=Paper=
{{Paper
|id=None
|storemode=property
|title=Applying Pervasive and Flexible Access Control to Distributed Multimedia Retrieval
|pdfUrl=https://ceur-ws.org/Vol-908/paper7.pdf
|volume=Vol-908
|dblpUrl=https://dblp.org/rec/conf/immoa/KukhunCMS12
}}
==Applying Pervasive and Flexible Access Control to Distributed Multimedia Retrieval==
https://ceur-ws.org/Vol-908/paper7.pdf
Applying Pervasive and Flexible Access Control
to Distributed Multimedia Retrieval
Dana Al-Kukhun, Dana Codreanu, Ana-Maria Manzat, Florence Sedes
Université de Toulouse – IRIT – UMR 5505
118 Route de Narbonne, 31062 Toulouse, France
{kukhun, codreanu, manzat, sedes}@irit.fr
ABSTRACT medical domain, etc.), the access control management should be
The distribution of data sources has formed a classical challenge taken into consideration at the different levels of data processing
for data management. The LINDO framework is an open system and should take into account the user’s mobility. Meanwhile,
that manages the indexing, storage and retrieval of multimedia these security constraints should not affect the user’s accessibility
contents that are distributed in different remote servers and needs especially in important situations.
generated in a real time basis. The main objective of this Our objective is to include the access control within the query
framework is to provide efficient information retrieval with processing and enrich it within the LINDO framework in order to
minimal processing costs. This was achieved through the proposal attain a pervasive accessibility that enables the user to access
of an efficient decentralized content indexing mechanism. When multimedia sources at anytime, anywhere and anyhow. To achieve
considering the pervasive and mobile access to the managed this goal, we have employed PSQRS – Pervasive Situation-aware
content, the need of an access control becomes essential. In this Query Rewriting System – that offers adaptive context and
paper, we apply an access control layer on top of the LINDO situation-aware access solutions. The decision making within the
architecture that manages access based on the RBAC model and system is based on the RBAC model [10] and employs the
realizes decision making using the XACML standard. We explore XACML standard [16]. These technologies are adapted to the
the challenges that face the system in processing access requests distributed access management needs within the LINDO
showing how an access denial could influence the system’s framework.
usability especially when returned to a user facing an important
situation. Thus, we propose to apply flexible decision making that The solution overcomes the access denials taking place in real
searches for alternative resources. This operation is performed time mobile situations by modifying the query processing
using PSQRS, a query rewriting system that aims to provide users mechanism of the LINDO framework and by providing adaptive
with pervasive accessibility where they could access any needed solutions that can bypass the access control constraints.
multimedia source at anytime, anywhere and anyhow. Next in section 2, we introduce a state of the art covering the
different systems managing distributed multimedia content in 2.1,
1. INTRODUCTION the basic standards for distributed access control management in
The necessity of handling a huge quantity of multimedia content 2.2 and some research about multimedia access control in 2.3.
created by multiple sources in a distributed environment emerges The LINDO approach for efficient multimedia distributed content
and raises new challenges concerning the indexing and access to management is described in Section 3 through its architecture, as
the multimedia content, such as: distributed storage and well as its indexing and querying mechanisms. In section 4, we
decentralized processing, choice of the indexing algorithms, real apply an access control layer on top of the LINDO architecture. In
time information retrieval and location-aware retrieval. On top of section 5, the adaptive access control solution is illustrated
that we have to consider also that the users are more and more through a video surveillance use case. Finally, conclusions and
mobile and they need to access the system from anywhere. In such future work directions are provided in section 6.
mobile and pervasive contexts, privacy and security management
is a central issue. 2. STATE OF THE ART:
In this paper, we present a new layer on top of the architecture 2.1 Distributed Multimedia Systems
proposed by the LINDO project1 in order to tackle the above- The constant growing dimension of the multimedia collections
mentioned challenges. The objective of the LINDO project was to that are generated every day brings to the light problems of
build a distributed system for multimedia content management, efficient indexing and retrieval. The solution to these issues
and to ensure effective indexing and storage of data acquired in passes through the generation and management of the metadata
real time. The project didn’t address the issues linked to data associated to the multimedia content.
privacy and security.
