An access and inference control model for time series databases

Today, many applications produce and use time series data. The data of this type may contain sensitive information. So they should be protected against unauthorized accesses. In this paper, security issues of time series data are identified and an access and inference control model for satisfying the identified security requirements is proposed. Using this model, administrators can define authorization rules based on various time-based granularities (e.g. day or month) and apply value-based constraints over the accessed times series data. Furthermore, they can define policy rules over the composition of multiple time-series other than the base time-series data. Detecting and resolving different types of conflicts between the simple, aggregation, or composition access rules over the time series data is a challenging issue which is investigated in this paper. Detecting explicit and implicit conflicts in this model prevents information inference from hierarchical time series data. To prove the applicability of the model, a reference monitor based on the proposed model has been implemented as a secure access layer on top of OpenTSDB (a time series database). Our evaluation shows that the overhead imposed on queries by the secure access layer depends on several parameters such as class of query, number of authorization rules, complexity of value constraints, and number of data being accessed. In our experiments, the overhead was variable in the range of 4% in the best case to 184% in the worst case.