Applying Pervasive and Flexible Access Control to Distributed Multimedia Retrieval Dana Al-Kukhun, Dana Codreanu, Ana-Maria Manzat, Florence Sedes Université de Toulouse – IRIT – UMR 5505 118 Route de Narbonne, 31062 Toulouse, France {kukhun, codreanu, manzat, sedes}@irit.fr ABSTRACT medical domain, etc.), the access control management should be The distribution of data sources has formed a classical challenge taken into consideration at the different levels of data processing for data management. The LINDO framework is an open system and should take into account the user’s mobility. Meanwhile, that manages the indexing, storage and retrieval of multimedia these security constraints should not affect the user’s accessibility contents that are distributed in different remote servers and needs especially in important situations. generated in a real time basis. The main objective of this Our objective is to include the access control within the query framework is to provide efficient information retrieval with processing and enrich it within the LINDO framework in order to minimal processing costs. This was achieved through the proposal attain a pervasive accessibility that enables the user to access of an efficient decentralized content indexing mechanism. When multimedia sources at anytime, anywhere and anyhow. To achieve considering the pervasive and mobile access to the managed this goal, we have employed PSQRS – Pervasive Situation-aware content, the need of an access control becomes essential. In this Query Rewriting System – that offers adaptive context and paper, we apply an access control layer on top of the LINDO situation-aware access solutions. The decision making within the architecture that manages access based on the RBAC model and system is based on the RBAC model [10] and employs the realizes decision making using the XACML standard. We explore XACML standard [16]. These technologies are adapted to the the challenges that face the system in processing access requests distributed access management needs within the LINDO showing how an access denial could influence the system’s framework. usability especially when returned to a user facing an important situation. Thus, we propose to apply flexible decision making that The solution overcomes the access denials taking place in real searches for alternative resources. This operation is performed time mobile situations by modifying the query processing using PSQRS, a query rewriting system that aims to provide users mechanism of the LINDO framework and by providing adaptive with pervasive accessibility where they could access any needed solutions that can bypass the access control constraints. multimedia source at anytime, anywhere and anyhow. Next in section 2, we introduce a state of the art covering the different systems managing distributed multimedia content in 2.1, 1. INTRODUCTION the basic standards for distributed access control management in The necessity of handling a huge quantity of multimedia content 2.2 and some research about multimedia access control in 2.3. created by multiple sources in a distributed environment emerges The LINDO approach for efficient multimedia distributed content and raises new challenges concerning the indexing and access to management is described in Section 3 through its architecture, as the multimedia content, such as: distributed storage and well as its indexing and querying mechanisms. In section 4, we decentralized processing, choice of the indexing algorithms, real apply an access control layer on top of the LINDO architecture. In time information retrieval and location-aware retrieval. On top of section 5, the adaptive access control solution is illustrated that we have to consider also that the users are more and more through a video surveillance use case. Finally, conclusions and mobile and they need to access the system from anywhere. In such future work directions are provided in section 6. mobile and pervasive contexts, privacy and security management is a central issue. 2. STATE OF THE ART: In this paper, we present a new layer on top of the architecture 2.1 Distributed Multimedia Systems proposed by the LINDO project1 in order to tackle the above- The constant growing dimension of the multimedia collections mentioned challenges. The objective of the LINDO project was to that are generated every day brings to the light problems of build a distributed system for multimedia content management, efficient indexing and retrieval. The solution to these issues and to ensure effective indexing and storage of data acquired in passes through the generation and management of the metadata real time. The project didn’t address the issues linked to data associated to the multimedia content. privacy and security. These metadata are obtained through the application of indexing Knowing that ensuring the protection of multimedia content is a