These metadata are obtained through the application of indexing
Knowing that ensuring the protection of multimedia content is a algorithms, which have different performances, purposes and
key issue in certain application domains (e.g., video surveillance, constraints. Besides, a great heterogeneity of indexing algorithms
has been defined in the state of the art (e.g., [4] for texts, [13] for
1
images, [18] for audios, [20] for the videos). In a multimedia
http://www.lindo-itea.eu information system it is not desirable to execute all available
41
�indexing algorithms on all multimedia contents; because these video surveillance of motorways, in which they detect strange
will (i) overload the system and (ii) produce metadata that might events, identify objects (persons, cars, trucks) and track the
never be used. objects in the videos acquired by different cameras [1]. The video
content is indexed by a segmentation agent on the same server
In the following, we present some distributed systems that
where it is stored. The obtained segmentation is employed by
manage multimedia contents by emphasizing the architectural
other collaborative agents in order to detect anomalies, which are
choice and the adopted solution for multimedia indexing.
displayed to the user as summaries.
A distributed management of the multimedia is used by many
A comparative study of these systems shows that no matter what
projects due to the mobile acquisition context of these contents.
the architectural choice is, the content indexing is usually done on
An advantage of this kind of systems is that they benefit from the
dedicated servers (the content and the associated resulting
distributed storage and processing of the multimedia content and
metadata are transferred over the network) using a pre-defined set
thus, the performances of the system can be improved.
of indexing algorithms. These algorithms are executed on all
The distributed systems that handle multimedia contents employ ingested multimedia. Thus, the resource consumption is not
peer-to-peer or service-oriented architectures. The major problem optimal. This important consumption problem was addressed by
that these systems encounter is the heterogeneity of indexing the LINDO project, which proposes a distributed architecture for
algorithms and of the generated metadata. The following projects the management of multimedia contents, which is favoring
addressed this problem in different manners. reduced resource consumption, in terms of data transfers over the
network, storage and CPU utilization.
The SAPIR (Search on Audio-visual content using Peer-to-peer
Information Retrieval) project [2], [15] proposes a hybrid peer-to- 2.2 Distributed Access Control
peer architecture for the management of multimedia contents. It Access control and privacy protection are key issues nowadays,
employs three specialized indexing servers, where each peer sends especially in the context of distributed systems. In this section, we
its ingested contents in order to be indexed. The resulted metadata present two main standards that are widely employed for
is sent back to the peer that ingested the multimedia content in managing access control within distributed environments: the
order to store it. RBAC model and the XACML standard.
The DISCO (Distributed Indexing and Search by Content)
project2 has chosen a structured peer-to-peer architecture for the 2.2.1 The RBAC Model
management of multimedia contents [5]. The indexing is The principal motivation behind the proposal of the RBAC (Role
accomplished at each peer, at the contents acquisition time. Each Based Access Control) model [10] was to enable easy
peer sends a summary of its index that is concatenated to a global specification and enforcement for enterprise specific security
index which is sent to all the other peers. policies in a way that maps naturally to an organization’s
structure. The RBAC model has simplified the administration and
The CANDELA (Content Analysis and Network DELivery modification (updates) of access privileges especially in the case
Architectures) project3 is focused on the video content analysis of assigning permissions for a large number of users accessing
and retrieval into a Service Oriented Architecture, where the distributed resources.
content is stored and indexed on the distributed servers. The
proposed solution was implemented for several use cases: The main concept of the RBAC model was to group users within
personal mobile multimedia management [17], video surveillance roles that reflect their organizational positions then, simply
[14], [12].
The WebLab project4 proposes an integration infrastructure that
enables the management of indexing algorithms as Web Services
in order to be used in the development of multimedia processing
applications [11]. These indexing services are handled manually
through a graphical interface.
The VITALAS (Video & image Indexing and retrieval in the
Large Scale) project5 capitalizes the WebLab infrastructure in a
distributed multimedia environment [22]. The architecture enables Figure 1: The RBAC Model
the integration of partner's indexing modules as web services. The distribute permissions to these roles instead of repeating the
multimedia content is indexed off-line, at acquisition time. process for each individual.
