Databases Reference
In-Depth Information
does not fully enclose the node. Thus, for all
α
issued for the requester,
only the moving objects that are located within
α
and whose profiles are
overlapped with those of
α
→
are returned.
If there exists no authorization overlaid on
N
, although all the moving
objects stored at the subtree rooted at non-leaf node
N
meet the spa-
tiotemporal and profile conditions of
SMR
, access control decision cannot
be made because there is a possibility that a relevant authorization may be
overlaid on a descendent node of
N
. Thus, the evaluation process is recur-
sively performed in the children nodes of
N
.If
N
is a leaf node, we simply
reject the access request because there exists no relevant authorization for
the requester.
7OpenIssues
All the above proposed unified index trees except the ASM-Trie Model do
not support negative authorizations. Providing such support is not trivial
since they give rise to conflicts among the authorizations. Moreover, it may
require changes to the fundamental assumptions used in the construction and
access request evaluation. The overlaying strategy assumes only the positive
authorizations. Thus, an authorization is overlaid as high level as possible
in the tree because as long as there exists an authorization that allows the
user to access the given region, there will not exist any conflicting negative
authorization that will not allow the user to access some parts of the allowed
region. Based on this assumption, authorization evaluation halts whenever
a relevant authorization is located during the traversal from the root node
towards the leaf level. However, if negative authorizations are supported, all
the authorizations overlaid on traversal path need to be evaluated due to the
possibility of conflicts among the authorizations: although an authorization
that allows a user to access a region is overlaid in an index node, it is possible
that another negative authorization that prohibits the user to access a part
of the region may exist in the leaf node.
Also, formal analysis of the proposed approaches are necessary to be de-
veloped in order to show that unified index schemes actually perform better
than separate index schemes. Development of cost models for proposed uni-
fied index schemes can actually determine how well the models perform com-
pared to the optimal performance achievable by any other security enforce-
ment method. If there is any room for improvement of performance, more
refined model of unified index schemes can be developed so that the perfor-
mance of the new model would be similar to that of the optimal solution.
References
1. Active Badge Next Generation Applications.
http://www.cs.agh.edu.pl/ABng/applications.html