algorithms, which have different performances, purposes and key issue in certain application domains (e.g., video surveillance, constraints. Besides, a great heterogeneity of indexing algorithms has been defined in the state of the art (e.g., [4] for texts, [13] for 1 images, [18] for audios, [20] for the videos). In a multimedia http://www.lindo-itea.eu information system it is not desirable to execute all available 41 indexing algorithms on all multimedia contents; because these video surveillance of motorways, in which they detect strange will (i) overload the system and (ii) produce metadata that might events, identify objects (persons, cars, trucks) and track the never be used. objects in the videos acquired by different cameras [1]. The video content is indexed by a segmentation agent on the same server In the following, we present some distributed systems that where it is stored. The obtained segmentation is employed by manage multimedia contents by emphasizing the architectural other collaborative agents in order to detect anomalies, which are choice and the adopted solution for multimedia indexing. displayed to the user as summaries. A distributed management of the multimedia is used by many A comparative study of these systems shows that no matter what projects due to the mobile acquisition context of these contents. the architectural choice is, the content indexing is usually done on An advantage of this kind of systems is that they benefit from the dedicated servers (the content and the associated resulting distributed storage and processing of the multimedia content and metadata are transferred over the network) using a pre-defined set thus, the performances of the system can be improved. of indexing algorithms. These algorithms are executed on all The distributed systems that handle multimedia contents employ ingested multimedia. Thus, the resource consumption is not peer-to-peer or service-oriented architectures. The major problem optimal. This important consumption problem was addressed by that these systems encounter is the heterogeneity of indexing the LINDO project, which proposes a distributed architecture for algorithms and of the generated metadata. The following projects the management of multimedia contents, which is favoring addressed this problem in different manners. reduced resource consumption, in terms of data transfers over the network, storage and CPU utilization. The SAPIR (Search on Audio-visual content using Peer-to-peer Information Retrieval) project [2], [15] proposes a hybrid peer-to- 2.2 Distributed Access Control peer architecture for the management of multimedia contents. It Access control and privacy protection are key issues nowadays, employs three specialized indexing servers, where each peer sends especially in the context of distributed systems. In this section, we its ingested contents in order to be indexed. The resulted metadata present two main standards that are widely employed for is sent back to the peer that ingested the multimedia content in managing access control within distributed environments: the order to store it. RBAC model and the XACML standard. The DISCO (Distributed Indexing and Search by Content) project2 has chosen a structured peer-to-peer architecture for the 2.2.1 The RBAC Model management of multimedia contents [5]. The indexing is The principal motivation behind the proposal of the RBAC (Role accomplished at each peer, at the contents acquisition time. Each Based Access Control) model [10] was to enable easy peer sends a summary of its index that is concatenated to a global specification and enforcement for enterprise specific security index which is sent to all the other peers. policies in a way that maps naturally to an organization’s structure. The RBAC model has simplified the administration and The CANDELA (Content Analysis and Network DELivery modification (updates) of access privileges especially in the case Architectures) project3 is focused on the video content analysis of assigning permissions for a large number of users accessing and retrieval into a Service Oriented Architecture, where the distributed resources. content is stored and indexed on the distributed servers. The proposed solution was implemented for several use cases: The main concept of the RBAC model was to group users within personal mobile multimedia management [17], video surveillance roles that reflect their organizational positions then, simply [14], [12]. The WebLab project4 proposes an integration infrastructure that enables the management of indexing algorithms as Web Services in order to be used in the development of multimedia processing applications [11]. These indexing services are handled manually through a graphical interface. The VITALAS (Video & image Indexing and retrieval in the Large Scale) project5 capitalizes the WebLab infrastructure in a distributed multimedia environment [22]. The architecture enables Figure 1: The RBAC Model the integration of partner's indexing modules as web services. The distribute permissions to these roles instead of repeating the multimedia content is indexed off-line, at acquisition time. process for each individual. The MODEST (Multimedia Object Descriptors Extraction from As illustrated in Figure 1, the role is placed at the heart of the Surveillance Tapes) project6 proposes a multi-agent system for the RBAC model and is seen as an intermediary element that connects between the users and permissions as it attributes a set of 2 http://www.lamsade.dauphine.fr/disco/index privileges to those users based on their roles. These permissions 3 (PRMS) allow the users to perform operations (OPS) on system http://www.hitech-projects.com/euprojects/candela sources expressed as objects (OBS). 4 http://weblab-project.org/ 5 http://vitalas.ercim.org 2.2.2 XACML 6 The RBAC model managed to solve the challenge of http://www.tele.ucl.ac.be/PROJECTS/MODEST/index.html administrating access permissions to distributed data sources by 42 providing centralized management for permissions through roles. their system have to be segmented. Only the objects which have With the evolution of service-oriented architectures and web roles associated to are extracted from the multimedia contents. services, new challenges has arisen and the problem of managing The system stores several versions of the multimedia contents, the access becomes more complicated as the access control policies original one and one for each user-based restriction. are also being distributed and more dynamic since they’re [21] Studied the confidentiality and privacy issues in the context managed by different administrating authorities. To resolve this of a video surveillance system. They also defined access rights to problem, the XACML standard was introduced by [16]. different hierarchical objects that can be extracted from the video XACML (extensible Access Control Markup Language) is an contents. They focused on the detection of suspicious events. XML based policy language that describes access control policies to allow the attribution of user privileges on system sources. The 3. THE LINDO APPROACH standard provides a system for authentication and authorization taking into account various factors related to the user’s context. 3.1 System Architecture XACML provides an expressive security policy for data exchange The main goal of the LINDO project (Large scale distributed within dynamic environments, which enables a flexible way to INDexation of multimedia Objects) is to define a distributed express and enforce access control policies. system for multimedia content management, while focusing on the efficient use of the resources in the indexing and query processes. Thus, not only the multimedia contents storage is distributed but also the indexing process. The originality of this solution is that: (a) the content is not moved to indexing servers, but indexing algorithms are deployed on the servers where the content is acquired; (b) the indexing process is accomplished in two steps: a generic indexing at ingest time (i.e., implicit indexing) and a more detailed one at query time (i.e., explicit indexing). The Figure 3 illustrates an example of the distributed architecture proposed within LINDO project. A more detailed presentation of the LINDO architecture can be found in [6]. Figure 2: The XACML dataflow As shown in Figure 2, as a client makes a resource request upon a server; a PEP (Policy Enforcement Point) interferes to ensure a secure and authorized access. In order to enforce a security policy, PEP will formalize attributes describing the requester (these attributes can be extracted from the user profile) to the PIP (Policy Information Point) and delegate the authorization decision to the PDP (Policy Decision Point). Applicable policies are located in a policy store PAP (Policy Administration Point) and evaluated at the PDP, which then returns the authorization decision. Using this information, the PEP can deliver the appropriate response to the client and ensures that only authorized Figure 3: Example of LINDO architecture resources are accessed. Thus, the adopted distributed architecture enables to bypass 2.3 MULTIMEDIA ACCESS CONTROL problems that are specific to centralized systems like: The projects mentioned in Section 2.1 were focused on the (1) The query processing slowness: executing the query on all indexing and retrieval of multimedia contents, but none of them metadata existing in the system might overload the central server, took into consideration problems related to the privacy and access especially when processing complex queries and when several control management of the contents and systems resources. queries are executed simultaneously. Meanwhile, many solutions have been proposed in order to secure (2) The network