This paper introduces a class of join algorithms, termed W-join, for joining multiple infinite data streams. W-join addresses the infinite nature of the data streams by joining stream data items that lie within a sliding window and that match a certain join condition. In addition to its general applicability in stream query processing, W-join can be used to track the motion of a moving object or detect the propagation of clouds of hazardous material or pollution spills over time in a sensor network environment. We describe two new algorithms for W-join and address variations and local/global optimizations related to specifying the nature of the window constraints to fulfill the posed queries. The performance of the proposed algorithms is studied experimentally in a prototype stream database system, using synthetic data streams and real time-series data. Tradeoffs of the proposed algorithms and their advantages and disadvantages are highlighted, given variations in the aggregate arrival rates of the input data streams and the desired response times per query.

In this paper we present a system we have built to disseminate cultural heritage distributed across multiple museums. Our system addresses the requirements of two categories of users: the end users that need to access information according to their interests and interaction preferences, and the domain experts and museum curators that need to develop thematic tours providing end users with a better understanding of the single artefact or collection. In our approach we make use of a semantic representation of the given heritage domain in order to build multiple visual interfaces, called “Virtual Wings” (VWs). Such interfaces allow users to navigate through data available from digital archives and thematic tours and to create their own personalized virtual visits. An interactive application integrating personalized digital guides (using PDAs) and 360 panoramic images is the example of VW presented.

This paper proposes an infrastructure and related algorithms for the controlled and cooperative updates of XML documents. Key components of the proposed system are a set of XML-based languages for specifying access-control policies and the path that the document must follow during its update. Such path can be fully specified before the update process begins or can be dynamically modified by properly authorized subjects while being transmitted. Our approach is fully distributed in that each party involved in the process can verify the correctness of the operations performed until that point on the document without relying on a central authority. More importantly, the recovery procedure also does not need the participation of a central authority. Our approach is based on the use of some special control information that is transmitted together with the document and a suite of protocols. We formally specify the structure of such control information and the protocols. We also analyze security and complexity of the proposed protocols.

In mobile organizations such as enterprises operating on field, healthcare organizations and military and civilian coalitions, individuals, because of the role they have, may need to access common information resources through location-aware applications. To enable a controlled and privacy preserving access to such applications, a comprehensive conceptual framework for an access control system enhanced with location privacy is presented.

Grid systems were initially developed for supporting scientific computations. Today, companies, users and researchers are looking at ways to use the Grid approach to commercial uses and for applications in many different areas. Security in grid systems however has not been much addressed and yet is an important prerequisite to really make grid systems usable in a variety of commercial applications.The goal of this panel is to explore relevant security issues, with special emphasis on access control, for grid-based computing systems. The panel will discuss security requirements that are specific to grid-based systems and set these systems apart from conventional distributed systems, and outline directions for future research. Questions addressed by the panel include the following ones:

  * What needs to be protected in a grid system: hosts, resources, data, computations?
  * Access control languages and policies: do we need ad-hoc languages for specifying access control policies for grid hosts? If so, which would be the most relevant and features of these languages?
  * User requirements: different grid hosts may provide different levels of security. How can a user specify his/her security requirements when running computations? Which assurance has the user that his/her own requirements have been met?
  * Scalability and evolution: grid computing systems may encompass a very large number of nodes (hundreds or even thousands). Moreover, they can be quite dynamic with hosts and clients dynamically joining and leaving. How can we design scalable access systems able to cope with the required dynamicity?

Delegation of authority is an important process that needs to be captured by any access control model. In role-based access control models, delegation of authority involves delegating roles that a user can assume or the set of permissions that he can acquire, to other users. Several role-based delegation models have been proposed in the literature. However, these models consider delegation in presence of the general hierarchy type. Multiple hierarchy types have been proposed in the context of Generalized Temporal Role-based Access Control (GTRBAC) model, where it has been shown that multiple hierarchy semantics is desirable to express fine-grained access control policies. In this paper, we address role-based delegation schemes in the of hybrid hierarchies and elaborate on fine-grained delegation schemes. In particular, we show that upward delegation, which has been considered as having no practical use, is a desirable feature. Furthermore, we show that accountability must be considered as an important factor during the delegation process. The delegation framework proposed subsumes delegations schemes proposed in earlier role-based delegation models and provide much more fine-grained control of delegation semantics.

Privacy has been acknowledged to be a critical requirement for many business (and non-business) environments. Therefore, the definition of an expressive and easy-to-use privacy related access control model, based on which privacy policies can be specified, is crucial. In this work we introduce a family of models (P-RBAC) that extend the well known RBAC model in order to provide full support for expressing highly complex privacy-related policies, taking into account features like purposes and obligations. We also compare our work with access control and privacy policy frameworks such as P3P, EPAL, and XACML.

Identity federation systems enable participating organizations to provide services to qualified individuals and manage their identity attributes at an inter-organizational level. Most importantly, they empower individuals with control over the usage of their attributes within the federation via enforcement of various policies. Among such policies, one of the most important yet immature one is the privacy policy. Existing frameworks proposed for privacy-preserving federations lack the capability to support complex data-usage preferences in the form of obligations, i.e. the privacy related actions that must be performed upon certain actions on a specific piece of information. Moreover, they do not account for the history of events resulting from the interactions among federation entities.

