2024-03-28T19:49:59Z
http://docs.lib.purdue.edu/do/oai/
oai:docs.lib.purdue.edu:ccpubs-1000
2012-06-29T13:24:25Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
A Visual Analytics Approach to Understanding Spatiotemporal Hotspots
Maciejewski, Ross
Rudolph, Stephen
Hafen, Ryan
Abusalah, Ahmad
Yakout, Mohamed
Ouzzani, Mourad
Cleveland, William S.
Grannis, Shaun
Ebert, David S.
As data sources become larger and more complex, the ability to effectively explore and analyze patterns amongst varying sources becomes a critical bottleneck in analytic reasoning. Incoming data contains multiple variables, high signal to noise ratio, and a degree of uncertainty, all of which hinder exploration, hypothesis eneration/exploration, and decision making. To facilitate the exploration of such data, advanced tool sets are needed that allow the user to interact with their data in a visual environment that provides direct analytic capability for finding data aberrations or hotspots. In this paper, we present a suite of tools designed to facilitate the exploration of spatiotemporal datasets. Our system allows users to search for hotspots in both space and time, combining linked views and interactive filtering to provide users with contextual information about their data and allow the user to develop and explore their hypotheses. Statistical data models and alert detection algorithms are provided to help draw user attention to critical areas. Demographic filtering can then be further applied as hypotheses generated become fine tuned. This paper demonstrates the use of such tools on multiple geo-spatiotemporal datasets.
2010-01-01T08:00:00Z
text
application/pdf
https://docs.lib.purdue.edu/ccpubs/5
https://docs.lib.purdue.edu/context/ccpubs/article/1000/viewcontent/Visual_Analytics_Approach_to_Spatiotemporal_Hotspots.pdf
Cyber Center Publications
Purdue University
geovisualization
kernel density estimation
syndromic
Computer Sciences
Engineering
oai:docs.lib.purdue.edu:ccpubs-1004
2012-07-02T12:30:05Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Proactive Role Discovery in Mediator-Free Environments
Shehab, Mohamed
Bertino, Elisa
Ghafoor, Arif
The rapid proliferation of Internet and related technologies has created tremendous possibilities for the interoperability between domains in distributed environments. Interoperability does not come easy at it opens the way for several security and privacy breaches. In this paper, we focus on the distributed authorization discovery problem that is crucial to enable secure inter- operability. We present a distributed access path discovery framework that does not require a centralized mediator. We propose and verify a role routing protocol that propagates secure, minimal-length paths to reachable roles in other domains. Finally, we present experimental results of our role routing protocol based on a simulation implementation.
2008-09-11T07:00:00Z
text
application/pdf
https://docs.lib.purdue.edu/ccpubs/1
https://docs.lib.purdue.edu/context/ccpubs/article/1004/viewcontent/Proactive_Role_Discovery_in_Mediator_Free_Environments.pdf
Cyber Center Publications
Purdue University
role routing protocol
RRP
role-based access control
RBAC
Mediator-Free Secure Interoperability
Secure Interoperability
Path advertisements
path withdrawal
Computer Sciences
oai:docs.lib.purdue.edu:ccpubs-1005
2012-06-28T14:31:49Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
SOLE: scalable on-line execution of continuous queries on spatio-temporal data streams
Mokbel, Mohamed
Aref, Walid G.
This paper presents the scalable on-line execution (SOLE) algorithm for continuous and on-line evaluation of concurrent continuous spatio-temporal queries over data streams. Incoming spatio-temporal data streams are processed in-memory against a set of outstanding continuous queries. The SOLE algorithm utilizes the scarce memory resource efficiently by keeping track of only the significant objects. In-memory stored objects are expired (i.e., dropped) from memory once they become insignificant. SOLE is a scalable algorithm where all the continuous outstanding queries share the same buffer pool. In addition, SOLE is presented as a spatio-temporal join between two input streams, a stream of spatio-temporal objects and a stream of spatio-temporal queries. To cope with intervals of high arrival rates of objects and/or queries, SOLE utilizes a load-shedding approach where some of the stored objects are dropped from memory. SOLE is implemented as a pipelined query operator that can be combined with traditional query operators in a query execution plan to support a wide variety of continuous queries. Performance experiments based on a real implementation of SOLE inside a prototype of a data stream management system show the scalability and efficiency of SOLE in highly dynamic environments.
2007-04-20T07:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/6
http://dx.doi.org/10.1007/s00778-007-0046-1
Cyber Center Publications
Purdue University
scalable
spatio-temporal
data streams
scarce memory resource
buffer pool
load-shedding
data stream management system
Computer Sciences
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1009
2012-06-28T14:30:39Z
publication:dp
publication:ccpubs
publication:cc
Space-Filling Curves
Mokbel, Mohamed
Aref, Walid G.
A space-filling curve (SFC) is a way of mapping a multi-dimensional space into a one-dimensional space. It acts like a thread that passes through every cell element (or pixel) in the multi-dimensional space so that every cell is visited exactly once. Thus, a space-filling curve imposes a linear order of points in the multi-dimensional space. A D-dimensional space-filling curve in a space of N cells (pixels) of each dimension consists of ND −1 segments where each segment connects two consecutive D-dimensional points. There are numerous kinds of space filling curves (e. g., Hilbert, Peano, and Gray). The difference between such curves is in their way of mapping to the one-dimensional space, i. e., the order that a certain space-filling curve traverses the multi-dimensional space. The quality of a space-filling curve is measured by its ability to preserve the locality (or relative distance) of multi-dimensional points in the mapped one-dimensional space. The main idea is that any two D-dimensional points that are close by in the D-dimensional space should be also close by in the one-dimensional space.
2008-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/10
http://dx.doi.org/10.1007/978-0-387-35973-1_1233
Cyber Center Publications
Purdue University
Distance-preserving mapping; Locality-preserving mapping;
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1008
2012-06-28T14:30:55Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Spatio-temporal Database
Xiong, Xiaopeng
Mokbel, Mohamed
Aref, Walid G.
A spatiotemporal database is a new type of database system that manages spatiotemporal objects and supports corresponding query functionalities. A spatiotemporal object is a kind of object that dynamically updates spatial locations and/or extents along with time. A typical example of a spatiotemporal object is a moving object (e.g., a car, a flight or a pedestrian) whose location continuously changes. Spatiotemporal databases have many important applications such as Geographic Information Systems, Location-aware Systems, Traffic Monitoring Systems, and Environmental Information Systems. Due to their importance, spatiotemporal database systems are very actively researched in the database domain. Interested readers are referred to [1] for a detailed survey of spatiotemporal Databases.
2008-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/11
http://dx.doi.org/10.1007/978-0-387-35973-1_1316
Cyber Center Publications
Purdue University
spatiotemporal objects
spatiotemporal database
corresponding query functionalities
sampling-based updating
velocity-based updating
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1007
2012-06-28T14:31:09Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Continuous Queries in Spatio-temporal Databases
Xiong, Xiaopeng
Mokbel, Mohamed
Aref, Walid G.
A continuous query is a new query type that is issued once and is evaluated continuously in a database server until the query is explicitly terminated. The most important characteristic of continuous queries is that their query result does not only depend on the present data in the databases but also on continuously arriving data. During the execution of a continuous query, the query result is updated continuously when new data arrives. Continuous queries are essential to applications that are interested in transient and frequently updated objects and require monitoring query results continuously. Potential applications of continuous queries include but are not limited to real-time location-aware services, network flow monitoring, online data analysis and sensor networks.