bandwidth overload: in a classical approach all the access to multimedia databases and systems. While some contents and associated metadata are transferred to central server authors were interested in the security of the connection to the or to dedicated servers. systems and on the distribution of the contents [19], others were focused on the content-based multimedia access control with fine- (3) The system centralization: this could rise problems like fault grained restrictions at a specific level of the multimedia data [9]. resistance, if the central server is no longer available the metadata collection needs to be recomputed. [8] proposes a framework that addresses multi-level multimedia access control by adopting RBAC, XML, and Object-Relational (4) The violation of access rights concerning the contents: some Databases. The authors associated roles to users, IP addresses, metadata shouldn’t be stored on the central server for privacy objects and time periods. All multimedia contents handled by reasons. 43 Indoor Outdoor Intrusion - Presence of people - Presence of people & vehicles Counting - Number of people - Number of people, number of vehicles - Main color of the upper part of - Main color of the people upper part. the people - Main color of vehicles Figure 4: Examples of Metadata attained by applying Implicit Indexing Algorithms Indoor Outdoor Intrusion - Presence of people - Presence of people & vehicles Counting - Number of people - Number of people, number of vehicles - Main color of the upper part of the - Main color of the people upper part. people - Main color of vehicles - Face recognition - Car plate number - voice recognition & speech-to-text - Face recognition Figure 5: Examples of Metadata attained by applying Explicit Indexing Algorithms remote servers) in order to select the remote servers that could 3.2 System Functionality provide answers to the query and it is sent for execution to the The functionality adopted within the previously presented system selected servers. Among the servers that were not selected at the architecture goes as follows: the content is acquired and stored on first step, there could be some servers that contain relevant the remote servers, and the collection of indexing algorithms is information that has not been indexed with the right algorithms. stored and managed on the central server. This collection is For this reason, the LINDO solution detects such supplementary variable; at any moment we can integrate new algorithms with algorithms [7] and starts their execution (i.e., explicit indexing) different functionalities, execution constraints and performances. on a sub-collection of multimedia contents. All the results obtained from the remote servers are sent to the central server, 3.2.1 Indexing Mechanism where they are combined and displayed to the user. In order to reduce resource consumption, the architecture allows the indexing of multimedia contents to be accomplished at acquisition time (i.e., implicit indexing) with some generic algorithms (e.g., person detection, dominant color detection) and on demand (i.e., explicit indexing) with some algorithms that will analyze the contents more in detail (e.g., person recognition, register plate detection). This avoids executing all the indexing algorithms at once and producing metadata that might never be used but raises access rights issues concerning the explicit indexing. The Figure 4 and Figure 5 offer some indexing algorithms examples that illustrate the difference of the level of detail attained by the implicit and explicit indexing. These algorithms differentiate between two types of context acquisition (indoor and outdoor). 3.2.2 Query Processing Mechanism The query processing (illustrated in Figure 6) begins with the query specification on the central server. First, the query is processed and executed on the metadata collection on the central Figure 6: Query Processing Flow Chart server (which is a summary of the metadata collections from 44 4. ADDING AN ACCESS CONTROL 2. The presentation of the video contents (the identity of filmed persons in a video surveillance system is LAYER TO THE LINDO ARCHITECTURE protected by privacy laws that assure their anonymity). The sensitivity of the multimedia content and the privacy protection law that imposes anonymity constraints justify the need Next, we introduce the detailed functionality of the PSQRS of applying an access control scheme on top of the LINDO architecture. architecture. The proposed layer customizes access based on the user’s role (RBAC model) and is responsible for managing: 4.3 The PSQRS Architecture 1. The access rights granted to users or services demanding access As illustrated in Figure 7, the PSQRS (Pervasive Situation-aware to the multimedia sources (e.g., video surveillance, medical Query Rewriting System) architecture contains several domain, etc.) that vary not only according to their role but also in components and the sequence of its functionality starts from the terms of their context (time, location, etc.). user, who enters the system through an authentication portal (step 1) and launches an access request to a certain element (step 2). 