Repairing Inconsistent XML Write-Access Control Policies

XML access control policies involving updates may contain security flaws, here called inconsistencies, in which a forbidden operation may be simulated by performing a sequence of allowed operations. This paper investigates the problem of deciding whether a policy is consistent, and if not, how its inconsistencies can be repaired. We consider policies expressed in terms of annotated DTDs defining which operations are allowed or denied for the XML trees that are instances of the DTD. We show that consistency is decidable in PTIME for such policies and that consistent partial policies can be extended to unique "least-privilege" consistent total policies. We also consider repair problems based on deleting privileges to restore consistency, show that finding minimal repairs is NP-complete, and give heuristics for finding repairs.Comment: 25 pages. To appear in Proceedings of DBPL 200

Personalizing XML Full Text Search in PIMENTO

In PIMENTO we advocate a novel approach to XML search that leverages user information to return more relevant query answers. This approach is based on formalizing {em user profiles} in terms of {em scoping rules} which are used to rewrite an input query, and of {em ordering rules} which are combined with query scoring to customize the ranking of query answers to specific users

On Measuring Bias in Online Information

Bias in online information has recently become a pressing issue, with search engines, social networks and recommendation services being accused of exhibiting some form of bias. In this vision paper, we make the case for a systematic approach towards measuring bias. To this end, we discuss formal measures for quantifying the various types of bias, we outline the system components necessary for realizing them, and we highlight the related research challenges and open problems.Comment: 6 pages, 1 figur

Results of the Ontology Alignment Evaluation Initiative 2015

cheatham2016aInternational audienceOntology matching consists of finding correspondences between semantically related entities of two ontologies. OAEI campaigns aim at comparing ontology matching systems on precisely defined test cases. These test cases can use ontologies of different nature (from simple thesauri to expressive OWL ontologies) and use different modalities, e.g., blind evaluation, open evaluation and consensus. OAEI 2015 offered 8 tracks with 15 test cases followed by 22 participants. Since 2011, the campaign has been using a new evaluation modality which provides more automation to the evaluation. This paper is an overall presentation of the OAEI 2015 campaign

Results of the ontology alignment evaluation initiative 2020

The Ontology Alignment Evaluation Initiative (OAEI) aims at comparing ontology matching systems on precisely defined test cases. These test cases can be based on ontologies of different levels of complexity and use different evaluation modalities (e.g., blind evaluation, open evaluation, or consensus). The OAEI 2020 campaign offered 12 tracks with 36 test cases, and was attended by 19 participants. This paper is an overall presentation of that campaign

Results of the Ontology Alignment Evaluation Initiative 2021

The Ontology Alignment Evaluation Initiative (OAEI) aims at comparing ontology matching systems on precisely defined test cases. These test cases can be based on ontologies of different levels of complexity and use different evaluation modalities (e.g., blind evaluation, open evaluation, or consensus). The OAEI 2021 campaign offered 13 tracks and was attended by 21 participants. This paper is an overall presentation of that campaig

Intégration et interrogation de ressources XML pour communautés web (s)

Dans cette thèse nous traitons le problème de l'interrogation et de l'intégration des ressources XML hétérogènes et autonomes. Notre contribution est composée de deux parties. Premièrement, nous nous sommes intéressés au problème de la construction de schémas de metadonnées par l'intégration d'ontologies qui décrivent les structures génériques dans le domaine d'intérêt et de thesauri qui sont des vocabulaires de termes avec une sémantique précise mais faiblement structurés entre eux. Ce type des schéma permet de décrire de sources différentes en utilisant le schéma générique de l'ontologie avec la sémantique précise des termes de thesaurus. Deuxièmement, nous avons élaboré un modèle d'intégration de sources XML en utilisant l'architecture médiateur/traducteur où le schéma du médiateur est une ontologie. Un modèle simple mais expressif est défini pour la description de ressources XML et l'algorithme de réécriture de requêtes transforme une requête en une ou plusieurs requêtes XQuery.In this thesis we study the problem of the integration and querying of heterogeneous and autonomous XML sources. Our contribution is two-fold. In a first time we have worked on the problem of theconstruction of metadata schemas by the integration of ontologies which describe generic structures in the domain of interest and thesauri which are structured vocabularies of terms withprecise semantics. The metadata schema constructed using our approach allows one to describe a large number of different resources using the ontology and their precise semantics using the thesaurus terms. In a second time we have worked on the STYX approach for the integration and querying of heterogeneous and autonomous XML resources which is based on the mediator/wrapperarchitecture where the mediator schema is an ontology. We have defined a simple but expressive model for the description of XML resources and a rewriting algorithm which transforms a user query to one or more XQuery expressions.PARIS-CNAM (751032301) / SudocSudocFranceF

Specifying Access Control Policies for XML Documents with XPath

Access control for XML documents is a non-trivial topic, as can be witnessed from the number of approaches presented in the literature. Trying to compare these, we discovered the need for a simple, clear and unambiguous language to state the declarative semantics of an access control policy. All current approaches state the semantics in natural language, which has none of the above properties. This makes it hard to assess whether the proposed algorithms are correct (i.e., really implement the described semantics). It is also hard to assess the proposed policy on its merits, and to compare it to others (for file systems for instance)