Efficient Testing and Matching of Deterministic Regular Expressions

International audienc

XML Security Views Revisited

International audienceIn this paper, we revisit the view based security framework for XML without imposing any of the previously considered restrictions on the class of queries, the class of DTDs, and the type of annotations used to dene the view. First, we show that the full class of Regular XPath queries is closed under query rewriting. Next, we address the problem of constructing a DTD that describes the view schema, which in general needs not be regular. We propose three dierent methods of ap- proximating the view schema and we show that the produced DTDs are indistinguishable from the exact schema (with queries from a class speci c for each method). Finally, we investigate problems of static analysis of security access specications

Static analysis of XML security views and query rewriting

International audienceIn this paper, we revisit the view based security framework for XML without imposing any of the previously considered restrictions on the class of queries, the class of DTDs, and the type of annotations used to define the view. First, we study {\em query rewriting} with views when the classes used to define queries and views are Regular XPath and MSO. Next, we investigate problems of {\em static analysis} of security access specifications (SAS): we introduce the novel class of \emph{interval-bounded} SAS and we define three different manners to compare views (i.e. queries), with a security point of view. We provide a systematic study of the complexity for deciding these three comparisons, when the depth of the XML documents is bounded, when the document may have an arbitrary depth but the queries defining the views are restricted to guarantee the interval-bounded property, and in the general setting without restriction on queries and document

View update translation for XML

We study the problem of update translation for views on XML documents. More precisely, given an XML view definition and a user defined view update program, find a source update program that translates the view update without side effects on the view. Additionally, we require the translation to be defined on all possible source documents; this corresponds to Hegnerâ\u80\u99s notion of uniform translation. The existence of such translation would allow to update XML views without the need of materialization. The class of views we consider can remove parts of the document and rename nodes. Our update programs define the simultaneous application of a collection of atomic update operations among insertion/deletion of a subtree and node renaming. Such update programs are compatible with the XQuery Update Facility (XQUF) snapshot semantics. Both views and update programs are represented by recognizable tree languages. We present as a proof of concept a small fragment of XQUF that can be expressed by our update programs, thus allows for update propagation. Two settings for the update problem are studied: without source constraints, where all source updates are allowed, and with source constraints, where there is a restricted set of authorized source updates. Using tree automata techniques, we establish that without constraints, all view updates are uniformly translatable and the translation is tractable. In presence of constraints, not all view updates are uniformly translatable. However, we introduce a reasonable restriction on update programs for which uniform translation with constraints becomes possible

Vues de sécurité XML (requêtes, mises à jour et schémas)

Les évolutions technologiques ont consacré l'émergence des services web et du stockage des données en ligne, en complément des bases de données traditionnelles. Ces évolutions facilitent l'accès aux données, mais en contrepartie soulèvent de nouvelles problématiques de sécurité. La mise en œuvre de politiques de contrôle d'accès appropriées est une des approches permettant de réduire ces risques. Nous étudions ici les politiques de contrôle d'accès au niveau d'un document XML, politiques que nous modélisons par des vues de sécurité XML (non matérialisées) à l'instar de Fan et al. Ces vues peuvent être représentées facilement par des alignements d'arbres grâce à l'absence d'opérateurs arithmétiques ou de restructuration. Notre objectif est par conséquent d'examiner comment manipuler efficacement ce type de vues, à l'aide des méthodes formelles, et plus particulièrement des techniques de réécriture de requêtes et la théorie des automates d'arbres. Trois directions principales ont orienté nos recherches: nous avons tout d'abord élaboré des algorithmes pour évaluer l'expressivité d'une vue, en fonction des requêtes qui peuvent être exprimées à travers cette vue. Il s'avère que l'on ne peut décider en général si une vue permet d'exprimer une requête particulière, mais cela devient possible lorsque la vue satisfait des hypothèses générales. En second lieu, nous avons considéré les problèmes soulevés par la mises à jour du document à travers une vue. Enfin, nous proposons des solutions pour construire automatiquement un schéma de la vue. En particulier, nous présentons différentes techniques pour représenter de façon approchée l'ensemble des documents au moyen d'une DTD.The evolution of web technologies and social trends fostered a shift from traditional enterprise databases to web services and online data. While making data more readily available to users, this evolution also raises additional security concerns regarding the privacy of users and more generally the disclosure of sensitive information. The implementation of appropriate access control models is one of the approaches to mitigate the threat. We investigate an access control model based on (non-materialized) XML views, as presented among others by Fan et al. The simplicity of such views, and in particular the absence of arithmetic features and restructuring, facilitates their modelization with tree alignments. Our objective is therefore to investigate how to manipulate efficiently such views, using formal methods, and especially query rewriting and tree automata. Our research follows essentially three directions: we first develop new algorithms to assess the expressivity of views, in terms of determinacy, query rewriting and certain answers. We show that those problems, although undecidable in our most general setting, can be decided under reasonable restrictions. Then we address the problem of handling updates in the security view framework. And last, we investigate the classical issues raised by schemata, focusing on the specific "determinism'' requirements of DTDs and XML Schemata. In particular, we survey some techniques to approximate the set of all possible view documents with a DTD, and we provide new algorithms to check if the content models of a DTD are deterministic.LILLE1-Bib. Electronique (590099901) / SudocSudocFranceF