2. The access rights for executing queries that employ the explicit This request will be interpreted by our Query Interpreter that will indexing algorithms: the risk of disclosing personal or translate the request into an XACML request and send it to the confidential information arises with the level of detail sought and Query Analyzer (step3). The request (R) will be analyzed in provided by the indexing algorithm increases. consideration with the user’s profile - automatically extracted at We highlight that in the context of adding this access control the sign in process - and according to his context (XACML flow layer, the lack of responses returned to a user’s query might not chart, Figure 2). As the analysis finishes, the Query Analyzer only be due to the lack of results existing within the system but would send the result directly to the user if it’s a Permit (step 4a) also due to access restrictions imposed by the security layer. or back to the Query Interpreter, if it’s a deny (step 4b). 4.1 A Pervasive Vision for LINDO Our goal is to apply the access control layer and to balance between the security constraints and the user needs to find solutions that can ensure seamless accessibility to the requested resources at any time, from anywhere and anyhow. The pervasive accessibility that we aim to provide matches with the pervasive characteristics of the LINDO system, which are: • The distribution of multimedia sources. • The variation of the entities managing these resources. • The evolutive nature of these resources (generated and indexed in real time). • The sensitivity and confidentiality of their content. • The diversity of contextual information. • The distribution of the indexing process performed by a Figure 7: The PSQRS Architecture variety of indexing algorithms. In a deny situation the adaptive situation-aware query rewriting • The execution of access requests in real time. mechanism will take place and function as follows: the Query • The importance level of obtaining reactive solutions in Interpreter will check the sensitivity of the consulting situation important consultations or critical situations. with the help of the Sensitivity Analyzer component (steps 5, 6) and according to the importance level of the situation, the Query 4.2 Confronting Accessibility Challenges with Interpreter will search for similar or alternative resources through Adaptive Access Control the Similarity Provider component (steps 7, 8) and employ them Managing access requests becomes more challenging within to rewrite the XACML request (R’) and send it again to the Query pervasive environments due to the dynamicity of contextual and Analyzer that will analyze the request and transfer the result back situational information. Our objective is to ensure an efficient to the user (steps 10a,10b). information retrieval process despite the security challenges. In order to achieve this objective, we employ PSQRS (Pervasive 5. VIDEO SURVEILLANCE USECASE Situation-aware Query Rewriting System) - an adaptive decision- In this section, we present an example where the implementation making system that confronts access denials taking place in real- of our proposal is used to overcome the lack of answers provided time consulting situations by rewriting access requests in order to by the system. As we will illustrate next, the system will modify offer alternative-based access solutions. the query processing and will adapt access decisions according to The access control relaxation that we propose to carry out respects the level of importance of the querying situation. the access rights defined to protect the multimedia content and Scenario: Taking the metro from « Trocadéro » station to « Place applies the adaptive decision-making at two functionalities: d'Italie » station at 14:15, Helen has forgotten her red bag on a 1. The choice of using the explicit indexing algorithms bench at the waiting line. As soon as she realized, she went out to (located on remote servers). report the problem at the information counter. 45 A typical treatment of such situations goes through the customer 5.2 Employing PSQRS for Adaptive and service agent who would open a lost object file, take the descriptions and transmit them to the security officer on site. The Alternative based Query Processing security agent will follow different steps in order to find the The search results returned to the security agent in this case might object; he will check if the object has already been found or be insufficient especially that the red bag might be present in the returned to the lost and found office by someone. Otherwise, he unauthorized segments containing passenger faces. Our proposal will try to see the video surveillance system to check if the object can take place at this level as a step towards ensuring a better is still in the same location. quality of service by offering a wider subset of resources to the user while respecting the access rights defined on the consultation of the video surveillance data sources. 