71,278 research outputs found
Deriving global and local integrity rules for a distributed database
An important aim of a database system is to guarantee database consistency, which means that the data contained in a database is both accurate and valid. Integrity constraints represent knowledge about data with which a database must be consistent. The process of checking constraints to ensure that update operations or transactions which alter the database will preserve its consistency has proved to be extremely difficult to implement, particularly in a distributed database. In this paper, we describe an enforcement algorithm based on the rule mechanisms for a distributed database which aims at minimising the amount of data that has to be accessed or transferred across the underlying network by maintaining the consistency of the database at a single site, i.e. at the site where the update is to be performed. Our technique referred to as the integrity test generation, derives global and local integrity rules has effectively reduced the cost of constraint checking in a distributed environment
CamFlow: Managed Data-sharing for Cloud Services
A model of cloud services is emerging whereby a few trusted providers manage
the underlying hardware and communications whereas many companies build on this
infrastructure to offer higher level, cloud-hosted PaaS services and/or SaaS
applications. From the start, strong isolation between cloud tenants was seen
to be of paramount importance, provided first by virtual machines (VM) and
later by containers, which share the operating system (OS) kernel. Increasingly
it is the case that applications also require facilities to effect isolation
and protection of data managed by those applications. They also require
flexible data sharing with other applications, often across the traditional
cloud-isolation boundaries; for example, when government provides many related
services for its citizens on a common platform. Similar considerations apply to
the end-users of applications. But in particular, the incorporation of cloud
services within `Internet of Things' architectures is driving the requirements
for both protection and cross-application data sharing.
These concerns relate to the management of data. Traditional access control
is application and principal/role specific, applied at policy enforcement
points, after which there is no subsequent control over where data flows; a
crucial issue once data has left its owner's control by cloud-hosted
applications and within cloud-services. Information Flow Control (IFC), in
addition, offers system-wide, end-to-end, flow control based on the properties
of the data. We discuss the potential of cloud-deployed IFC for enforcing
owners' dataflow policy with regard to protection and sharing, as well as
safeguarding against malicious or buggy software. In addition, the audit log
associated with IFC provides transparency, giving configurable system-wide
visibility over data flows. [...]Comment: 14 pages, 8 figure
Open issues in semantic query optimization in relational DBMS
After two decades of research into Semantic Query Optimization (SQO) there is clear agreement as to the efficacy of SQO. However, although there are some experimental implementations there are still no commercial implementations. We
first present a thorough analysis of research into SQO. We identify three problems which inhibit the effective use of SQO in Relational Database Management Systems(RDBMS). We then propose solutions to these problems and describe first steps towards the implementation of an effective semantic query optimizer for relational databases
Interoperability, Trust Based Information Sharing Protocol and Security: Digital Government Key Issues
Improved interoperability between public and private organizations is of key
significance to make digital government newest triumphant. Digital Government
interoperability, information sharing protocol and security are measured the
key issue for achieving a refined stage of digital government. Flawless
interoperability is essential to share the information between diverse and
merely dispersed organisations in several network environments by using
computer based tools. Digital government must ensure security for its
information systems, including computers and networks for providing better
service to the citizens. Governments around the world are increasingly
revolving to information sharing and integration for solving problems in
programs and policy areas. Evils of global worry such as syndrome discovery and
manage, terror campaign, immigration and border control, prohibited drug
trafficking, and more demand information sharing, harmonization and cooperation
amid government agencies within a country and across national borders. A number
of daunting challenges survive to the progress of an efficient information
sharing protocol. A secure and trusted information-sharing protocol is required
to enable users to interact and share information easily and perfectly across
many diverse networks and databases globally.Comment: 20 page
Authorization Framework for the Internet-of-Things
This paper describes a framework that allows fine-grained
and flexible access control to connected devices with very
limited processing power and memory.
We propose a set of security and performance requirements
for this setting and derive an authorization framework distributing
processing costs between constrained devices and less constrained back-end servers while keeping message exchanges
with the constrained devices at a minimum.
As a proof of concept we present performance results from
a prototype implementing the device part of the framework
Obligations of trust for privacy and confidentiality in distributed transactions
Purpose – This paper aims to describe a bilateral symmetric approach to authorization, privacy protection and obligation enforcement in distributed transactions. The authors introduce the concept of the obligation of trust (OoT) protocol as a privacy assurance and authorization mechanism that is built upon the XACML standard. The OoT allows two communicating parties to dynamically exchange their privacy and authorization requirements and capabilities, which the authors term a notification of obligation (NoB), as well as their commitments to fulfilling each other's requirements, which the authors term signed acceptance of obligations (SAO). The authors seek to describe some applicability of these concepts and to show how they can be integrated into distributed authorization systems for stricter privacy and confidentiality control.
Design/methodology/approach – Existing access control and privacy protection systems are typically unilateral and provider-centric, in that the enterprise service provider assigns the access rights, makes the access control decisions, and determines the privacy policy. There is no negotiation between the client and the service provider about which access control or privacy policy to use. The authors adopt a symmetric, more user-centric approach to privacy protection and authorization, which treats the client and service provider as peers, in which both can stipulate their requirements and capabilities, and hence negotiate terms which are equally acceptable to both parties.
Findings – The authors demonstrate how the obligation of trust protocol can be used in a number of different scenarios to improve upon the mechanisms that are currently available today.
Practical implications – This approach will serve to increase trust in distributed transactions since each communicating party receives a difficult to repudiate digitally signed acceptance of obligations, in a standard language (XACML), which can be automatically enforced by their respective computing machinery.
Originality/value – The paper adds to current research in trust negotiation, privacy protection and authorization by combining all three together into one set of standardized protocols. Furthermore, by providing hard to repudiate signed acceptance of obligations messages, this strengthens the legal case of the injured party should a dispute arise
- …