2008-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/12
http://dx.doi.org/10.1007/978-0-387-35973-1_207
Cyber Center Publications
Purdue University
Continuous location-based queries; Long-running spatiotemporal queries; Moving queries; Continuous Query Processing
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1006
2014-04-10T15:11:13Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Query processing of multi-way stream window joins
Hammad, Moustafa
Aref, Walid G.
Elmagarmid, Ahmed
This paper introduces a class of join algorithms, termed W-join, for joining multiple infinite data streams. W-join addresses the infinite nature of the data streams by joining stream data items that lie within a sliding window and that match a certain join condition. In addition to its general applicability in stream query processing, W-join can be used to track the motion of a moving object or detect the propagation of clouds of hazardous material or pollution spills over time in a sensor network environment. We describe two new algorithms for W-join and address variations and local/global optimizations related to specifying the nature of the window constraints to fulfill the posed queries. The performance of the proposed algorithms is studied experimentally in a prototype stream database system, using synthetic data streams and real time-series data. Tradeoffs of the proposed algorithms and their advantages and disadvantages are highlighted, given variations in the aggregate arrival rates of the input data streams and the desired response times per query.
2007-09-29T07:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/13
http://dx.doi.org/10.1007/s00778-006-0017-y
Cyber Center Publications
Purdue University
Stream query processing - Multi-way window join
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1010
2012-06-28T14:30:26Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Data management challenges for computational transportation
Aref, Walid G.
Ouzzani, Mourad
Computational Transportation is an emerging discipline that poses many data management challenges. Computational transportation is characterized by the existence of a massive number of moving objects, moving sensors, and moving queries. This paper highlights important data management challenges for computational transportation and promising approaches towards addressing them.
2008-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/9
http://dx.doi.org/10.4108/ICST.MOBIQUITOUS2008.4014
Cyber Center Publications
Purdue University
Information systems
database management
query processing
distributed databases
database applications
spatial databases and GIS
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1012
2012-06-29T13:33:02Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
The SBC-tree: an index for run-length compressed sequences
Eltabakh, Mohamed
Hon, Wing-Kai
Shah, Rahul
Aref, Walid G.
Vitter, Jeffrey S.
Run-Length-Encoding (RLE) is a data compression technique that is used in various applications, e.g., time series, biological sequences, and multimedia databases. One of the main challenges is how to operate on (e.g., index, search, and retrieve) compressed data without decompressing it. In this paper, we introduce the String B-tree for Compressed sequences, termed the SBC-tree, for indexing and searching RLE-compressed sequences of arbitrary length. The SBCtree is a two-level index structure based on the well-known String B-tree and a 3-sided range query structure [7]. The SBC-tree supports pattern matching queries such as substring matching, prefix matching, and range search operations over RLE-compressed sequences. The SBC-tree has an optimal external-memory space complexity of O(N=B) pages, where N is the total length of the compressed sequences, and B is the disk page size. Substring matching, prefix matching, and range search execute in an optimal O(logB N + jpj+T B ) I/O operations, where jpj is the length of the compressed query pattern and T is the query output size. The SBC-tree is also dynamic and supports insert and delete operations efficiently. The insertion and deletion of all suffixes of a compressed sequence of length m take O(mlogB(N + m)) amortized I/O operations. The SBC-tree index is realized inside PostgreSQL. Performance results illustrate that using the SBC-tree to index RLEcompressed sequences achieves up to an order of magnitude reduction in storage, while retains the optimal search performance achieved by the String B-tree over the uncompressed sequences.
2008-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/7
http://dx.doi.org/10.1145/1353343.1353407
Cyber Center Publications
Purdue University
data structures
trees
goding and information theory
data compaction and compression
information storage and retrieval
indexing methods
content analysis
information search and retrieval
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1013
2012-06-28T14:29:39Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
The RUM-tree: supporting frequent updates in R-trees using memos
Silva, Yasin
Xiong, Xiaopeng
Aref, Walid G.
The problem of frequently updating multi-dimensional indexes arises in many location-dependent applications. While the R-tree and its variants are the dominant choices for indexing multi-dimensional objects, the R-tree exhibits inferior performance in the presence of frequent updates. In this paper, we present an R-tree variant, termed the RUM-tree (which stands for R-tree with update memo) that reduces the cost of object updates. The RUM-tree processes updates in a memo-based approach that avoids disk accesses for purging old entries during an update process. Therefore, the cost of an update operation in the RUM-tree is reduced to the cost of only an insert operation. The removal of old object entries is carried out by a garbage cleaner inside the RUM-tree. In this paper, we present the details of the RUM-tree and study its properties. We also address the issues of crash recovery and concurrency control for the RUM-tree. Theoretical analysis and comprehensive experimental evaluation demonstrate that the RUM-tree outperforms other R-tree variants by up to one order of magnitude in scenarios with frequent updates.
2009-11-03T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/34
http://dx.doi.org/10.1007/s00778-008-0120-3
Cyber Center Publications
Purdue University
Indexing techniques
Frequent updates
Spatio-temporal databases
Performance
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1015
2012-06-28T14:29:05Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Casper: Query processing for location services without compromising privacy
Chow, Chin-Yin
Mokbel, Mohamed
Aref, Walid G.
In this article, we present a new privacy-aware query processing framework, Capser, in which mobile and stationary users can obtain snapshot and/or continuous location-based services without revealing their private location information. In particular, we propose a privacy-aware query processor embedded inside a location-based database server to deal with snapshot and continuous queries based on the knowledge of the user's cloaked location rather than the exact location. Our proposed privacy-aware query processor is completely independent of how we compute the user's cloaked location. In other words, any existing location anonymization algorithms that blur the user's private location into cloaked rectilinear areas can be employed to protect the user's location privacy. We first propose a privacy-aware query processor that not only supports three new privacy-aware query types, but also achieves a trade-off between query processing cost and answer optimality. Then, to improve system scalability of processing continuous privacy-aware queries, we propose a shared execution paradigm that shares query processing among a large number of continuous queries. The proposed scalable paradigm can be tuned through two parameters to trade off between system scalability and answer optimality. Experimental results show that our query processor achieves high quality snapshot and continuous location-based services while supporting queries and/or data with cloaked locations.
2009-12-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/32
http://dx.doi.org/10.1145/1620585.1620591
Cyber Center Publications
Purdue University
Informatiion systems
database management
query processing
database applications
spatial databases and GIS
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1017
2012-06-28T14:28:33Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Window-based Query Processing
Aref, Walid G.
Data Streams are infinite in nature. As a result, a query that executes over data streams specifies a ‘‘window’’ of focus or the part of the data stream that is of interest to the query. When new data items arrive into the data stream, the window may either expand or slide to allow the query to process these new data items. Hence, queries over data streams are continuous in nature, i.e., the query is continuously re-evaluated each time the query window slides.Window-based query processing on data streams refers to the various ways and techniques for processing and evaluating continuous queries over windows of data stream items.