The MODEST (Multimedia Object Descriptors Extraction from As illustrated in Figure 1, the role is placed at the heart of the
Surveillance Tapes) project6 proposes a multi-agent system for the RBAC model and is seen as an intermediary element that connects
between the users and permissions as it attributes a set of
2
http://www.lamsade.dauphine.fr/disco/index privileges to those users based on their roles. These permissions
3
(PRMS) allow the users to perform operations (OPS) on system
http://www.hitech-projects.com/euprojects/candela sources expressed as objects (OBS).
4
http://weblab-project.org/
5
http://vitalas.ercim.org 2.2.2 XACML
6
The RBAC model managed to solve the challenge of
http://www.tele.ucl.ac.be/PROJECTS/MODEST/index.html administrating access permissions to distributed data sources by
42
�providing centralized management for permissions through roles. their system have to be segmented. Only the objects which have
With the evolution of service-oriented architectures and web roles associated to are extracted from the multimedia contents.
services, new challenges has arisen and the problem of managing The system stores several versions of the multimedia contents, the
access becomes more complicated as the access control policies original one and one for each user-based restriction.
are also being distributed and more dynamic since they’re
[21] Studied the confidentiality and privacy issues in the context
managed by different administrating authorities. To resolve this
of a video surveillance system. They also defined access rights to
problem, the XACML standard was introduced by [16].
different hierarchical objects that can be extracted from the video
XACML (extensible Access Control Markup Language) is an contents. They focused on the detection of suspicious events.
XML based policy language that describes access control policies
to allow the attribution of user privileges on system sources. The
3. THE LINDO APPROACH
standard provides a system for authentication and authorization
taking into account various factors related to the user’s context. 3.1 System Architecture
XACML provides an expressive security policy for data exchange The main goal of the LINDO project (Large scale distributed
within dynamic environments, which enables a flexible way to INDexation of multimedia Objects) is to define a distributed
express and enforce access control policies. system for multimedia content management, while focusing on the
efficient use of the resources in the indexing and query processes.
Thus, not only the multimedia contents storage is distributed but
also the indexing process. The originality of this solution is that:
(a) the content is not moved to indexing servers, but indexing
algorithms are deployed on the servers where the content is
acquired; (b) the indexing process is accomplished in two steps: a
generic indexing at ingest time (i.e., implicit indexing) and a more
detailed one at query time (i.e., explicit indexing). The Figure 3
illustrates an example of the distributed architecture proposed
within LINDO project. A more detailed presentation of the
LINDO architecture can be found in [6].
Figure 2: The XACML dataflow
As shown in Figure 2, as a client makes a resource request upon a
server; a PEP (Policy Enforcement Point) interferes to ensure a
secure and authorized access. In order to enforce a security policy,
PEP will formalize attributes describing the requester (these
attributes can be extracted from the user profile) to the PIP
(Policy Information Point) and delegate the authorization decision
to the PDP (Policy Decision Point). Applicable policies are
located in a policy store PAP (Policy Administration Point) and
evaluated at the PDP, which then returns the authorization
decision. Using this information, the PEP can deliver the
appropriate response to the client and ensures that only authorized Figure 3: Example of LINDO architecture
resources are accessed.
Thus, the adopted distributed architecture enables to bypass
2.3 MULTIMEDIA ACCESS CONTROL problems that are specific to centralized systems like:
The projects mentioned in Section 2.1 were focused on the (1) The query processing slowness: executing the query on all
indexing and retrieval of multimedia contents, but none of them metadata existing in the system might overload the central server,
took into consideration problems related to the privacy and access especially when processing complex queries and when several
control management of the contents and systems resources. queries are executed simultaneously.
Meanwhile, many solutions have been proposed in order to secure (2) The network bandwidth overload: in a classical approach all
the access to multimedia databases and systems. While some contents and associated metadata are transferred to central server
authors were interested in the security of the connection to the or to dedicated servers.
systems and on the distribution of the contents [19], others were
focused on the content-based multimedia access control with fine- (3) The system centralization: this could rise problems like fault
grained restrictions at a specific level of the multimedia data [9]. resistance, if the central server is no longer available the metadata
collection needs to be recomputed.
