101 research outputs found
A General Approach for Securely Querying and Updating XML Data
Over the past years several works have proposed access control models for XML
data where only read-access rights over non-recursive DTDs are considered. A
few amount of works have studied the access rights for updates. In this paper,
we present a general model for specifying access control on XML data in the
presence of update operations of W3C XQuery Update Facility. Our approach for
enforcing such updates specifications is based on the notion of query rewriting
where each update operation defined over arbitrary DTD (recursive or not) is
rewritten to a safe one in order to be evaluated only over XML data which can
be updated by the user. We investigate in the second part of this report the
secure of XML updating in the presence of read-access rights specified by a
security views. For an XML document, a security view represents for each class
of users all and only the parts of the document these users are able to see. We
show that an update operation defined over a security view can cause disclosure
of sensitive data hidden by this view if it is not thoroughly rewritten with
respect to both read and update access rights. Finally, we propose a security
view based approach for securely updating XML in order to preserve the
confidentiality and integrity of XML data.Comment: No. RR-7870 (2012
Secure Querying of Recursive XML Views: A Standard XPath-based Technique
Most state-of-the art approaches for securing XML documents allow users to
access data only through authorized views defined by annotating an XML grammar
(e.g. DTD) with a collection of XPath expressions. To prevent improper
disclosure of confidential information, user queries posed on these views need
to be rewritten into equivalent queries on the underlying documents. This
rewriting enables us to avoid the overhead of view materialization and
maintenance. A major concern here is that query rewriting for recursive XML
views is still an open problem. To overcome this problem, some works have been
proposed to translate XPath queries into non-standard ones, called Regular
XPath queries. However, query rewriting under Regular XPath can be of
exponential size as it relies on automaton model. Most importantly, Regular
XPath remains a theoretical achievement. Indeed, it is not commonly used in
practice as translation and evaluation tools are not available. In this paper,
we show that query rewriting is always possible for recursive XML views using
only the expressive power of the standard XPath. We investigate the extension
of the downward class of XPath, composed only by child and descendant axes,
with some axes and operators and we propose a general approach to rewrite
queries under recursive XML views. Unlike Regular XPath-based works, we provide
a rewriting algorithm which processes the query only over the annotated DTD
grammar and which can run in linear time in the size of the query. An
experimental evaluation demonstrates that our algorithm is efficient and scales
well.Comment: (2011
A Constraint-based Approach for Generating Transformation Patterns
Undoing operations is an indispensable feature for many collaborative
applications, mainly collaborative editors. It provides the ability to restore
a correct state of shared data after erroneous operations. In particular,
selective undo allows to undo any operation and is based on rearranging
operations in the history thanks to the Operational Transformation (OT)
approach. OT is an optimistic replication technique allowing for updating the
shared data concurrently while maintaining convergence. It is a challenging
task how to meaningfully combine OT and undo approaches. Indeed, undoing
operations that are received and executed out-of-order at different sites leads
to divergence cases. Even though various undo solutions have been proposed over
the recent years, they are either limited or erroneous.
In this paper, we propose a constraint-based approach to address the undo
problem. We use Constraint Satisfaction Problem (CSP) theory to devise correct
and undoable transformation patterns (w.r.t OT and undo properties) which
considerably simplifies the design of collaborative objects.Comment: In Proceedings FOCLASA 2015, arXiv:1512.0694
On Coordinating Collaborative Objects
A collaborative object represents a data type (such as a text document)
designed to be shared by a group of dispersed users. The Operational
Transformation (OT) is a coordination approach used for supporting optimistic
replication for these objects. It allows the users to concurrently update the
shared data and exchange their updates in any order since the convergence of
all replicas, i.e. the fact that all users view the same data, is ensured in
all cases. However, designing algorithms for achieving convergence with the OT
approach is a critical and challenging issue. In this paper, we propose a
formal compositional method for specifying complex collaborative objects. The
most important feature of our method is that designing an OT algorithm for the
composed collaborative object can be done by reusing the OT algorithms of
component collaborative objects. By using our method, we can start from correct
small collaborative objects which are relatively easy to handle and
incrementally combine them to build more complex collaborative objects.Comment: In Proceedings FOCLASA 2010, arXiv:1007.499
Anonymizing Social Graphs via Uncertainty Semantics
Rather than anonymizing social graphs by generalizing them to super
nodes/edges or adding/removing nodes and edges to satisfy given privacy
parameters, recent methods exploit the semantics of uncertain graphs to achieve
privacy protection of participating entities and their relationship. These
techniques anonymize a deterministic graph by converting it into an uncertain
form. In this paper, we propose a generalized obfuscation model based on
uncertain adjacency matrices that keep expected node degrees equal to those in
the unanonymized graph. We analyze two recently proposed schemes and show their
fitting into the model. We also point out disadvantages in each method and
present several elegant techniques to fill the gap between them. Finally, to
support fair comparisons, we develop a new tradeoff quantifying framework by
leveraging the concept of incorrectness in location privacy research.
Experiments on large social graphs demonstrate the effectiveness of our
schemes
Detecting Communities under Differential Privacy
Complex networks usually expose community structure with groups of nodes
sharing many links with the other nodes in the same group and relatively few
with the nodes of the rest. This feature captures valuable information about
the organization and even the evolution of the network. Over the last decade, a
great number of algorithms for community detection have been proposed to deal
with the increasingly complex networks. However, the problem of doing this in a
private manner is rarely considered. In this paper, we solve this problem under
differential privacy, a prominent privacy concept for releasing private data.
We analyze the major challenges behind the problem and propose several schemes
to tackle them from two perspectives: input perturbation and algorithm
perturbation. We choose Louvain method as the back-end community detection for
input perturbation schemes and propose the method LouvainDP which runs Louvain
algorithm on a noisy super-graph. For algorithm perturbation, we design
ModDivisive using exponential mechanism with the modularity as the score. We
have thoroughly evaluated our techniques on real graphs of different sizes and
verified their outperformance over the state-of-the-art
On Consistency of Operational Transformation Approach
The Operational Transformation (OT) approach, used in many collaborative
editors, allows a group of users to concurrently update replicas of a shared
object and exchange their updates in any order. The basic idea of this approach
is to transform any received update operation before its execution on a replica
of the object. This transformation aims to ensure the convergence of the
different replicas of the object, even though the operations are executed in
different orders. However, designing transformation functions for achieving
convergence is a critical and challenging issue. Indeed, the transformation
functions proposed in the literature are all revealed incorrect.
In this paper, we investigate the existence of transformation functions for a
shared string altered by insert and delete operations. From the theoretical
point of view, two properties - named TP1 and TP2 - are necessary and
sufficient to ensure convergence. Using controller synthesis technique, we show
that there are some transformation functions which satisfy only TP1 for the
basic signatures of insert and delete operations. As a matter of fact, it is
impossible to meet both properties TP1 and TP2 with these simple signatures.Comment: In Proceedings Infinity 2012, arXiv:1302.310
An Optimistic Mandatory Access Control Model for Distributed Collaborative Editors
Distributed Collaborative Editors (DCE) provide computer support for modifying simultaneously shared documents, such as articles, wiki pages and programming source code, by dispersed users. Controlling access in such systems is still a challenging problem, as they need dynamic access changes and low latency access to shared documents. In this paper, we propose a Mandatory Access Control (MAC) based on replicating the shared document and its authorization policy at the local memory of each user. To deal with latency and dynamic access changes, we use an optimistic access control technique where enforcement of authorizations is retroactive. We show that naive coordination between updates of both copies can create security hole on the shared document by permitting illegal modification, or rejecting legal modification. Finally, we present a novel framework for managing authorizations in collaborative editing work which may be deployed easily on P2P networks
Symbolic Model-Checking of Optimistic Replication Algorithms
The original publication is available at www.springerlink.comInternational audienceThe Operational Transformation (OT) approach, used in many collaborative editors, allows a group of users to concurrently update replicas of a shared object and exchange their updates in any order. The basic idea of this approach is to transform any received update operation before its execution on a replica of the object. This transformation aims to ensure the convergence of the different replicas of the object. However, designing transformation algorithms for achieving convergence is a critical and challenging issue. In this paper, we address the verification of OT algorithms with a symbolic model-checking technique. We show how to use the difference bound matrices to explore symbolically infinite state-spaces of such systems and provide symbolic counterexamples for the convergence property
- …