2009-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/30
http://dx.doi.org/10.1007/978-0-387-39940-9_468
Cyber Center Publications
Purdue University
Stream query processing
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1016
2012-06-28T14:28:47Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Electronic Ink Indexing
Aref, Walid G.
eAccessibility refers to the access of Information and Communication Technologies (ICT) by people with disabilities, with particular emphasis on the World WideWeb. It is the extent to which the use of an application or service is affected by the user’s particular functional limitations or abilities (permanent or temporary). eAccessibility can be considered as a fundamental prerequisite of usability.
2009-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/31
http://dx.doi.org/10.1007/978-0-387-39940-9_143
Cyber Center Publications
Purdue University
accessibility
ICT
information and communication technologies
disabilities
functional limitations
abiities
usability
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1014
2014-04-10T15:02:15Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Online Piece-wise Linear Approximation of Numerical Streams with Precision Guarantees
Elmeleegy, Hazem
Elmagarmid, Ahmed
Cecchet, Emmanuel
Aref, Walid G.
Zwaenepoel, Willy
Continuous “always-on” monitoring is beneficial for a number of applications, but potentially imposes a high load in terms of communication, storage and power consumption when a large number of variables need to be monitored. We introduce two new filtering techniques, swing filters and slide filters, that represent within a prescribed precision a time-varying numerical signal by a piecewise linear function, consisting of connected line segments for swing filters and (mostly) disconnected line segments for slide filters. We demonstrate the effectiveness of swing and slide filters in terms of their compression power by applying them to a reallife data set plus a variety of synthetic data sets. For nearly all combinations of signal behavior and precision requirements, the proposed techniques outperform the earlier approaches for online filtering in terms of data reduction. The slide filter, in particular, consistently dominates all other filters, with up to twofold improvement over the best of the previous techniques.
2009-08-24T07:00:00Z
text
application/pdf
https://docs.lib.purdue.edu/ccpubs/33
https://docs.lib.purdue.edu/context/ccpubs/article/1014/viewcontent/Online_Piece_wise_Linear_Approximation_of_Numerical_Streams_with_Preision_Guarantees.pdf
Cyber Center Publications
Purdue University
filtering techniques
swing filters
time-varying numerical signal
piecewise linear function
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1018
2012-06-28T14:28:17Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Space-Filling Curves for Query Processing
Mokbel, Mohamed
Aref, Walid G.
Given a query Q, a one-dimensional index structure I(e.g., B-tree), and a set of D dimensional points, a space-filling curve S is used to map the D dimensional points into a set of one-dimensional points that can be indexed through I for an efficient execution of query Q. The main idea is that space-filling curves are used as a way of mapping the multi-dimensional space into the one-dimensional space such that existing onedimensional query processing and indexing techniques can be applied.
2009-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/29
http://dx.doi.org/10.1007/978-0-387-39940-9_350
Cyber Center Publications
Purdue University
Distance-preserving
mapping
Locality-preserving mapping
Multi-dimensional mapping
Linearization
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1020
2012-06-28T14:26:30Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Indexing Historical Spatio-Temporal Data
Mokbel, Mohamed
Aref, Walid G.
Consider an object O that reports to a database server two consecutive locations P0 = (x0,y0) and P1 = (x1,y1) at times t0 and t1, respectively. The database server has no idea about the exact locations of object O between t0 and t1. To be able to answer queries regarding the user location at any time, the database server interpolates the two accurate locations through a trajectory that connects P0 and P1 through a straight line. While object O keeps sending location samples, the database server keeps accumulating set of consecutive trajectory lines that represent the historical movement of object O. Indexing historical spatio-temporal data includes dealing with such large numbers of trajectories. The main idea is to organize past trajectories in a way that supports historical spatial, temporal, and spatio-temporal queries.
2009-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/27
http://dx.doi.org/10.1007/978-0-387-39940-9_198
Cyber Center Publications
Purdue University
Indexing the past
Historical spatio-temporal access methods
Trajectory indexing
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1022
2012-06-28T14:25:49Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Hippocratic PostgreSQL
Padma, J
Silva, Yasin
Arshad, Mohamed
Aref, Walid G.
Privacy preservation has become an important requirement in information systems that deal with personal data. In many cases this requirement is imposed by laws that recognize the right of data owners to control whom their information is shared with and the purposes for which it can be shared. Hippocratic databases have been proposed as an answer to this privacy requirement; they extend the architecture of standard DBMSs with components that ensure personal data is handled in compliance with its associated privacy definitions. Previous work in Hippocratic databases has proposed the design of some of these components. Unfortunately, there has not been much work done to implement these components as an integral part of a DBMS and study the problems faced to realize the Hippocratic databases. The main goal of the 'Hippocratic PostgreSQL' project is to perform this implementation and study. The project includes the implementation of components to support limited disclosure, limited retention time, and management of multiple policies and policy versions. This demo presents the use of these components both from a terminal-based SQL command interface and through a Web-based healthcare application that makes use of the implemented database-level privacy features. Hippocratic PostgreSQL has the novel feature of augmenting both k-anonymity and generalization hierarchies into the Hippocratic DBMS engine functionality. Several interesting problems emerge as a result and their solutions are presented in the context of this demo.
2009-04-10T07:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/25
http://dx.doi.org/10.1109/ICDE.2009.126
Cyber Center Publications
Purdue University
Internet
SQL
data privacy
health care
Web-based healthcare application
hippocratic DBMS engine
hippocratic PostgreSQL
hippocratic databases
information systems
privacy preservation Hippocratic database
Privacy-aware database management system
k-anonymity
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1021
2012-06-28T14:26:14Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Similarity Group-By
Silva, Yasin
Aref, Walid G.
Ali, Mohamed
Group-by is a core database operation that is used extensively in OLTP, OLAP, and decision support systems. In many application scenarios, it is required to group similar but not necessarily equal values. In this paper we propose a new SQL construct that supports similarity-based group-by (SGB). SGB is not a new clustering algorithm, but rather is a practical and fast similarity grouping query operator that is compatible with other SQL operators and can be combined with them to answer similarity-based queries efficiently. In contrast to expensive clustering algorithms, the proposed similarity group-by operator maintains low execution times while still generating meaningful groupings that address many application needs. The paper presents a general definition of the similarity group-by operation and gives three instances of this definition. The paper also discusses how optimization techniques for the regular group-by can be extended to the case of SGB. The proposed operators are implemented inside PostgreSQL. The performance study shows that the proposed similarity-based group-by operators have good scalability properties with at most only 25% increase in execution time over the regular group-by.
2009-04-10T07:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/26
http://dx.doi.org/10.1109/ICDE.2009.113
Cyber Center Publications
Purdue University
SQL
optimisation
query processing
SQL operators
core database operation
decision support systems
similarity group-by Clustering
Database Systems
OLAP
Similarity Query Processing
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1025
2014-04-10T15:04:22Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Supporting annotations on relations
Eltabakh, Mohamed
Aref, Walid G.