[8] proposes a framework that addresses multi-level multimedia
access control by adopting RBAC, XML, and Object-Relational (4) The violation of access rights concerning the contents: some
Databases. The authors associated roles to users, IP addresses, metadata shouldn’t be stored on the central server for privacy
objects and time periods. All multimedia contents handled by reasons.
43
� Indoor Outdoor
Intrusion - Presence of people - Presence of people & vehicles
Counting - Number of people - Number of people, number of vehicles
- Main color of the upper part of - Main color of the people upper part.
the people - Main color of vehicles
Figure 4: Examples of Metadata attained by applying Implicit Indexing Algorithms
Indoor Outdoor
Intrusion - Presence of people - Presence of people & vehicles
Counting - Number of people - Number of people, number of vehicles
- Main color of the upper part of the - Main color of the people upper part.
people - Main color of vehicles
- Face recognition - Car plate number
- voice recognition & speech-to-text - Face recognition
Figure 5: Examples of Metadata attained by applying Explicit Indexing Algorithms
remote servers) in order to select the remote servers that could
3.2 System Functionality provide answers to the query and it is sent for execution to the
The functionality adopted within the previously presented system selected servers. Among the servers that were not selected at the
architecture goes as follows: the content is acquired and stored on first step, there could be some servers that contain relevant
the remote servers, and the collection of indexing algorithms is information that has not been indexed with the right algorithms.
stored and managed on the central server. This collection is For this reason, the LINDO solution detects such supplementary
variable; at any moment we can integrate new algorithms with algorithms [7] and starts their execution (i.e., explicit indexing)
different functionalities, execution constraints and performances. on a sub-collection of multimedia contents. All the results
obtained from the remote servers are sent to the central server,
3.2.1 Indexing Mechanism where they are combined and displayed to the user.
In order to reduce resource consumption, the architecture allows
the indexing of multimedia contents to be accomplished at
acquisition time (i.e., implicit indexing) with some generic
algorithms (e.g., person detection, dominant color detection) and
on demand (i.e., explicit indexing) with some algorithms that will
analyze the contents more in detail (e.g., person recognition,
register plate detection). This avoids executing all the indexing
algorithms at once and producing metadata that might never be
used but raises access rights issues concerning the explicit
indexing. The Figure 4 and Figure 5 offer some indexing
algorithms examples that illustrate the difference of the level of
detail attained by the implicit and explicit indexing. These
algorithms differentiate between two types of context acquisition
(indoor and outdoor).
3.2.2 Query Processing Mechanism
The query processing (illustrated in Figure 6) begins with the
query specification on the central server. First, the query is
processed and executed on the metadata collection on the central
Figure 6: Query Processing Flow Chart
server (which is a summary of the metadata collections from
44
�4. ADDING AN ACCESS CONTROL 2. The presentation of the video contents (the identity of
filmed persons in a video surveillance system is
LAYER TO THE LINDO ARCHITECTURE protected by privacy laws that assure their anonymity).
The sensitivity of the multimedia content and the privacy
protection law that imposes anonymity constraints justify the need Next, we introduce the detailed functionality of the PSQRS
of applying an access control scheme on top of the LINDO architecture.
architecture. The proposed layer customizes access based on the
user’s role (RBAC model) and is responsible for managing: 4.3 The PSQRS Architecture
1. The access rights granted to users or services demanding access As illustrated in Figure 7, the PSQRS (Pervasive Situation-aware
to the multimedia sources (e.g., video surveillance, medical Query Rewriting System) architecture contains several
domain, etc.) that vary not only according to their role but also in components and the sequence of its functionality starts from the
terms of their context (time, location, etc.). user, who enters the system through an authentication portal (step
1) and launches an access request to a certain element (step 2).
