, pages 481–492. ACM, Montreal, Canada.

    Google Scholar 

  17. IETF SPKI Working Group. (1998). SPKI Certificate Documentation. http://www.clark.net/pub/cme/html/spki.html.

    Google Scholar 

  18. Jajodia, S.; Samarati, P.; Subrahmanian, V.; Bertino, E. (1997). A Unified Framework for Enforcing Multiple Access Control Policies. In: SIGMOD’97, pages 474 - 485. Tucson, AZ, USA.

    Google Scholar 

  19. Jonscher, D.; Dittrich, K. R. (1994). An Approach For Building Secure Database Federations. In: Proceedings of the 20th international conference on very large databases, pages 24–35.

    Google Scholar 

  20. Levy, A. Y.; Rajaraman, A.; Ordille, J. J. (1996). Querying Heterogeneous Information Sources Using Source Descriptions. In: Proceedings of 22nd international Conference on Very Large Data Bases VLDB’96, pages 251–262. Morgan Kaufmann, Mumbai (Bombay), India.

    Google Scholar 

  21. Litwin, W.; Mark, L.; Roussopoulos, N. (1990). Interoperability of multiple autonomous databases. ACM Computing Surveys 22 (3), pages 267–293.

    Article  Google Scholar 

  22. Liu, L.; Pu, C. (1995). Distributed Interoperable Object Model and Its Application to Large-scale Interoperable Database Systems. In: Proceedings of ACM International Conference on Information and Knowledge Management (CIKM’95).

    Google Scholar 

  23. Macq, B.; Quisquater, J.-J. (1995). Cryptology for digital TV broadcasting. Proceedings of the IEEE 83 (6), pages 944–957.

    Article  Google Scholar 

  24. Mena, E.; Kashyap, V.; Sheth, A.; Illarramendi, A. (1996). OBSERVER: an Approach for Query Processing in Global Information Systems based on Interoperation accross Pre-existing Ontologies. In: First IFCIS International Conference on Cooperative Information Systems (CoopIS’96). Brussels, Belgium.

    Google Scholar 

  25. Object Management Group. (1995). The Common Object Request Broker, Architecture and Specification, Revision 2. 0. http://www.omg.org/corba/corbiiop.htm.

    Google Scholar 

  26. Pfitzmann, B.; Waidner, M. (1997). Anonymous Fingerprinting. In: EuroCrypt’97, LNCS. Springer-Verlag, Berlin.

    Google Scholar 

  27. RACE Concertation. (1994). Conditional Access Workshop, 44th RACE Concertation Meeting, Brüssel.

    Google Scholar 

  28. Rivest, R. L.; Lampson, B. (1998). A Simple Distributed Security Infrastructure (SDSI). http://theory.lcs.mit.edu/cis/sdsi.html.

  29. Sandhu, R. (1996). Role hierarchies and Constraints for Lattice-based access controls. In: Bertino, E.; Kurth, H.; Martella, G.; Montolivo, E. (eds.): ESORICS 96, pages 65–79. Springer-Verlag, Rome, Italy.

    Google Scholar 

  30. Sandhu, R.; Coyne, E.; Feinstein, H.; Youman, C. (1996). Role-Based access control models. IEEE Computer 2, pages 38–47.

    Article  Google Scholar 

  31. Sheth, A. P.; Larson, J. A. (1990). Federated Database Systems for Managing Distributed, Heterogeneous, and Autonomous Databases. ACM Computing Surveys 22(3J, pages 183–236.

    Google Scholar 

  32. Storck, D.; Koch, E. (1997). Controlable User Access on Multimedia Data in World Wide Web. In: Proceedings of the International Conference on Image Science, Systems, and technology (CISST’97), pages 270–278. Las Vegas, Nevada USA.

    Google Scholar 

  33. Subrahmanian, V. S.; Adali, S.; Brink, A.; Emery, R. HERMES: Heterogeneous Reasoning and Mediator System. Submitted for publication. http://www.es.umd.edu/projects/hermes/.

  34. Tomasic, A.; Raschid, L.; Valduriez, P. (1995). Scaling Heterogeneous Databases and the Design of DISCO. In: Proceedings of the International Conference on Distributed Computer Systems. Hong Kong.

    Google Scholar 

  35. Ullman, J. D. (1997). Information Integration Using Logical Views. In: Proceedings of the 6th International Conference on Database Theory, ICDT’97, LNCS, pages 19 - 40. Springer-Verlag, Berlin, Delphi, Greece.

    Google Scholar 

  36. Wells, D. (1996). Wrappers: Survey.

    Google Scholar 

  37. Wiederhold, G.; Genesereth, M. (1997). The Conceptual Basis for Mediation. IEEE Expert, Intelligent Systems and their Applications 12 (5), pages 38 - 47.

    Google Scholar 

  38. Wiederhold 95] Wiederhold, G. (1995). 13 (Intelligent Integration of Information) Glossary. http://www-db.stanford.edU/pub/gio/1994/vocabulary.html#value.

    Google Scholar 

  39. Wiederhold 971 Wiederhold, G.; Bilello, M.; Donahue, C. (1997). Web Implementation of a Security Mediator for Medical Databases. In: Lin, T. Y.; Qian, S. (eds.): Database Security XI: Status and Prospects, Proceedings of the 11th Annual IFIP WG11 Working Conference on Database Security, pages 60–72. IFIP, Chapman andx Hall, Lake Tahoe, California.

    Google Scholar 

  40. Yang, L. L.; Özsu, T.; Liu, L. (1997). Accessing Heterogeneous Data Through Homogenization and Integration Mediators. In: Second IFCIS Conference on Cooperative Information Systems (CoopIS-97). Charleston, South Carolina.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Fachbereich Informatik, Universität Dortmund, August-Schmidt-Straße 12, D-44221, Dortmund, Germany

    Joachim Biskup, Ulrich Flegel & Yücel Karabulut

Authors
  1. Joachim Biskup
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ulrich Flegel
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yücel Karabulut
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Alexander W. Röhm Dirk Fox Rüdiger Grimm Detlef Schoder

Rights and permissions

Reprints and permissions

Copyright information

© 1999 Friedr. Vieweg & Sohn Verlagsgesellschaft mbH, Braunschweig/Wiesbaden

About this chapter

Cite this chapter

Biskup, J., Flegel, U., Karabulut, Y. (1999). Towards Secure Mediation. In: Röhm, A.W., Fox, D., Grimm, R., Schoder, D. (eds) Sicherheit und Electronic Commerce. DuD-Fachbeiträge. Vieweg+Teubner Verlag. https://doi.org/10.1007/978-3-322-84901-4_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-322-84901-4_7

  • Publisher Name: Vieweg+Teubner Verlag

  • Print ISBN: 978-3-528-03139-8

  • Online ISBN: 978-3-322-84901-4

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation