Efficient Database-Driven Evaluation of Security Clearance for Federated Access Control of Dynamic XML Documents

Abstract. Achieving data security over cooperating web services is becoming a reality, but existing XML access control architectures do not consider this federated service computing. In this paper, we consider a federated access control model, in which Data Provider and Policy Enforcers are separated into different organizations; the Data Provider is responsible for evaluating criticality of requested XML documents based on co-occurrence of security objects, and issuing security clearances. The Policy Enforcers enforce access control rules reflecting their organization-specific policies. A user’s query is sent to the Data Provider and she needs to obtain a permission from the Policy Enforcer in her organization to read the results of her query. The Data Provider evaluates the query and also evaluate criticality of the query, where evaluation of sensitiveness is carried out by using clearance rules. In this setting, we present a novel approach, called the DIFF approach, to evaluate security clearance by the Data Provider. Our technique is build on top of relational framework and utilizes pre-evaluated clearances by taking the differences (or deltas) between query results.

Program Slicing on VHDL Descriptions and Its Applications

We propose applying program slicing to hardware description language VHDL; program slicing is a technique developed in the software engineering field, and it can extract all the sentences which have a certain dependence to a given sentence, and it can be utilized for analysis and modification of programs. Program slicing for hardware description languages should have a variety of applications in VLSI CAD, such as functional verification, test generation, designer assistance, and design synthesis. We show several examples of program slicing on VHDL descriptions, and address a list of related issues. 1 Introduction Hardware description languages (HDLs) are now being widely used as a tool for total system description, from low-level circuit descriptions to high-level abstract and conceptual descriptions. As design resources in the form of HDL descriptions are going to be accumulated, verification, maintenance and reuse of HDL descriptions will become an important issue. We propose apply..

Private-iye: A framework for privacy preserving data integration

Data integration has been a long standing challenge to the database and data mining communities. This need has become critical in numerous contexts, including building e-commerce market places, sharing data from scientific research, and improving homeland security. However, these important activities are hampered by legitimate and widespread concerns of data privacy. It is necessary to develop solutions that enable integration of data, especially in the domains of national priorities, while effective privacy control of the data. In this paper, we present an architecture and key research issues for building such a privacy preserving data integration system called PRIVATE-IYE.

A System for Querying and Viewing Business Constraints

In E-commerce processes, various rules and constraints regarding product specifications, pricing, terms and conditions are exchanged between vendors and buyers. Developing a formal model for those rules and constraints gives a foundation for new E-commerce applications. Our approach is to develop a constraint database holding these conditions as dynamic constraints and provide a query language, called dynamic constraint algebra (DCA), for retrieving and matching business constraints

Supporting Dynamic Process Specifications using Communication based Processes

In this paper, we introduce M-Trans system, which has an ability of recording the specification of the design process for the communicative process, which is designed in a discussion and is be specified incompletely, of creating the communicative process according to the specification, and of supporting dynamic process specifications utilizing the record of executed communicative process. The system is based on the model that provides integrated specification of a process and communication. The execution of the communicative process may be performed on parallel with the design process, and the design process and the implementation may have interactions for coordination. Moreover, we present a method for verifying consistency between the communicative process and its specification. Managing communicative process is important since it realizes adaptation to unexpected situations, including exception handling and dynamic re-composition of a process in WfMS

実行場所の切り替えによるXSLアプリケーション応答時間の削減

第12回データ工学ワークショップ, 伊豆熱川DEWS2001 : 2001年3月8日(木)～10日(土)汎用的なデータフォーマット言語であるXML とそのスタイルシート言語であるXSL の組み合わせは, 表示のためにHTML へ変換する処理を行う場所をクライアントとサーバで自由に切り替えて実行すること可能とする．サーバやクライアント，通信路の状態等によって最適な実行場所を動的に選ぶことができれば，アプリケーションの応答時間を短縮することが可能である．そこで本稿では，サーバ側とクライアント側のそれぞれで処理を行った場合に要する時間を実験で測定し，時間が逆転する条件を調べ，最適な場所を選ぶための判断基準を考える