Enhancing Security and Privacy in Video Surveillance through Role-Oriented Access Control Mechanism

Abstract

Use of video surveillance has significantly increased in the last few decades. Modern video surveillance systems are equipped with techniques that automatically extract information about the objects and events from the video streams and allow traversal of data in an effective and efficient manner. Pervasive usage of such systems gives substantial powers to those monitoring the videos and poses a threat to the privacy of anyone observed by the system. Aside from protecting privacy from the outside attackers, it is equally important to protect the privacy of individuals from the inside personnel involved in monitoring surveillance data to minimize the chances of misuse of the system, e.g. voyeurism. In this context, several techniques to protect the privacy of individuals, called privacy enhancing techniques (PET) have therefore been proposed in the literature which detect and mask the privacy sensitive regions, e.g. faces, from the videos. However, very few research efforts have focused on addressing the security aspects of video surveillance data and on authorizing access to this data. Interestingly, while PETs help protect the privacy of individuals, they may also hinder the usefulness of video surveillance systems resulting in compromising the very purpose of such systems, i.e. public safety. Thus the challenge is to provide sufficient need-specific data to those monitoring the surveillance systems yet preserving the privacy of people as much as possible. This can be achieved through a dynamic access control mechanism that may provide proportionate access to data while allowing reversing the PETs whenever required. In this context, a summary of thesis contributions is given below. In this thesis, we present an abstract model of video surveillance systems that helps identify the major security and privacy requirements in a video surveillance system. We study existing solutions against these requirements and point out practical challenges in ensuring the security of video surveillance data in all stages (in transit and at storage). Our study shows a gap, between the security requirements that we identified and the proposed security solutions, where future research efforts may focus in this domain. From the challenges that we outline regarding security in video surveillance, we focus on development of a dynamic access control mechanism.We develop a general-purpose access control model that is suitable for video surveillance systems as well as other domains sharing similar requirements. As the currently dominant access control models – the role-based access control (RBAC) and the attribute-based access control (ABAC) – suffer from limitations while offering features complementary to each other, their integration has become an important area of research. Our access control model combines the two models in a novel way in order to unify their benefits while avoiding their limitations. Our approach provides a mechanism that not only takes information about the current circumstances into account during access control decision making, but is also suitable for applications where access to resources is controlled by exploiting the contents of resources in the access control policy. We evaluate our model against RBAC and ABAC and demonstrate that our model brings together the benefits offered by RBAC and ABAC while addressing the role- and permission-explosion issues faced in RBAC. Based on our access control model, we then present an access control mechanism for video surveillance systems. Contrary to the existing approaches, the proposed access control mechanism is role-oriented and retains advantages associated with role-based access control, yet it allows specification of policies using the metadata associated with the objects as well as the attributes of users and environment. In addition to role hierarchies, the content-based permissions in our model allow derivation of several permissions from the explicitly stated ones due to the hierarchical relations between the attributes of different entities. We implement a prototype of the proposed mechanism and demonstrate that the access control policies using our approach may be specified via eXtensible Access Control Markup Language (XACML)