To address these deficiencies we propose an extension to an existing assertion based policy language. More specifically, we provide a new set of assertions to define the privacy related properties of a federation system. We extend the com-mon definition of privacy preference policies with obligation preferences. Finally, we illustrate how the proposed framework is realized among service providers to ensure proper enforcement of privacy policies and obligations.

Scope: a variety of things are expressed under the heading of access control: permission assignments, constraints, activations, transition, hierarchies, ect. What things really need to be expressed?Concepts: What modeling concepts are available to express these things? Where are we in understanding the usability of these models?Complexity-flexibility tradeoff: How do we make trade-offs between the flexibility of expression (expressive power) and applying more usable concepts? Can this be measured?Domain specificity: Improving ease of use often involves increasing the level of the specification using domain-specific techniques. What techniques are possible? How can we compare teh effectiveness of these techniques?Composition: How can the modularity of access control policies be leveraged? Is there any modularity?Completeness: How do we integrate access control effectively with support for audit and intrusion detection?

Role-based access control (RBAC) models are receiving increasing attention as a generalized approach to access control. Roles can be active at certain time periods and non active at others; moreover, there can be activation dependencies among roles. To tackle such dynamic aspects, we introduce Temporal-RBAC (TRBAC), an extensions of the RBAC model. TRBAC supports both periodic activations and deactivations of roles, and temporal dependencies among such actions, expressed by means of role triggers, whose actions may be either executed immediately, or be deferred by an explicity specified amount of time. Both triggers and periodic activations/deactivations may have a priority associated with them, in order to resolve conflicting actions. A formal semantics for the specification language is provided, and a polynomial safeness check is introduced to reject ambiguous or inconsistent specifications. Finally, an implementation architecture is outlined.

Business-to-Business (B2B) technologies pre-date the Web. They have existed for at least as long as the Internet. B2B applications were among the first to take advantage of advances in computer networking. The Electronic Data Interchange (EDI) business standard is an illustration of such an early adoption of the advances in computer networking. The ubiquity and the affordability of the Web has made it possible for the masses of businesses to automate their B2B interactions. However, several issues related to scale, content exchange, autonomy, heterogeneity, and other issues still need to be addressed. In this paper, we survey the main techniques, systems, products, and standards for B2B interactions. We propose a set of criteria for assessing the different B2B interaction techniques, standards, and products.

Despite occasional setbacks, digital government projects now appear firmly on the road to fulfilling their promise of making civil and political processes more accessible than ever.

Large repositories of data contain sensitive information which must be protected against unauthorized access. Recent advances, in data mining and machine learning algorithms, have increased the disclosure risks one may encounter when releasing data to outside parties. A key problem, and still not sufficiently investigated, is the need to balance the confidentiality of the disclosed data with the legitimate needs of the data users. Every disclosure limitation method affects, in some way, and modifies true data values and relationships. In this paper, we investigate confidentiality issues of a broad category of rules, which are called association rules. If the disclosure risk of some of these rules are above a certain privacy threshold, those rules must be characterized as sensitive. Sometimes, sensitive rules should not be disclosed to the public since, among other things, they may be used for inferencing sensitive data, or they may provide business competitors with an advantage. Portions of this work were supported by sponsors of the Center for Education and Research in Information Assurance and Security.

Mining of periodic patterns in time-series databases is an interesting data mining problem. It can be envisioned as a tool for forecasting and prediction of the future behavior of time-series data. Incremental mining refers to the issue of maintaining the discovered patterns over time in the presence of more items being added into the database. Because of the mostly append only nature of updating time-series data, incremental mining would be very effective and efficient. Several algorithms for incremental mining of partial periodic patterns in time-series databases are proposed and are analyzed empirically. The new algorithms allow for online adaptation of the thresholds in order to produce interactive mining of partial periodic patterns. The storage overhead of the incremental online mining algorithms is analyzed. Results show that the storage overhead for storing the intermediate data structures pays off as the incremental online mining of partial periodic patterns proves to be significantly more efficient than the nonincremental nononline versions. Moreover, a new problem, termed merge mining, is introduced as a generalization of incremental mining. Merge mining can be defined as merging the discovered patterns of two or more databases that are mined independently of each other. An algorithm for merge mining of partial periodic patterns in time-series databases is proposed and analyzed.

Data cleaning is a vital process that ensures the quality of data stored in real-world databases. Data cleaning problems are frequently encountered in many research areas, such as knowledge discovery in databases, data warehousing, system integration and e-services. The process of identifying the record pairs that represent the same entity (duplicate records), commonly known as record linkage, is one of the essential elements of data cleaning. In this paper, we address the record linkage problem by adopting a machine learning approach. Three models are proposed and are analyzed empirically. Since no existing model, including those proposed in this paper, has been proved to be superior, we have developed an interactive record linkage toolbox named TAILOR (backwards acronym for “RecOrd LInkAge Toolbox”). Users of TAILOR can build their own record linkage models by tuning system parameters and by plugging in in-house-developed and public-domain tools. The proposed toolbox serves as a framework for the record linkage process, and is designed in an extensible way to interface with existing and future record linkage models. We have conducted an extensive experimental study to evaluate our proposed models using not only synthetic but also real data. The results show that the proposed machine-learning record linkage models outperform the existing ones both in accuracy and in performance