SLIDE 1
How to Control Read Access to a Data Packet?
Name-Based Access Control and others: – Data Encryption Keys (DEK) to secure data. – Key Encryption Keys (KEK) for those who got read access.
2
Schematized Access Control for Data Cubes and Trees Claudio Marxer - - PowerPoint PPT Presentation
Schematized Access Control for Data Cubes and Trees Claudio Marxer - - PowerPoint PPT Presentation
Schematized Access Control for Data Cubes and Trees Claudio Marxer Christian Tschudin < claudio.marxer@unibas.ch > < christian.tschudin@unibas.ch > Computer Networks Group University of Basel Switzerland ACM ICN 17, Berlin
SLIDE 2
SLIDE 3
How to Control Read Access to a Data Packet?
Name-Based Access Control and others: – Data Encryption Keys (DEK) to secure data. – Key Encryption Keys (KEK) for those who got read access. Fine for single items with one name, or for a collection, using conventions (probably
- ne for each app namespace). But:
– no support for derived data (e.g. supress time stamps but leave GPS locations) – key names usually linked to data namespace
2
SLIDE 4
How to Control Read Access to a Data Packet?
Name-Based Access Control and others: – Data Encryption Keys (DEK) to secure data. – Key Encryption Keys (KEK) for those who got read access. Fine for single items with one name, or for a collection, using conventions (probably
- ne for each app namespace). But:
– no support for derived data (e.g. supress time stamps but leave GPS locations) – key names usually linked to data namespace How complex does a access control system for NDN and NFN become that wants to be generic?
2
SLIDE 5
The Answer . . .
We did not expect this: At least four schemata!
3
SLIDE 6
Zoom to the Schemata . . .
Primary Documents
(raw)
Document Type Definition(s) Data Type Schema
describes defines mapping
4
SLIDE 7
Zoom to the Schemata . . .
Primary Documents
(raw)
Document Type Definition(s) Data Type Schema
describes
Derived Documents
(cooked)
Derivation (cooking)
4