An Access Control Model for Video Database Systems

As a joint work of: Elisa Bertino1, Ahmed K. Elmagarmid 2 and Moustafa M. Hammad2

1Dipartimento di Scienze dell'Informazione. Universit degli Studi di Milano. Via Comelico, 39/41 20135 Milano, Italy. bertino@dsi.unimi.it.

2Computer Science Department, Purdue University. 1398 Computer Science Bld., West Lafayette IN 47907. {ake,mhammad}@cs.purdue.edu.

Introduction

Video data possess unique features that distinguished them from other data types. ( e.g. different media types - visual, audio and text-, schemaless, massive volume, time and space-variant, rich semantic contents - a picture worth 1000 words, what about video????)

Different approaches to model video data like:– Segmentation-based, physical features oriented; color

histogram, textures, audio, text.

– Annotation-based, semantic features oriented. Video description is used to access video.

Large amount of digital video > 1.8 M Gbytes, and a large investments, MPEG-2 has created the entirely new digital television industry worth ~30 billion $.

Hence a need to provide secure and organized access to video database !!!! or access control.

Is Access Control based on physical or semantic content?

Our work is focused on access control based on video semantics to exploit the expressive power in video.

Topics of Discussion

Video data model. Authorization model for video

database. Access control techniques. System architecture. Conclusion and future work.

Video Data Model

John plying with his bicycle

Hot ObjectLife time interval or logical video segment

Physical video stream

Physical video segment

Authorization Model

Closed system access control ( no access permission unless explicitly specified in the system).

User access requests are checked against authorization rules.

Authorization rule specification entails:– Subject Specification,

– Object Specification, and

– Mode Specification.

Request satisfies

authorization rules

Authorization rules

Access request

Deny Grant

No Yes

Subject Specification

Use of credential – Characteristic and attributes of users (user profiles) instead

of only user identifiers.– Example: (Name: John, Age: 8, Job: student,……).

– Suitable for video data.

Credential type (schema), credential and credential expression.

We specify a simple language for credential expressions.

Examples of credential expressions:– Student(x): representing all users that are students.

– x.age < 18: denoting all users having age < 18.

– Student(x) AND x.age < 18: Students with age < 18.

Credential expression is finally evaluated to a set of user identifiers.

Subject is specified as either:– list of users identifiers or credential expression.

Object Specification

We base our access model on logical video level to:– be easy to apply and modify, and– allow specification of access based on semantic

video contents.

Video objects possess more than just physical characteristic (semantic contents).

Annotations describe video semantic and one can extract concepts from video annotation. (e.g. FIAT and MAZDA are CARS).

In its simplest form concepts represent just annotation keywords.

We use concepts that describe video semantics to specify video security.

Object Specification (Cont.)

Concept expression involves one or more concepts with video operators between them. Video operators are either spatial, temporal, spatio-temporal or Boolean operators.

Concept expression:– The set CPE of concept expressions is built from

atoms and operation , video operation.– Atoms can be of the following types:

• c , where c set of concepts.

• c1 c2 , where c1, c2 are concepts and set of video operations.

– Then the set CPE of concept expressions is recursively defined as follows:

• Every atom is a concept expression.

• If CpE1 and CpE2 are concept expressions, then CpE1 CpE1, CpE1 CpE1, CpE1 , (CpE1) are also concept expressions.

Object Specification (Cont.)

Concepts expression finally evaluates to set of logical video segments that contain concepts satisfying the expression.

Examples of concept expressions:– “World War II Digol” denotes all frame intervals

that have General Digol as a hot object and deal with World War II.

– “ Ortiga DURING drug trial” denotes all frame intervals that have former Colombian president Ortiga” during the drug trial in court video.

– “ DISCOVERY CLOSE spying satellite” denotes all frame intervals that have DISCOVERY space shuttle fixing or close to a spying satellite in NASA video library.

Video Object can be specified either:– by providing a set of logical video elements.– by providing concept expression.

Authorized Object

Consists of two parts:– protected objects (po): which represent video

elements user wants to access, and

– restricted objects (ro) : which represent video elements user is restricted to access.

Authorized objects (ao) is defined as the following expression: – ao = po ro, where is defined as the exclusion

of restricted object from protected ones.

Restricted objectProtected object = Authorized Object

Relations Between Different Object Specification Terms

Mode Specification

low level operations like (read and write) are not suitable in video access control.

More abstract level operations are used to specify different access modes:

View (annotations), View(Rframes), Play(period, quality), Edit(annotation), Edit(logical-video), Edit(Physical-video).

Those operations are in increasing power, the successor subsumes the predecessor.

Access Control Mechanism

A user submits a request to access video element,

The access control routine checks the authorization rule repository for an authorization rule satisfies : – User is one of the subjects,

– The accessed object is one of the protected objects,

– The operation is equal or less than the specified mode.

If not found, user is unauthorized. Else If the object is a restricted one

Then apply operator and authorize the subject to the new object.

Else authorize the subject.

System Architecture

Conclusion and future work

Provide access control based on video semantic not only physical features.

Support for different video granularity access control.

Not a dump guard but smart manager (apply filter effects).

Provide categories of video privileges. Use of credentials instead of just identifiers. Providing modular access control

architecture. The model can be adapted to video models

that provide content description mechanisms (MPEG-7).

Conclusion and future work (cont.)

Real time provision of access control.

Distributed implementation. PICS (Platform for Internet Content

Selection).