Elmagarmid, Ahmed
Ouzzani, Mourad
Silva, Yasin
Annotations play a key role in understanding and curating databases. Annotations may represent comments, descriptions, lineage information, among several others. Annotation management is a vital mechanism for sharing knowledge and building an interactive and collaborative environment among database users and scientists. What makes it challenging is that annotations can be attached to database entities at various granularities, e.g., at the table, tuple, column, cell levels, or more generally, to any subset of cells that results from a select statement. Therefore, simple comment fields in tuples would not work because of the combinatorial nature of the annotations. In this paper, we present extensions to current database management systems to support annotations. We propose storage schemes to efficiently store annotations at multiple granularities, i.e., at the table, tuple, column, and cell levels. Compared to storing the annotations with the individual cells, the proposed schemes achieve more than an order-of-magnitude reduction in storage and up to 70% saving in the query execution time. We define types of annotations that inherit different behaviors. Through these types, users can specify, for example, whether or not an annotation is continuously applied over newly inserted data and whether or not an annotation is archived when the base data is modified. These annotation types raise several storage and processing challenges that are addressed in the paper. We propose declarative ways to add, archive, query, and propagate annotations. The proposed mechanisms are realized through extensions to the standard SQL. We implemented the proposed functionalities inside PostgreSQL with an easy to use Excel-based front-end graphical interface.
2009-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/22
http://dx.doi.org/10.1145/1516360.1516405
Cyber Center Publications
Purdue University
curating
annotations
tuples
query execution
add archive propagate annotations
postgre SQL
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1026
2012-06-28T14:24:51Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Exploiting similarity-aware grouping in decision support systems
Silva, Yasin
Arshad, Muhammed
Aref, Walid G.
Decision Support Systems (DSS) are information systems that support decision making processes. In many scenarios these systems are built on top of data managed by DBMSs and make extensive use of its underlying grouping and aggregation capabilities, i.e., Group-by operation. Unfortunately, the standard grouping operator has the inherent limitation of being based only on equality, i.e., all the tuples in a group share the same values of the grouping attributes. Similarity-based Group-by (SGB) has been recently proposed as an extension aimed to overcome this limitation. SGB allows fast formation of groups with similar objects under different grouping strategies and the pipelining of results for further processing. This demonstration presents how SGB can be effectively used to build useful DSSs. The presented DSS has been built around the data model and queries of the TPC-H benchmark intending to be representative of complex business analysis applications. The system provides intuitive dashboards that exploit similarity aggregation queries to analyze: (1) customer clustering, (2) profit and revenue, (3) marketing campaigns, and (4) discounts. The presented DSS runs on top of PostgreSQL whose query engine is extended with similarity grouping operators.
2009-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/21
http://dx.doi.org/10.1145/1516360.1516499
Cyber Center Publications
Purdue University
DSS
group share
DBMS
SGB
DSS
TPC-H
complex business analysis
PostgreSQL
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1024
2012-06-28T14:25:18Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Multi-dimensional phenomenon-aware stream query processing
Bindra, Ashish
Teredesai, Ankur
Ali, Mohamed
Aref, Walid G.
Geographically co-located sensors tend to participate in the same environmental phenomena. Phenomenon-aware stream query processing improves scalability by subscribing each query only to a subset of sensors that participate in the phenomena of interest to that query. In the case of sensors that generate readings with a multi-attribute schema, phenomena may develop across the values of one or more attributes. However tracking and detecting phenomena across all attributes does not scale well as the dimensions increase. As the size of sensor network increases, and as the number of attributes being tracked by a sensor increases this becomes a major bottleneck. In this paper, we present a novel n-dimensional Phenomenon Detection and Tracking mechanism (termed as nd-PDT) over n-ary sensor readings. We reduce the number of dimensions to be tracked by first dropping dimensions without any meaningful phenomena, and then we further reduce the dimensionality by continuously detecting and updating various forms of functional dependencies amongst the phenomenon dimensions.
2009-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/23
http://dx.doi.org/10.1145/1653771.1653848
Cyber Center Publications
Purdue University
Information systems
database management
systems
database applications
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1023
2012-06-28T14:25:34Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Chameleon: Context-Awareness inside DBMSs
Elmongui, Hicham
Aref, Walid G.
Mokbel, Mohamed
Context is any information used to characterize the situation of an entity. Examples of contexts include time, location, identity, and activity of a user. This paper proposes a general context-aware DBMS, named Chameleon, that will eliminate the need for having specialized database engines, e.g., spatial DBMS, temporal DBMS, and Hippocratic DBMS, since space, time, and identity can be treated as contexts in the general context-aware DBMS. In Chameleon, we can combine multiple contexts into more complex ones using the proposed context composition, e.g., a Hippocratic DBMS that also provides spatio-temporal and location contextual services. As a proof of concept, we construct two case studies using the same context-aware DBMS platform within Chameleon. One treats identity as a context to realize a privacy-aware (Hippocratic) database server, while the other treats space as a context to realize a spatial database server using the same proposed constructs and interfaces of Chameleon.
2009-04-10T07:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/24
http://dx.doi.org/10.1109/ICDE.2009.234
Cyber Center Publications
Purdue University
data privacy
temporal databases
ubiquitous computing
visual databases
Chameleon
context-aware DBMS
privacy-aware Hippocratic database server
spatial DBMS
specialized database engines
temporal DBMS
Chameleon
Hippocratic
context
context awareness
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1028
2012-06-28T14:24:13Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Spatio-Temporal Access Methods: Part 2 (2003 - 2010)
Nguyen-Dinh, Long-Van
Aref, Walid G.
Mokbel, Mohamed
In spatio-temporal applications, moving objects detect their locations via location-aware devices and update their locations continuously to the server. With the ubiquity and massive numbers of moving objects, many spatio-temporal access methods are developed to process user queries efficiently. Spatio- temporal access methods are classified into four categories: (1) Indexing the past data, (2) Indexing the current data, (3) Indexing the future data, and (4) Indexing data at all points of time. This short survey is Part 2 of our previous work [28]. In Part 2, we give an overview and classification of spatio-temporal access methods that are published between the years 2003 and 2010.
2010-01-01T08:00:00Z
text
application/pdf
https://docs.lib.purdue.edu/ccpubs/19
https://docs.lib.purdue.edu/context/ccpubs/article/1028/viewcontent/Spatio_Temporal_Access_Methods_Part_2_2003___2010.pdf
Cyber Center Publications
Purdue University
spatiotemporal access methods
three dimensional structures
MTSB-tree
TSB-tree
FNR-tree
MON-tree
multi-version structures
trajectory-oriented access methods
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1027
2012-06-28T14:24:36Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Workshop Organizers’ Message
Sadiq, Shazia
Deng, Ke
Zhou, Xiaofang
Yang, Xiaochun
Aref, Walid G.
Delis, Alex
Liu, Qing
Xu, Kai
Poor data quality is known to compromise the credibility and efficiency of commercial as well as public endeavours. Several developments from industry and academia have contributed significantly towards addressing the problem. These typically include analysts and practitioners who have contributed to the design of strategies and methodologies for data governance; solution architects including software vendors who have contributed towards appropriate system architectures that promote data integration and; and data experts who have contributed to data quality problems such as duplicate detection, identification of outliers, consistency checking and many more through the use of computational techniques. The attainment of true data quality lies at the convergence of the three aspects, namely organizational, architectural and computational. Fulltext Preview
2009-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/20
http://dx.doi.org/10.1007/978-3-642-04205-8_9
Cyber Center Publications
Purdue University
poor data quality
credibility
efficiency
system architectures
duplicate detection
identifiction outliers
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1030
2012-06-28T14:22:42Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
SimDB: a similarity-aware database system
Silva, Yasin
Aly, Ahmed
Aref, Walid G.