2. The access rights for executing queries that employ the explicit This request will be interpreted by our Query Interpreter that will
indexing algorithms: the risk of disclosing personal or translate the request into an XACML request and send it to the
confidential information arises with the level of detail sought and Query Analyzer (step3). The request (R) will be analyzed in
provided by the indexing algorithm increases. consideration with the user’s profile - automatically extracted at
We highlight that in the context of adding this access control the sign in process - and according to his context (XACML flow
layer, the lack of responses returned to a user’s query might not chart, Figure 2). As the analysis finishes, the Query Analyzer
only be due to the lack of results existing within the system but would send the result directly to the user if it’s a Permit (step 4a)
also due to access restrictions imposed by the security layer. or back to the Query Interpreter, if it’s a deny (step 4b).
4.1 A Pervasive Vision for LINDO
Our goal is to apply the access control layer and to balance
between the security constraints and the user needs to find
solutions that can ensure seamless accessibility to the requested
resources at any time, from anywhere and anyhow.
The pervasive accessibility that we aim to provide matches with
the pervasive characteristics of the LINDO system, which are:
• The distribution of multimedia sources.
• The variation of the entities managing these resources.
• The evolutive nature of these resources (generated and
indexed in real time).
• The sensitivity and confidentiality of their content.
• The diversity of contextual information.
• The distribution of the indexing process performed by a Figure 7: The PSQRS Architecture
variety of indexing algorithms. In a deny situation the adaptive situation-aware query rewriting
• The execution of access requests in real time. mechanism will take place and function as follows: the Query
• The importance level of obtaining reactive solutions in Interpreter will check the sensitivity of the consulting situation
important consultations or critical situations. with the help of the Sensitivity Analyzer component (steps 5, 6)
and according to the importance level of the situation, the Query
4.2 Confronting Accessibility Challenges with Interpreter will search for similar or alternative resources through
Adaptive Access Control the Similarity Provider component (steps 7, 8) and employ them
Managing access requests becomes more challenging within to rewrite the XACML request (R’) and send it again to the Query
pervasive environments due to the dynamicity of contextual and Analyzer that will analyze the request and transfer the result back
situational information. Our objective is to ensure an efficient to the user (steps 10a,10b).
information retrieval process despite the security challenges. In
order to achieve this objective, we employ PSQRS (Pervasive 5. VIDEO SURVEILLANCE USECASE
Situation-aware Query Rewriting System) - an adaptive decision- In this section, we present an example where the implementation
making system that confronts access denials taking place in real- of our proposal is used to overcome the lack of answers provided
time consulting situations by rewriting access requests in order to by the system. As we will illustrate next, the system will modify
offer alternative-based access solutions. the query processing and will adapt access decisions according to
The access control relaxation that we propose to carry out respects the level of importance of the querying situation.
the access rights defined to protect the multimedia content and Scenario: Taking the metro from « Trocadéro » station to « Place
applies the adaptive decision-making at two functionalities: d'Italie » station at 14:15, Helen has forgotten her red bag on a
1. The choice of using the explicit indexing algorithms bench at the waiting line. As soon as she realized, she went out to
(located on remote servers). report the problem at the information counter.
45
�A typical treatment of such situations goes through the customer 5.2 Employing PSQRS for Adaptive and
service agent who would open a lost object file, take the
descriptions and transmit them to the security officer on site. The Alternative based Query Processing
security agent will follow different steps in order to find the The search results returned to the security agent in this case might
object; he will check if the object has already been found or be insufficient especially that the red bag might be present in the
returned to the lost and found office by someone. Otherwise, he unauthorized segments containing passenger faces. Our proposal
will try to see the video surveillance system to check if the object can take place at this level as a step towards ensuring a better
is still in the same location. quality of service by offering a wider subset of resources to the
user while respecting the access rights defined on the consultation
of the video surveillance data sources.
5.1 Typical LINDO Query Processing
Figure 8 shows the typical interpretation performed by the Through the usage of our proposed PS-RBAC model, the system
information retrieval system provided by LINDO. The launched would be able to offer more accessibility and adapt the
request will be processed and parsed to extract the main keywords permissions assigned to the security agent according to his
that are then reformulated in the form of an XML user query. contextual attributes and to the importance level of the situation of
the consultation.
Query: Find all videos containing a red bag, forgotten in
Trocadéro, Paris metro station, on the 2nd of February, between This adaptive solution can be employed when the system
2:00pm and now (3:00pm). identifies access challenges related to the user’s context or at an
important situation. In this scenario, the « lost object » situation
find all videos containing a red bag, forgotten in
identification can be obtained from the file number.
