Ubiquitous Nature of Event-Driven Approaches: A Retrospective View

This paper retrospectively analyzes the progress of event-based capability and their applicability in various domains. Although research on event-based approaches started in a humble manner with the intention of introducing triggers in database management systems for monitoring application state and to automate applications by reducing/eliminating user intervention, currently it has become a force to reckon with as it finds use in many diverse domains. This is primarily due to the fact that a large number of real-world applications are indeed event-driven and hence the paradigm is apposite. In this paper, we briefly overview the development of the ECA (or event-condition-action) paradigm. We briefly discuss the evolution of the ECA paradigm (or active capability) in relational and Object-oriented systems. We then describe several diverse applications where the ECA paradigm has been used effectively. The applications range from customized monitoring of web pages to specification and enforcement of access control policies using RBAC (role-based access control). The multitude of applications clearly demonstrate the ubiquitous nature of event-based approaches to problems that were not envisioned as the ones where the active capability would be applicable. Finally, we indicate some future trends that can benefit from the ECA paradigm

Secure Shared Continuous Query Processing

Data Stream Management Systems (DSMSs) are being used in diverse application domains (e.g., stock trading), however, the need for processing data securely is becoming critical to several stream applications (e.g., patient monitoring). In this paper, we introduce a novel three stage (pre-processing, query processing, and post-processing) framework to enforce access control in DSMSs. As opposed to existing systems, our framework allows continuous queries to be shared when they have same or different privileges, does not modify the query plans, introduces no new security operators, and checks a tuple only once irrespective of the number of active continuous queries. In addition, it does not affect the DSMS quality of service improvement mechanisms as query plans are not modified. We discuss the prototype implementation using the MavStream Data Stream Management System. Finally, we discuss experimental evaluations to demonstrate the low overhead and feasibility of our approach

A Framework for Supporting and Enforcing RBAC and its Extensions in a Seamless Manner

Abstract: Role-Based Access Control (RBAC) has proven as a cost effective as well as a practical solution for authorization management in large enterprises. In the recent past, RBAC has been widely explored and there have been several extensions to it. Current systems do not enforce standard RBAC features and its extensions in a seamless way, which is essential to make RBAC even better-suited for a wide range of applications. In this paper, we propose an Event-Driven RBAC (ED-RBAC) framework that uses Event-Condition-Action (ECA) Rules for enforcing standard RBAC features and its extensions, such as the Generalized Temporal RBAC (GTRBAC) in a seamless way. Unlike other models, where authorization rules are defined by the enterprise, in our framework authorization rules are generated automatically from the enterprise security policy and are used for dynamic user-role assignment, seamless enforcement of diverse constraints, role deactivations, and so on. Automatic generation of authorization rules is indispensable, since thousands of rules are required for authorization management when there are hundreds of roles. In addition, conditions/constraints specification has been generalized so that this approach can support current and future extensions

Formalization and Detection of Events Using Interval-Based Semantics

Active databases utilize Event-Condition-Action rules to provide active capability to the underlying system. An event was initially defined to be an instantaneous, atomic occurrence of interest and the time of occurrence of the last event in an event expression was used as the time of occurrence for an entire event expression (detection-based semantics), rather than the interval over which an event expression occurs (interval-based semantics). This introduces semantic discrepancy for some operators when they are composed more than once. Currently, all active databases detect events using the detection-based semantics rather than the interval-based semantics. SnoopIB is an interval-based event specification language developed for expressing primitive and composite events that are part of active rules. Algorithms for event detection using interval-based semantics pose some challenges, as not all events are known (especially their starting points). In this paper, we address the following: 1) briefly explain the need for interval-based semantics, 2) formalization of events accumulated over a semantic window and 3) how diversified events (e.g., sliding window, accumulated) are detected using interval-based semantics in the context of Sentinel – an active object oriented database. 1

Ubiquitous Nature of Event-Driven Approaches: A Retrospective View (Position Paper

This paper retrospectively analyzes the progress of event-based capability and their applicability in various domains. Although research on event-based approaches started in a humble manner with the intention of introducing triggers in database management systems for monitoring application state and to automate applications by reducing/eliminating user intervention, currently it has become a force to reckon with as it nds use in many diverse domains. This is primarily due to the fact that a large number of real-world applications are indeed event-driven and hence the paradigm is apposite. In this paper, we brie y overview the development of the ECA (or event-condition-action) paradigm. We brie y discuss the evolution of the ECA paradigm (or active capability) in relational and Object-oriented systems. We then describe several diverse applications where the ECA paradigm has been used effectively. The applications range from customized monitoring of web pages to speci cation and enforcement of access control policies using RBAC (role-based access control). The multitude of applications clearly demonstrate the ubiquitous nature of event-based approaches to problems that were not envisioned as the ones where the active capability would be applicable. Finally, we indicate some future trends that can bene t from the ECA paradigm. 1