Larson, Per-Ake
The identification and processing of similarities in the data play a key role in multiple application scenarios. Several types of similarity-aware operations have been studied in the literature. However, in most of the previous work, similarity-aware operations are studied in isolation from other regular or similarity-aware operations. Furthermore, most of the previous research in the area considers a standalone implementation, i.e., without any integration with a database system. In this demonstration we present SimDB, a similarity-aware database management system. SimDB supports multiple similarity-aware operations as first-class database operators. We describe the architectural changes to implement the similarity-aware operators. In particular, we present the way conventional operators' implementation machinery is extended to support similarity-aware operators. We also show how these operators interact with other similarity-aware and regular operators. In particular, we show the effectiveness of multiple equivalence rules that can be used to extend cost-based query optimization to the case of similarity-ware operations.
2010-06-01T07:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/17
http://dx.doi.org/10.1145/1807167.1807330
Cyber Center Publications
Purdue University
Information systems
database management
systems
query processing
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1029
2014-04-10T14:56:29Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Supporting views in data stream management systems
Ghanem, Thanaa
Elmagarmid, Ahmed
Larson, Per-Ake
Aref, Walid G.
In relational database management systems, views supplement basic query constructs to cope with the demand for “higher-level” views of data. Moreover, in traditional query optimization, answering a query using a set of existing materialized views can yield a more efficient query execution plan. Due to their effectiveness, views are attractive to data stream management systems. In order to support views over streams, a data stream management system should employ a closed (or composable) continuous query language. A closed query language is a language in which query inputs and outputs are interpreted in the same way, hence allowing query composition. This article introduces the Synchronized SQL (or SyncSQL) query language that defines a data stream as a sequence of modify operations against a relation. SyncSQL enables query composition through the unified interpretation of query inputs and outputs. An important issue in continuous queries over data streams is the frequency by which the answer gets refreshed and the conditions that trigger the refresh. Coarser periodic refresh requirements are typically expressed as sliding windows. In this article, the sliding window approach is generalized by introducing the synchronization principle that empowers SyncSQL with a formal mechanism to express queries with arbitrary refresh conditions. After introducing the semantics and syntax, we lay the algebraic foundation for SyncSQL and propose a query-matching algorithm for deciding containment of SyncSQL expressions. Then, the article introduces the Nile-SyncSQL prototype to support SyncSQL queries. Nile-SyncSQL employs a pipelined incremental evaluation paradigm in which the query pipeline consists of a set of differential operators. A cost model is developed to estimate the cost of SyncSQL query execution pipelines and to choose the best execution plan from a set of different plans for the same query. An experimental study is conducted to evaluate the performance of Nile-SyncSQL. The experimental results illustrate the effectiveness of Nile-SyncSQL and the significant performance gains when views are enabled in data stream management systems.
2010-02-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/18
http://dx.doi.org/10.1145/1670243.1670244
Cyber Center Publications
Purdue University
Information systems
database management
languages
query languages
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1033
2014-04-10T14:55:18Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Supporting real-world activities in database management systems
Eltabakh, Mohamed
Aref, Walid G.
Elmagarmid, Ahmed
Silva, Yasin
Ouzzani, Mourad
The cycle of processing the data in many application domains is complex and may involve real-world activities that are external to the database, e.g., wet-lab experiments, instrument readings, and manual measurements. These real-world activities may take long time to prepare for and to perform, and hence introduce inherently long time delays between the updates in the database. The presence of these long delays between the updates, along with the need for the intermediate results to be instantly available, makes supporting real-world activities in the database engine a challenging task. In this paper, we address these challenges through a system that enables users to reflect their updates immediately into the database while keeping track of the dependent and potentially invalid data items until they are re-validated. The proposed system includes: (1) semantics and syntax for interfaces through which users can express the dependencies among data items, (2) new operators to alert users when the returned query results contain potentially invalid or out-of-date data, and to enable evaluating queries on either valid data only, or both valid and potentially invalid data, and (3) mechanisms for data invalidation and revalidation. The proposed system is being realized via extensions to PostgreSQL.
2010-03-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/14
http://dx.doi.org/10.1109/ICDE.2010.5447842
Cyber Center Publications
Purdue University
database management systems
query processing
PostgreSQL
data invalidation
data revalidation
database engine
database management systems
instrument readings
supporting real world activities
wet lab experiments
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1032
2012-06-28T14:19:11Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
The similarity join database operator
Silva, Yasin
Aref, Walid G.
Ali, Mohamed
Similarity joins have been studied as key operations in multiple application domains, e.g., record linkage, data cleaning, multimedia and video applications, and phenomena detection on sensor networks. Multiple similarity join algorithms and implementation techniques have been proposed. They range from out-of-database approaches for only in-memory and external memory data to techniques that make use of standard database operators to answer similarity joins. Unfortunately, there has not been much study on the role and implementation of similarity joins as database physical operators. In this paper, we focus on the study of similarity joins as first-class database operators. We present the definition of several similarity join operators and study the way they interact among themselves, with other standard database operators, and with other previously proposed similarity-aware operators. In particular, we present multiple transformation rules that enable similarity query optimization through the generation of equivalent similarity query execution plans. We then describe an efficient implementation of two similarity join operators, Ɛ-Join and Join-Around, as core DBMS operators. The performance evaluation of the implemented operators in PostgreSQL shows that they have good execution time and scalability properties. The execution time of Join-Around is less than 5% of the one of the equivalent query that uses only regular operators while Ɛ-Join's execution time is 20 to 90% of the one of its equivalent regular operators based query for the useful case of small Ɛ (0.01% to 10% of the domain range). We also show experimentally that the proposed transformation rules can generate plans with execution times that are only 10% to 70% of the ones of the initial query plans.
2010-03-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/15
http://dx.doi.org/10.1109/ICDE.2010.5447873
Cyber Center Publications
Purdue University
SQL
data mining
database management systems
DBMS operators
data cleaning
external memory data
multimedia applications
multiple application domains
query optimization
record linkage
sensor networks phenomena detection
similarity join database operator
video applications
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1034
2012-07-02T12:29:53Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Detecting anomalous access patterns in relational databases
Kamra, Ashish
Terzi, Evimaria
Bertino, Elisa
A considerable effort has been recently devoted to the development of Database Management Systems (DBMS) which guarantee high assurance and security. An important component of any strong security solution is represented by Intrusion Detection (ID) techniques, able to detect anomalous behavior of applications and users. To date, however, there have been few ID mechanisms proposed which are specifically tailored to function within the DBMS. In this paper, we propose such a mechanism. Our approach is based on mining SQL queries stored in database audit log files. The result of the mining process is used to form profiles that can model normal database access behavior and identify intruders. We consider two different scenarios while addressing the problem. In the first case, we assume that the database has a Role Based Access Control (RBAC) model in place. Under a RBAC system permissions are associated with roles, grouping several users, rather than with single users. Our ID system is able to determine role intruders, that is, individuals while holding a specific role, behave differently than expected. An important advantage of providing an ID technique specifically tailored to RBAC databases is that it can help in protecting against insider threats. Furthermore, the existence of roles makes our approach usable even for databases with large user population. In the second scenario, we assume that there are no roles associated with users of the database. In this case, we look directly at the behavior of the users. We employ clustering algorithms to form concise profiles representing normal user behavior. For detection, we either use these clustered profiles as the roles or employ outlier detection techniques to identify behavior that deviates from the profiles. Our preliminary experimental evaluation on both real and synthetic database traces shows that our methods work well in practical situations.