Deterministic Regular Expressions in Linear Time

Deterministic regular expressions are widely used in XML processing. For instance, all regular expressions in DTDs and XML Schemas are required to be deterministic. In this paper we show that determinism of a regular expression e can be tested in linear time. The best known algorithms, based on the Glushkov automaton, require O(σ|e|) time, where σ is the number of distinct symbols in e. We further show that matching a word w against an expression e can be achieved in combined linear time O(|e | + |w|), for a wide range of deterministic regular expressions: (i) star-free (for multiple input words), (ii) bounded-occurrence, i.e., expressions in which each symbol appears a bounded number of times, and (iii) bounded plus-depth, i.e., expressions in which the nesting depth of alternating plus (union) and concatenation symbols is bounded. Our algorithms use a new structural decomposition of the parse tree of e. For matching arbitrary deterministic regular expressions we present an O(|e | + |w | log log |e|) time algorithm

The View Update Problem for XML

We study the problem of update propagation across views in the setting where both the view and the source database are XML documents. We consider a simple class of XML views that remove selected parts of the source document. The considered update operations permit to insert and delete subtrees of the document. We focus on constructing propagations that are 1) schema compliant i.e., when applied to the source document they give a document that satisfies the document schema; 2) side-effect free i.e., the view of the new source document is exactly as the result of applying the user update to the old view. We present a special structure allowing to capture all such propagations. We also show how to use this structure to capture only those propagations that affect minimally the parts of the document which are not visible in the view. Finally, we present a general outline of a polynomial algorithm constructing a unique propagation

Rétro-conception de modèles d'automates étendus de composant logiciels boîte-noire pour le test d'intégration

Le problème principal auquel on est confronté dans l'utilisation d'outils automatiques de validation (test ou vérification) est l'absence de spécification des composants également connus comme boîtes-noires. Même lorsqu'une spécification a été disponible à un stade antérieur, elle est souvent incomplète. C'est pourquoi une bonne part de la validation consiste à émettre et valider des hypothèses sur les composants assemblés. Nous proposons une solution pour l'intégration de composants boîtes-noires par une approche d'apprentissage. Cette approche apprend le modèle du composant sous la forme d une machine d'état finis entrées/sorties (avec des paramètres). Ensuite, nous proposons un framework de test pour les systèmes intégrés basé sur les modèles appris. Nous avons validé notre approche sur plusieurs études de cas fournies par France Telecom R&D et présentons leurs résultats.A challenging issue in component based software engineering is to deliver quality of service. When components come from third-party sources (aka black boxes), the specifications are often absent/insufficient for their formal analysis. The thesis addresses the problem of uncovering the behaviors of black box software components to support testing and analysis of the integrated system that is composed of such components. We propose to learn finite state machine models (where transitions are labelled with parameterized inputs/outputs) and provide a framework for testing and analyzing the integrated system using the inferred models. The approach has been validated on various case studies provides by France Telecom that has produced encouraging results.GRENOBLE1-BU Sciences (384212103) / SudocSudocFranceF

Inference of Shape Graphs for Graph Databases

International audienceWe investigate the problem of constructing a shape graph that describes the structure of a given graph database. We employ the framework of grammatical inference, where the objective is to find an inference algorithm that is both sound, i.e., always producing a schema that validates the input graph, and complete, i.e., able to produce any schema, within a given class of schemas, provided that a sufficiently informative input graph is presented. We identify a number of fundamental limitations that preclude feasible inference. We present inference algorithms based on natural approaches that allow to infer schemas that we argue to be of practical importance