Trocadéro, Paris metro station, on 2 February, between 2:00pm and 3:00pm. The implementation of the adaptive solutions is performed by the
metro station, Paris, Trocadéro
PSQRS that adapts decision-making by rewriting the XACML
Video queries. The solution proves its effectiveness due to its ability to
achieve decision making to access video surveillance sources that
2012-02-02T14:00:00 are distributed and administrated by different authorities.
2012-02-02T15:00:00
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
Figure 8: Request represented in XML http://docs.oasisopen.org/xacml/access_control-xacml-2.0-context-schema-os.xsd">
The distributive nature of resource management and query
based retrieval mechanism. The objective is to find the results that John Smith
the subset of metadata that the system has to scan in real-time Security Agent
while processing the request.
locating the servers responsible for managing the data streams sa2023
captured by the cameras located in the Trocadéro station waiting
line. Next, a filtering step is performed to restrict the search find all videos containing a red bag,
within the segments captured between 14:00 and 15:00. forgotten in Trocadéro, Paris metro station, on Thursday,
2 Febuary, between 2:00pm and 3:00pm).
The system will then, determine a list of indexing algorithms that metro station, Paris, Trocadéro
would meet the needs, properties and context expressed within the Video
query. This step will retrieve a subset of metadata describing the
2012-02-02T14:00:00
segments corresponding to the query. 2012-02-02T15:00:00
In this scenario, the requested information are generic thus, the
query processing will perform the search on the metadata
central server. The system will continue the search to find a red Read
object in the retrieved list of metadata describing the chosen
A filtering process is applied to take into account access control Situation
rules. Analyzing the access rights assigned to the security agent,
Forgotten Object
employ the explicit indexing algorithms existing at remote
1
segments that contain people faces and finally return to the user
the list of segments that contain a red object (if available).
Figure 9: XACML request embedding the user’s query
46
�As shown in Figure 8, the richness of the elements that we can Table 1: The adaptive solutions that our adaptive query
embed within an XACML query enables it to describe the processing can employ
contextual attributes characterizing: (i) the requested source in
the « resource » tag, (ii) the user launching the request in the « Problem The adaptive solution
subject » tag and (iii) the situation at which the user has launched The privacy law imposing the protection of anonymity of
the access request in the « environment » tag. audiovisual contents
The importance level of the situation will determine the level of Passenger faces are not Display the content after the execution of
adaptation to be realized. The activation of the adaptive search authorized an algorithm that applies a blur face
mode will be communicated from the XACML response in the function.
form of an « obligation » that accompanies the resulting access
decision, see Figure 10. Voices are not- Use an algorithm for speech-to-text
authorized transcription
Volume of the video
Deny Lack of storage capacity Use a compression algorithm in order to
on the user’s machine obtain a smaller file
Format not supported Use a conversion algorithm into a
by the user’s machine compatible format.
Download problems due Use a summarization algorithm in order
New solutions can also be inserted to the adaptive solutions
On database through a learning mechanism that detects the solutions
that users employ when encountered with access challenges in real
time.
The success of the adaptive solutions suggested by the users
Figure 10: XACML response containing the obligation would eventually be more efficient if they knew the reason behind
the access denial. The error messages that often accompany the
As the adaptive querying mode is triggered, the query processing
returned access denial responses can serve as indicators to help
mechanism will change to ensure the success of the search by
the users in finding alternative solutions.
providing a variety of adaptive solutions in correspondence with
the situation’s sensitivity level. Therefore, the adaptive solution for this example will modify the
treatment process and will: (i) neglect the filtering step
This adaptive search solution is realized by the PSQRS that
responsible for imposing the access control constraints and (ii)
detects the situation sensitivity through the Situation Analyzer
replace it with an adaptive step-related to the presentation of
component and turns to the Similarity Provider component to find
resources with unauthorized content.
similar resources that will guide the query rewriting process (see
Figure 7). By applying this process to the scenario described above, the
system will return the video segments taken from the Trocadéro
In the case where the search didn’t retrieve satisfactory results to
station between 14:00 and 15:00 and containing a red object.