2008-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/185
http://dx.doi.org/10.1007/s00778-007-0051-4
Cyber Center Publications
Purdue University
Anomaly detection
Intrusion detection
User profiles
DBMS
RBAC
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1038
2012-07-02T12:29:02Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Measuring the structural similarity among XML documents and DTDs
Bertino, Elisa
Guerrini, Giovanna
Bertolotto, Michela
In applications involving spatio-temporal modelling, granularities of data may have to adapt according to the evolving semantics and significance of data. In this paper we define ST 2_ODMGe, a multigranular spatio-temporal model supporting evolutions, which encompass the dynamic adaptation of attribute granularities, and the deletion of attribute values. Evolutions are specified as Event - Condition - Action rules and are executed at run-time. The event, the condition, and the action may refer to a period of time and a geographical area. The evolution may also be constrained by the attribute values. The ability of dynamically evolving the object attributes results in a more flexible management of multigranular spatio-temporal data but it requires revisiting the notion of object consistency with respect to class definitions and access to multigranular object values. Both issues are formally investigated in the paper.
2009-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/181
http://dx.doi.org/10.1007/978-3-642-02982-0_21
Cyber Center Publications
Purdue University
spatiotemeral
multigranular
dynamic adaptation
temporal data
object values
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1035
2012-07-02T12:29:41Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Structural Signatures for Tree Data Structures
Kundu, Ashish
Bertino, Elisa
Data sharing with multiple parties over a third-party distribution framework requires that both data integrity and confidentiality be assured. One of the most widely used data organization structures is the tree structure. When such structures encode sensitive information (such as in XML documents), it is crucial that integrity and confidentiality be assured not only for the content, but also for the structure. Digital signature schemes are commonly used to authenticate the integrity of the data. The most widely used such technique for tree structures is the Merkle hash technique, which however is known to be “not hiding”, thus leading to unauthorized leakage of information. Most techniques in the literature are based on the Merkle hash technique and thus suffer from the problem of unauthorized information leakages. Assurance of integrity and confidentiality (no leakages) of tree-structured data is an important problem in the context of secure data publishing and content distribution systems. In this paper, we propose a signature scheme for tree structures, which assures both confidentiality and integrity and is also efficient, especially in third-party distribution environments. Our integrity assurance technique, which we refer to as the “Structural signature scheme”, is based on the structure of the tree as defined by tree traversals (pre-order, post-order, in-order) and is defined using a randomized notion of such traversal numbers. In addition to formally defining the technique, we prove that it protects against violations of content and structural integrity and information leakages. We also show through complexity and performance analysis that the structural signature scheme is efficient; with respect to the Merkle hash technique, it incurs comparable cost for signing the trees and incurs lower cost for user-side integrity verification.
2008-08-01T07:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/184
http://dx.doi.org/10.1145/1453856.1453876
Cyber Center Publications
Purdue University
Information systems
database management
database administration
security
integrity
protection
data structures
trees
information storage and retrieval
systems and software
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1036
2012-07-02T12:29:28Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Cryptanalysis of Some RFID Authentication Protocols
Cao, Tianjie
Shen, Peng
Bertino, Elisa
Two effective attacks, namely de-synchronization attack and impersonation attack, against Ha et al.’s LCSS RFID authentication protocol, Song and Mitchell’s protocol are identified. The former attack can break the synchronization between the RFID reader and the tag in a single protocol run so that they can not authenticate each other in any following protocol run. The latter can impersonate a legal tag to spoof the RFID reader by extracting the ID of a specific tag during the authentication process. An impersonation attack against Chen et al.’s RFID authentication scheme is also identified. By sending malicious queries to the tag and collecting the response messages emitted by the tag, the attack allows an adversary to extract the secret information from the tag and further to impersonate the legal tag.
2008-12-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/183
http://dx.doi.org/10.4304/jcm.3.7.20-27
Cyber Center Publications
Purdue University
RFID
de-synchronization attack
Impersonation
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1039
2012-07-02T12:28:49Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
An Access-Control Framework for WS-BPEL
Paci, Federica
Bertino, Elisa
Crampton, Jason
Business processes, the next-generation workflows, have attracted considerable research interest in the last 15 years. More recently, several XML-based languages have been proposed for specifying and orchestrating business processes, resulting in the WS-BPEL language. Even if WS-BPEL has been developed to specify automated business processes that orchestrate activities of multiple Web services, there are many applications and situations requiring that people be considered as additional participants who can influence the execution of a process. Significant omissions from WS-BPEL are the specification of activities that require interactions with humans to be completed, called human activities, and the specification of authorization information associating users with human activities in a WS-BPEL business process and authorization constraints, such as separation of duty, on the execution of human activities. In this article, we address these deficiencies by introducing a new type of WS-BPEL activity to model human activities and by developing RBAC-WS-BPEL, a role-based access-control model for WS-BPEL, and BPCL, a language to specify authorization constraints.
2008-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/180
http://dx.doi.org/10.4018/jwsr.2008070102
Cyber Center Publications
Purdue University
XML languages
WS-BPEL Language
automated business processes
RBAC-WS-BPEL
BPCL
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1037
2012-07-02T12:29:15Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Spatial Domains for the Administration of Location-based Access Control Policies
Damiani, Maria Luisa
Bertino, Elisa
Silvestri, Claudio
In the last few years there has been an increasing interest for a novel category of access control models known as location-based or spatially-aware role-based access control (RBAC) models. Those models advance classical RBAC models in that they regulate the access to sensitive resources based on the position of mobile users. An issue that has not yet been investigated is how to administer spatially-aware access control policies. In this paper we introduce GEO-RBAC Admin, the administration model for the location-based GEO-RBAC model. We discuss the concepts underlying such administrative model and present a language for the specification of GEO-RBAC policies.
2008-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/182
http://dx.doi.org/10.1007/s10922-008-9106-0
Cyber Center Publications
Purdue University
Access control
RBAC
Spatial data
Location-based services
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1044
2012-07-02T12:27:51Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Watermarking Relational Databases Using Optimization-Based Techniques
Shehab, Mohamed
Bertino, Elisa
Ghafoor, Arif
Proving ownership rights on outsourced relational databases is a crucial issue in today internet-based application environment and in many content distribution applications. In this paper, we present a mechanism for proof of ownership based on the secure embedding of a robust imperceptible watermark in relational data. We formulate the watermarking of relational databases as a constrained optimization problem, and discuss efficient techniques to solve the optimization problem and to handle the constraints. Our watermarking technique is resilient to watermark synchronization errors because it uses a partitioning approach that does not require marker tuples. Our approach overcomes a major weakness in previously proposed watermarking techniques. Watermark decoding is based on a threshold-based technique characterized by an optimal threshold that minimizes the probability of decoding errors. We implemented a proof of concept implementation of our watermarking technique and showed by experimental results that our technique is resilient to tuple deletion, alteration and insertion attacks.
