Overview

    The environments in which Geographic Information Systems are being implemented and used are changing rapidly, thus producing a rapidly growing need for consideration of the security of the information in these systems. Spatial information is being put online where it is more readily accessible to a much larger group of people. Furthermore, the support for integration of geographic data with other data formats is leading to a dramatic increase in the number and variety of applications and enterprises using GIS. Most of the GIS software products available in today’s market do not guarantee information confidentiality; and, until recently, no research has been published on how to enhance the GIS environment with today’s security technology. We take this opportunity to define and implement an access control model suitable for a geodatabase, exploiting our GIS expertise at ESRI and the database security expertise at CS&E. We will set up an enterprise level GIS environment using ArcGIS^TM 8.1, ArcSDE^TM and Microsoft SQL Server, and will develop a security interface between ArcSDE^TM and SQL Server using role-based access control.  The interface we develop will enable system administrators to assign different access privileges to different user groups. The work will be performed in the ESRI and CS&E departments jointly.