the user and the consultation is taking place in a normal situation
(Sit_Lvl = 0), the system will perform the adaptive query These results will be filtered in order to detect the unauthorized
rewriting step through semantic similarity. The keywords of the segments (containing passenger faces). This is where the system
user query will be reformulated using similar words or more will apply the adaptation process that would filter the display to
generic concepts offered by the Similarity Provider. Similar works conform with the access restrictions imposed by the system.
have been introduced in [3], the objective is to maximize The adaptation will be performed through a face detection step
accessibility chances without crossing the security boundaries. and the use of an algorithm that applies a “blur function” to
The semantic reformulation options can be achieved with the help protect the privacy of passengers appearing in these segments in
of a standard lexical dictionary such as WordNet. For example, order to return to the user a list of pertinent results that respect the
the word "bag" can be replaced by various synonyms {backpack, access rules.
luggage, purse, etc.}.
At the other hand, the adaptation process in the mentioned 6. CONCLUSION
scenario will follow another scheme since the lost object situation In this paper, we have presented an adaptive approach for access
is judged to be of higher importance (Sit_Lvl = 1). Hence, the control management within multimedia distributed systems. Our
Similarity Provider component will be replaced by an Adaptive solution overcomes the access denials that take place in real time
Solutions Provider. This component will provide some predefined access demands by modifying the query processing mechanism
solutions that could bypass the access control challenge or would and by providing adaptive solutions to bypass the access control
assist the user in adapting and reformulating his query by pointing constraints. The proposed solution has been validated within the
out the access challenge and offering him adaptive solutions that LINDO framework in the context of a video surveillance use case.
would suit his context, the solutions are often saved in a We applied and validated the same access control approach for
predefined database. Table 1 shows examples of the solutions that other use cases, such as Healthcare Systems [3].
the system can offer.
47
�The adaptive and alternative based situation-aware solution can [11] Giroux, P., Brunessaux, S., Brunessaux, S., Doucy, J.,
increase the complexity of processing the request, but if we Dupont, G., Grilheres, B., Mombrun, Y.,and Saval, A.
consider the usefulness of the results provided in real time and the Weblab : An integration infrastructure to ease the
fact they do not violate the access rights defined by the privacy development of multimedia processing applications, In the
law, this complexity seems quite acceptable. 21st Conference on Software and Systems Engineering and
In future works, we aim to extend our proposal by taking into their Applications, 2008
account different contextual elements that might also influence the [12] Jaspers, E.G.T., Wijnhoven, R.G.J., Albers, A.H.R.,
accessibility to multimedia content (e.g., hardware, network Desurmont, X., Barais, M., Hamaide, J.,and Lienard B.
bandwidth, etc.) and to apply the adaptive process not only at the Candela-Storage, Analysis and Retrieval of Video Content in
presentation level but also at the choice of the explicit indexing Distributed Systems: Real-Time Video Surveillance and
algorithms that are protected by RBAC constraints. Retrieval. In Proc. of the IEEE International Conference on
Multimedia and Expo , 2005, 1553-1556.
7. ACKNOWLEDGMENTS [13] Kosch, H. and Maier, P. Content based image retrieval
This work has been supported by the EUREKA project LINDO systems – reviewing and benchmarking, In Proc. of the 9th
(ITEA2-06011). Workshop on Multimedia Metadata, 2009, 1-21.
[14] Merkus, P., Desurmont, X., Jaspers, E., Wijnhoven, R.,
8. REFERENCES Caignart, O., Delaigle, J.-F.,and Favoreel, W. Candela -
[1] Abreu, B., Botelho, L., Cavallaro, A., Douxchamps, D., integrated storage, analysis and distribution of video content
Ebrahimi, T., Figueiredo, P., Macq, B., Mory, B., Nunes, L., for intelligent information systems. In European Workshop
Orri, J., Trigueiros, M. J., and Violante, A. Video-Based on the Integration of Knowledge, Semantics and Digital
Multi-Agent Traffic Surveillance System. In Proc. of the Media Technology (EWIMT’04), 2004
IEEE Intelligent Vehicles Symposium. 2000, 457-462 [15] Michal, B., Fabrizio, F., Claudio, L., David, N., Raffaele, P.,
[2] Agosti, M., Buccio, E. D., Nunzio, G. M. D., Ferro, N., Fausto, R., Jan, S.,and Pavel, Z. Building a web-scale image
Melucci, M., Miotto, R., and Orio, N. Distributed similarity search system. In Multimedia Tools and
information retrieval and automatic identification of music Applications. 47, 3(May 2010), 599-629.