2008-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/175
http://dx.doi.org/10.1109/TKDE.2007.190668
Cyber Center Publications
Purdue University
Security and Privacy Protection
Optimization
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1183
2012-06-29T13:45:38Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
An Efficient Time-Bound Hierarchical Key Management Scheme for Secure Broadcasting
Bertino, Elisa
Shang, Ning
Wagstaff, Samuel S., Jr
In electronic subscription and pay TV systems, data can be organized and encrypted using symmetric key algorithms according to predefined time periods and user privileges, then broadcast to users. This requires an efficient way to manage the encryption keys. In this scenario, time-bound key management schemes for a hierarchy were proposed by Tzeng and Chien in 2002 and 2005, respectively. Both schemes are insecure against collusion attacks. In this paper, we propose a new key assignment scheme for access control which is both efficient and secure. Elliptic curve cryptography is deployed in this scheme. We also provide analysis of the scheme with respect to security and efficiency issues.
2008-04-01T07:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/174
http://dx.doi.org/10.1109/TDSC.2007.70241
Cyber Center Publications
Purdue University
Access controls
Cryptographic controls
Database Administration
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1048
2012-07-02T12:27:19Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
A Characterization of the problem of secure provenance management
Xu, Shouhuai
Ni, Qun
Bertino, Elisa
Sandhu, Ravi
Data (or information) provenance has many important applications. However, prior work on data provenance management almost exclusively focused on the collection, representation, query, and storage of provenance data. In contrast, the security aspect of provenance management has not been understood nor adequately addressed. A natural question then is: What would a secure provenance management system - perhaps as an analogy to secure database management systems - look like? In this paper, we explore the problem space of secure provenance management systems with an emphasis on the security requirements for such systems, and characterize desired solutions for tackling the problem. We believe that this paper makes a significant step towards a comprehensive solution to the problem of secure provenance management.
2009-06-01T07:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/38
http://dx.doi.org/10.1109/ISI.2009.5137332
Cyber Center Publications
Purdue University
data provenance
security
database management
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1045
2012-07-02T12:27:34Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
StreamShield: a stream-centric approach towards security and privacy in data stream environments
Nehme, Rimma
Lim, Hyo-Sang
Bertino, Elisa
Rundensteiner, Elke
We propose to demonstrate the StreamShield, a system designed to address the problem of security and privacy in the context of Data Stream Management Systems (DSMSs). In StreamShield, continuous access control is enforced by taking a novel "stream-centric" approach towards security. Security policies are not persistently stored on the server, but rather are depicted by security metadata, called "security punctuations", and get embedded into streams together with the data. We distinguish between two types of security punctuations: (1) the "data security punctuations" (dsps) describing the data-side security policies, and (2) the "query security punctuations" (qsps) representing the query-side security policies. The advantages of such stream-centric security model include flexibility, dynamicity and speed of enforcement. Furthermore, DSMSs can adapt to not only data-related but also to security-related selectivities, which helps reduce the waste of resources, when few subjects have access to streaming data.
2009-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/35
http://dx.doi.org/10.1145/1559845.1559972
Cyber Center Publications
Purdue University
access control
data streams
design
performance
security
security punctuations
systems
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1051
2016-01-12T21:34:00Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
A conditional purpose-based access control model with dynamic roles
Kabir, Enamul
Wang, Hua
Bertino, Elisa
This paper presents a model for privacy preserving access control which is based on variety of purposes. Conditional purpose is applied along with allowed purpose and prohibited purpose in the model. It allows users using some data for certain purpose with conditions. The structure of conditional purpose-based access control model is defined and investigated through dynamic roles. Access purpose is verified in a dynamic behavior, based on subject attributes, context attributes and authorization policies. Intended purposes are dynamically associated with the requested data object during the access decision. An algorithm is developed to achieve the compliance computation between access purposes and intended purposes and is illustrated with Role-based access control (RBAC) in a dynamic manner to support conditional purpose-based access control. According to this model more information from data providers can be extracted while at the same time assuring privacy that maximizes the usability of consumers’ data. It extends traditional access control models to a further coverage of privacy preserving in data mining atmosphere. The structure helps enterprises to circulate clear privacy promise, to collect and manage user preferences and consent.
2011-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/41
info:doi/10.1016/j.eswa.2010.07.057
http://dx.doi.org/10.1016/j.eswa.2010.07.057
Cyber Center Publications
Purdue University
Access control
Purpose
Privacy
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1052
2014-04-10T14:57:35Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
A database server for next-generation scientific data management
Eltabakh, Mohamed
Aref, Walid G.
Elmagarmid, Ahmed
The growth of scientific information and the increasing automation of data collection have made databases integral to many scientific disciplines including life sciences, physics, meteorology, earth and atmospheric sciences, and chemistry. These sciences pose new data management challenges to current database system technologies. This dissertation addresses the following three challenges: (1) Annotation Management: Annotations and provenance information are important metadata that go hand-in-hand with scientific data. Annotating scientific data represents a vital mechanism for scientists to share knowledge and build an interactive and collaborative environment. A major challenge is: How to manage large volumes of annotations, especially at various granularities, e.g., cell, column, and row level annotations, along with their corresponding data items. (2) Complex Dependencies Involving Real-world Activities: The processing of scientific data is a complex cycle that may involve sequences of activities external to the database system, e.g., wet-lab experiments, instrument readings, and manual measurements. These external activities may incur inherently long delays to prepare for and to conduct. Updating a database value may render parts of the database inconsistent until some external activity is executed and its output is reflected back and updated into the database. The challenge is: How to integrate these external activities within the database engine and accommodate the long delays between the updates while making the intermediate results instantly available for querying. (3) Fast Access to Scientific Data with Complex Data Types: Scientific experiments produce large volumes of data of complex types, e.g., arrays, images, long sequences, and multi-dimensional data. A major challenge is: How to provide fast access to these large pools of scientific data with non-traditional data types. In this dissertation, I present extensions to current database engines to address the above challenges. The proposed extensions enable scientific data to be stored and processed within their natural habitat: the database system. Experimental studies and performance analysis for all the proposed algorithms are carried out using both real-world and synthetic datasets. Our results show the applicability of the proposed extensions and their performance gains over other existing techniques and algorithms.
2010-01-01T08:00:00Z
text
application/pdf
https://docs.lib.purdue.edu/ccpubs/42
https://docs.lib.purdue.edu/context/ccpubs/article/1052/viewcontent/A_database_server_for_next_generation_scientific_data_management.pdf
Cyber Center Publications
Purdue University
Applied sciences
Annotation
Data dependencies
Database systems
Indexing
Provenance
Scientific data management
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1062
2011-02-16T18:27:36Z
publication:dp
publication:ccpubs
publication:cc
A reciprocal framework for spatial K-anonymity
Ghinita, Gabriel
Zhao, Keliang
Papadias, Dimitris
Kalnis, Panos
Spatial K-anonymity (SKA) exploits the concept of K-anonymity in order to protect the identity of users from location-based attacks. The main idea of SKA is to replace the exact location of a user U with an anonymizing spatial region (ASR) that contains at least K-1 other users, so that an attacker can pinpoint U with probability at most 1/K. Simply generating an ASR that includes K users does not guarantee SKA. Previous work defined the reciprocity property as a sufficient condition for SKA. However, the only existing reciprocal method, Hilbert Cloak, relies on a specialized data structure. In contrast, we propose a general framework for implementing reciprocal algorithms using any existing spatial index on the user locations. We discuss ASR construction methods with different tradeoffs on effectiveness (i.e., ASR size) and efficiency (i.e., construction cost). Then, we present case studies of applying our framework on top of two popular spatial indices (namely, R*-trees and Quad-trees). Finally, we consider the case where the attacker knows the query patterns of each user. The experimental results verify that our methods outperform Hilbert Cloak. Moreover, since we employ general-purpose spatial indices, the proposed system is not limited to anonymization, but supports conventional spatial queries as well.