5.1 Typical LINDO Query Processing Figure 8 shows the typical interpretation performed by the Through the usage of our proposed PS-RBAC model, the system information retrieval system provided by LINDO. The launched would be able to offer more accessibility and adapt the request will be processed and parsed to extract the main keywords permissions assigned to the security agent according to his that are then reformulated in the form of an XML user query. contextual attributes and to the importance level of the situation of the consultation. Query: Find all videos containing a red bag, forgotten in Trocadéro, Paris metro station, on the 2nd of February, between This adaptive solution can be employed when the system 2:00pm and now (3:00pm). identifies access challenges related to the user’s context or at an important situation. In this scenario, the « lost object » situation find all videos containing a red bag, forgotten in identification can be obtained from the file number. Trocadéro, Paris metro station, on 2 February, between 2:00pm and 3:00pm. The implementation of the adaptive solutions is performed by the metro station, Paris, Trocadéro PSQRS that adapts decision-making by rewriting the XACML Video queries. The solution proves its effectiveness due to its ability to achieve decision making to access video surveillance sources that 2012-02-02T14:00:00 are distributed and administrated by different authorities. 2012-02-02T15:00:00 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os Figure 8: Request represented in XML http://docs.oasisopen.org/xacml/access_control-xacml-2.0-context-schema-os.xsd"> The distributive nature of resource management and query based retrieval mechanism. The objective is to find the results that John Smith the subset of metadata that the system has to scan in real-time Security Agent while processing the request. locating the servers responsible for managing the data streams sa2023 captured by the cameras located in the Trocadéro station waiting line. Next, a filtering step is performed to restrict the search find all videos containing a red bag, within the segments captured between 14:00 and 15:00. forgotten in Trocadéro, Paris metro station, on Thursday, 2 Febuary, between 2:00pm and 3:00pm). The system will then, determine a list of indexing algorithms that metro station, Paris, Trocadéro would meet the needs, properties and context expressed within the Video query. This step will retrieve a subset of metadata describing the 2012-02-02T14:00:00 segments corresponding to the query. 2012-02-02T15:00:00 In this scenario, the requested information are generic thus, the query processing will perform the search on the metadata central server. The system will continue the search to find a red Read object in the retrieved list of metadata describing the chosen A filtering process is applied to take into account access control Situation rules. Analyzing the access rights assigned to the security agent, Forgotten Object employ the explicit indexing algorithms existing at remote 1 segments that contain people faces and finally return to the user the list of segments that contain a red object (if available). Figure 9: XACML request embedding the user’s query 46 As shown in Figure 8, the richness of the elements that we can Table 1: The adaptive solutions that our adaptive query embed within an XACML query enables it to describe the processing can employ contextual attributes characterizing: (i) the requested source in the « resource » tag, (ii) the user launching the request in the « Problem The adaptive solution subject » tag and (iii) the situation at which the user has launched The privacy law imposing the protection of anonymity of the access request in the « environment » tag. audiovisual contents The importance level of the situation will determine the level of Passenger faces are not Display the content after the execution of adaptation to be realized. The activation of the adaptive search authorized an algorithm that applies a blur face mode will be communicated from the XACML response in the function. form of an « obligation » that accompanies the resulting access decision, see Figure 10. Voices are not- Use an algorithm for speech-to-text authorized transcription Volume of the video Deny Lack of storage capacity Use a compression algorithm in order to on the user’s machine obtain a smaller file Format not supported Use a conversion algorithm into a by the user’s machine compatible format. Download