works in SAPIR. In Proc. of the 15th Italian Symposium on [16] OASIS, A brief Introduction to XACML, http://www.oasis-
Advanced Database Systems (SEBD’07), 2007, 479-482. open.org/committees/download.php/
[3] Al Kukhun, D. and Sedes, F., Adaptive Solutions for Access 2713/Brief_Introduction_to_XACML.html, 14 mars 2003
Control within Pervasive Healthcare Systems. In Proc. of [17] Pietarila, P., Westermann, U., Jarvinen, S., Korva, J., Lahti,
International Conference On Smart homes and health J., and Lothman, H. Candela-storage, analysis, and retrieval
Telematics (ICOST 2008), 2008, 42-53. of video content in distributed systems: Personal mobile
[4] Berry, M. W. and Castellanos, M., Survey of Text Mining II: multimedia management. In Proc. of the IEEE International
Clustering, Classification, and Retrieval, Springer, 2008. Conference on Multimedia and Expo (ICME’05), 2005,
[5] Boisson, F., Crucianu, M., and Vodislav, D. Publication 1557-1560.
Framework for Content-Based Search in Heterogeneous [18] Pinquier,J., André-Obrecht, R. Audio Indexing: Primary
Distributed Multimedia Databases. Scientific Rapport Components Retrieval - Robust Classification in Audio
CEDRIC No 1585, 2008. 18 pages. Documents. In Multimedia Tools and Applications, 30,3
[6] Brut, M., Codreanu, D., Dumitrescu, S., Manzat, A.-M., (September 2006), 313-330.
Sedes, F. A distributed architecture for flexible multimedia [19] Sánchez, M., López, G., Cánovas, O., Sánchez, J.-A., and
management and retrieval. In Proc. of Database and Expert Gómez-Skarmeta, A. F. An access control system for
Systems Applications (DEXA, 2011),2011, 249-263 multimedia content distribution. In Proc. of the Third
[7] Brut, M., Codreanu, D., Manzat, A.-M., and Sèdes, F. European conference on Public Key Infrastructure: theory
Adapting Indexation to the Content, Context and Queries and Practice (EuroPKI 2006), 2006, 169-183.
Characteristics in Distributed Multimedia Systems. In Proc. [20] Snoek, C. G., Worring, M. Multimodal video indexing: A
of International Conference on Signal-Image Technology & review of the state of the art. In Multimedia Tools and
Internet-Based Systems (SITIS 2011), 2011, 118-125. Applications, 25, 1(January 2005), 5- 35.
[8] Chen,S.-C., Shyu, M.-L., and Zhao, N. SMARXO: towards [21] Thuraisingham, B., Lavee, G., Bertino, E., Fan, J., and Khan.
secured multimedia applications by adopting RBAC, XML L. Access control, confidentiality and privacy for video
and object-relational database. In Proc. of the 12th annual surveillance databases. In Proc. of the eleventh ACM
ACM international conf. on Multimedia, 2004, 432-435. symposium on Access control models and technologies
[9] El-Khoury, V. A Multi-level Access Control Scheme for (SACMAT '06), 2006, 1-10.
Multimedia Database. In 9th Workshop on Multimedia [22] Viaud, M.-L., Thièvre, J., Goëau, H., Saulnier, A., and
Metadata (WMM'09), 2009. Buisson, O. Interactive components for visual exploration of
[10] Ferraiolo, D. F., and Richard Kuhn, D. Role-Based Access multimedia archives. In Proc. of the International
Controls. In Proc. of the 15th National Computer Security Conference on Image and Video Retrieval, 2008, 609-616
Conference, 1992, 554-563.
48