problems due Use a summarization algorithm in order New solutions can also be inserted to the adaptive solutions On database through a learning mechanism that detects the solutions that users employ when encountered with access challenges in real time. The success of the adaptive solutions suggested by the users Figure 10: XACML response containing the obligation would eventually be more efficient if they knew the reason behind the access denial. The error messages that often accompany the As the adaptive querying mode is triggered, the query processing returned access denial responses can serve as indicators to help mechanism will change to ensure the success of the search by the users in finding alternative solutions. providing a variety of adaptive solutions in correspondence with the situation’s sensitivity level. Therefore, the adaptive solution for this example will modify the treatment process and will: (i) neglect the filtering step This adaptive search solution is realized by the PSQRS that responsible for imposing the access control constraints and (ii) detects the situation sensitivity through the Situation Analyzer replace it with an adaptive step-related to the presentation of component and turns to the Similarity Provider component to find resources with unauthorized content. similar resources that will guide the query rewriting process (see Figure 7). By applying this process to the scenario described above, the system will return the video segments taken from the Trocadéro In the case where the search didn’t retrieve satisfactory results to station between 14:00 and 15:00 and containing a red object. the user and the consultation is taking place in a normal situation (Sit_Lvl = 0), the system will perform the adaptive query These results will be filtered in order to detect the unauthorized rewriting step through semantic similarity. The keywords of the segments (containing passenger faces). This is where the system user query will be reformulated using similar words or more will apply the adaptation process that would filter the display to generic concepts offered by the Similarity Provider. Similar works conform with the access restrictions imposed by the system. have been introduced in [3], the objective is to maximize The adaptation will be performed through a face detection step accessibility chances without crossing the security boundaries. and the use of an algorithm that applies a “blur function” to The semantic reformulation options can be achieved with the help protect the privacy of passengers appearing in these segments in of a standard lexical dictionary such as WordNet. For example, order to return to the user a list of pertinent results that respect the the word "bag" can be replaced by various synonyms {backpack, access rules. luggage, purse, etc.}. At the other hand, the adaptation process in the mentioned 6. CONCLUSION scenario will follow another scheme since the lost object situation In this paper, we have presented an adaptive approach for access is judged to be of higher importance (Sit_Lvl = 1). Hence, the control management within multimedia distributed systems. Our Similarity Provider component will be replaced by an Adaptive solution overcomes the access denials that take place in real time Solutions Provider. This component will provide some predefined access demands by modifying the query processing mechanism solutions that could bypass the access control challenge or would and by providing adaptive solutions to bypass the access control assist the user in adapting and reformulating his query by pointing constraints. The proposed solution has been validated within the out the access challenge and offering him adaptive solutions that LINDO framework in the context of a video surveillance use case. would suit his context, the solutions are often saved in a We applied and validated the same access control approach for predefined database. Table 1 shows examples of the solutions that other use cases, such as Healthcare Systems [3]. the system can offer. 47 The adaptive and alternative based situation-aware solution can [11] Giroux, P., Brunessaux, S., Brunessaux, S., Doucy, J., increase the complexity of processing the request, but if we Dupont, G., Grilheres, B., Mombrun, Y.,and Saval, A. consider the usefulness of the results provided in real time and the Weblab : An integration infrastructure to ease the fact they do not violate the access rights defined by the privacy development of multimedia processing applications, In the law, this complexity seems quite acceptable. 21st Conference on Software and Systems Engineering and In future works, we aim to extend our proposal by taking into their Applications, 2008 account different contextual elements that might also influence the [12] Jaspers, E.G.T., Wijnhoven, R.G.J., Albers, A.H.R., accessibility to multimedia content (e.g., hardware, network Desurmont, X., Barais, M., Hamaide, J.,and Lienard B. bandwidth, etc.) and to apply the adaptive process not only at the Candela-Storage, Analysis and Retrieval of Video Content in presentation level but also at the choice of the explicit indexing Distributed Systems: Real-Time Video Surveillance and algorithms that are protected by RBAC constraints. Retrieval. In Proc. of the IEEE International Conference on Multimedia and Expo , 2005, 1553-1556. 7. ACKNOWLEDGMENTS [13] Kosch, H. and Maier, P. Content based image retrieval This work has been supported by the EUREKA project LINDO systems – reviewing and benchmarking, In Proc. of the 9th (ITEA2-06011). Workshop on Multimedia Metadata, 2009, 1-21. [14] Merkus, P., Desurmont, X., Jaspers, E., Wijnhoven, R., 8. REFERENCES Caignart, O., Delaigle, J.-F.,and Favoreel, W. Candela - [1] Abreu, B., Botelho, L., Cavallaro, A., Douxchamps, D., integrated storage, analysis and distribution of video content Ebrahimi, T., Figueiredo, P., Macq, B., Mory, B., Nunes, L., for intelligent information systems. In European Workshop Orri, J., Trigueiros, M. J., and Violante, A. Video-Based on the Integration of Knowledge, Semantics and Digital Multi-Agent Traffic Surveillance System. In Proc. of the Media Technology (EWIMT’04), 2004 IEEE Intelligent Vehicles Symposium. 2000, 457-462 [15] Michal, B., Fabrizio, F., Claudio, L., David, N., Raffaele, P., [2] Agosti, M., Buccio, E. D., Nunzio, G. M. D., Ferro, N., Fausto, R., Jan, S.,and Pavel, Z. Building a web-scale image Melucci, M., Miotto, R., and Orio, N. Distributed similarity search system. In Multimedia Tools and information retrieval and automatic identification of music Applications. 47, 3(May 2010), 599-629. works in SAPIR. In Proc. of the 15th Italian Symposium on [16] OASIS, A brief Introduction to XACML, http://www.oasis- Advanced Database Systems (SEBD’07), 2007, 479-482. open.org/committees/download.php/ [3] Al Kukhun, D. and Sedes, F., Adaptive Solutions for Access 2713/Brief_Introduction_to_XACML.html, 14 mars 2003 Control within Pervasive Healthcare Systems. In Proc. of [17] Pietarila, P., Westermann, U., Jarvinen, S., Korva, J., Lahti, International Conference On Smart homes and health J., and Lothman, H. Candela-storage, analysis, and retrieval Telematics (ICOST 2008), 2008, 42-53. of video content in distributed systems: Personal mobile [4] Berry, M. W. and Castellanos, M., Survey of Text Mining II: multimedia management. In Proc. of the IEEE International Clustering, Classification, and Retrieval, Springer, 2008. Conference on Multimedia and Expo (ICME’05), 2005, [5] Boisson, F., Crucianu, M., and Vodislav, D. Publication 1557-1560. Framework for Content-Based Search in Heterogeneous [18] Pinquier,J., André-Obrecht, R. Audio Indexing: Primary Distributed Multimedia Databases. Scientific Rapport Components Retrieval - Robust Classification in Audio CEDRIC No 1585, 2008. 18 pages. Documents. In Multimedia Tools and Applications, 30,3 [6] Brut, M., Codreanu, D., Dumitrescu, S., Manzat, A.-M., (September 2006), 313-330. Sedes, F. A distributed architecture for flexible multimedia [19] Sánchez, M., López, G., Cánovas, O., Sánchez, J.-A., and management and retrieval. In Proc. of Database and Expert Gómez-Skarmeta, A. F. An access control system for Systems Applications (DEXA, 2011),2011, 249-263 multimedia content distribution. In Proc. of the Third [7] Brut, M., Codreanu, D., Manzat, A.-M., and Sèdes, F. European conference on Public Key Infrastructure: theory Adapting Indexation to the Content, Context and Queries and Practice (EuroPKI 2006), 2006, 169-183. Characteristics in Distributed Multimedia Systems. In Proc. [20] Snoek, C. G., Worring, M. Multimodal video indexing: A of International Conference on Signal-Image Technology & review of the state of the art. In Multimedia Tools and Internet-Based Systems (SITIS 2011), 2011, 118-125. Applications, 25, 1(January 2005), 5- 35. [8] Chen,S.-C., Shyu, M.-L., and Zhao, N. SMARXO: towards [21] Thuraisingham, B., Lavee, G., Bertino, E., Fan, J., and Khan. secured multimedia applications by adopting RBAC, XML L. Access control, confidentiality and privacy for video and object-relational database. In Proc. of the 12th annual surveillance databases. In Proc. of the eleventh ACM ACM international conf. on Multimedia, 2004, 432-435. symposium on Access control models and technologies [9] El-Khoury, V. A Multi-level Access Control Scheme for (SACMAT '06), 2006, 1-10. Multimedia Database. In 9th Workshop on Multimedia [22] Viaud, M.-L., Thièvre, J., Goëau, H., Saulnier, A., and Metadata (WMM'09), 2009. Buisson, O. Interactive components for visual exploration of [10] Ferraiolo, D. F., and Richard Kuhn, D. Role-Based Access multimedia archives. In Proc. of the International Controls. In Proc. of the 15th National Computer Security Conference on Image and Video Retrieval, 2008, 609-616 Conference, 1992, 554-563. 48