2010-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/52
http://dx.doi.org/10.1016/j.is.2009.10.001
Cyber Center Publications
Purdue University
Spatial
SKA
K-anonymity
spatial
data structure
spatial indices
trees
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1065
2011-02-16T18:40:18Z
publication:dp
publication:ccpubs
publication:cc
A Two-phase framework for quality-aware Web service selection
Yu, Qi
Rege, Manjeet
Bouguettaya, Athman
Medjahed, Brahim
Service-oriented computing is gaining momentum as the next technological tool to leverage the huge investments in Web application development. The expected large number of Web services poses a set of new challenges for efficiently accessing these services. We propose an integrated service query framework that facilitates users in accessing their desired services. The framework incorporates a service query model and a two-phase optimization strategy. The query model defines service communities that are used to organize the large and heterogeneous service space. The service communities allow users to use declarative queries to retrieve their desired services without worrying about the underlying technical details. The two-phase optimization strategy automatically generates feasible service execution plans and selects the plan with the best user-desired quality. In particular, we present an evolutionary algorithm that is able to “co-evolve” multiple feasible execution plans simultaneously and allows them to compete with each other to generate the best plan. We conduct a set of experiments to assess the performance of the proposed algorithms.
2010-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/55
http://dx.doi.org/10.1007/s11761-010-0055-6
Cyber Center Publications
Purdue University
web services
query
heterogeneous
oai:docs.lib.purdue.edu:ccpubs-1070
2012-07-02T12:24:44Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
An Access Control Language for a General Provenance Model
Ni, Qun
Xu, Shouhuai
Bertino, Elisa
Sandhu, Ravi
Provenance access control has been recognized as one of the most important components in an enterprise-level provenance system. However, it has only received little attention in the context of data security research. One important challenge in provenance access control is the lack of an access control language that supports its specific requirements, e.g., the support of both fine-grained policies and personal preferences, and decision aggregation from different applicable policies. In this paper, we propose an access control language tailored to these requirements.
2009-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/60
http://dx.doi.org/10.1007/978-3-642-04219-5_5
Cyber Center Publications
Purdue University
access control
enterprise level provenance
data security
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1047
2011-02-25T20:50:58Z
publication:dp
publication:ccpubs
publication:cc
The effect of iron on the primary root elongation of Arabidopsis during phosphate deficiency
Ward, James
Lahner, Brett
Yakubova, Elena
Salt, David
Root architecture differences have been linked to the survival of plants on phosphate (P)-deficient soils, as well as to the improved yields of P-efficient crop cultivars. To understand how these differences arise, we have studied the root architectures of P-deficient Arabidopsis (Arabidopsis thaliana Columbia-0) plants. A striking aspect of the root architecture of these plants is that their primary root elongation is inhibited when grown on P-deficient medium. Here, we present evidence suggesting that this inhibition is a result of iron (Fe) toxicity. When the Fe concentration in P-deficient medium is reduced, we observe elongation of the primary root without an increase in P availability or a corresponding change in the expression of P deficiency-regulated genes. Recovery of the primary root elongation is associated with larger plant weights, improved ability to take up P from the medium, and increased tissue P content. This suggests that manipulating Fe availability to a plant could be a valuable strategy for improving a plant's ability to tolerate P deficiency.
2008-04-01T07:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/37
http://dx.doi.org/10.1104/pp.108.118562.
Cyber Center Publications
Purdue University
ophosphate deficient soils
P-efficient cultivators
arabidopsis
Arabidopsis thaliana Columbia-0
iron (Fe) toxicity
oai:docs.lib.purdue.edu:ccpubs-1054
2011-02-17T16:01:21Z
publication:dp
publication:ccpubs
publication:cc
A framework for efficient data anonymization under privacy and accuracy constraints
Ghinita, Gabriel
Karras, Panagiotis
Kalnis, Panos
Mamoulis, Nikos
Recent research studied the problem of publishing microdata without revealing sensitive information, leading to the privacy-preserving paradigms of k-anonymity and l-diversity. k-anonymity protects against the identification of an individual's record. l-diversity, in addition, safeguards against the association of an individual with specific sensitive information. However, existing approaches suffer from at least one of the following drawbacks: (i) l-diversification is solved by techniques developed for the simpler k-anonymization problem, causing unnecessary information loss. (ii) The anonymization process is inefficient in terms of computational and I/O cost. (iii) Previous research focused exclusively on the privacy-constrained problem and ignored the equally important accuracy-constrained (or dual) anonymization problem.
In this article, we propose a framework for efficient anonymization of microdata that addresses these deficiencies. First, we focus on one-dimensional (i.e., single-attribute) quasi-identifiers, and study the properties of optimal solutions under the k-anonymity and l-diversity models for the privacy-constrained (i.e., direct) and the accuracy-constrained (i.e., dual) anonymization problems. Guided by these properties, we develop efficient heuristics to solve the one-dimensional problems in linear time. Finally, we generalize our solutions to multidimensional quasi-identifiers using space-mapping techniques. Extensive experimental evaluation shows that our techniques clearly outperform the existing approaches in terms of execution time and information loss.
2009-06-01T07:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/44
http://dx.doi.org/10.1145/1538909.1538911
Cyber Center Publications
Purdue University
anonymity
design experimentation
general privacy
security
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1055
2012-07-02T12:26:47Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
A General Framework for Web Content Filtering
Bertino, Elisa
Ferrari, Elena
Perego, Andrea
Web content filtering is a means to make end-users aware of the `quality' of Web resources by evaluating their contents and/or characteristics against users' preferences. Although they can be used for a variety of purposes, Web content filtering tools are mainly deployed as a service for parental control purposes, and for regulating the access to Web content by users connected to the networks of enterprises, libraries, schools, etc. Current Web filtering tools are based on well established techniques, such as data mining and firewall blocking, and they typically cater to the filtering requirements of very specific end-user categories. Therefore, what is lacking is a unified filtering framework able to support all the possible application domains, and making it possible to enforce interoperability among the different filtering approaches and the systems based on them. In this paper, a multi-strategy approach is described, which integrates the available techniques and focuses on the use of metadata for rating and filtering Web information. Such an approach consists of a filtering meta-model, referred to as MFM (Multi-strategy Filtering Model), which provides a general representation of the Web content filtering domain, independently from its possible applications, and of two prototype implementations, partially carried out in the framework of the EU projects EUFORBIA and QUATRO, and designed for different application domains: user protection and Web quality assurance, respectively.
2010-09-01T07:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/45
http://dx.doi.org/10.1007/s11280-009-0073-5
Cyber Center Publications
Purdue University
filtering
data mining
multi-strategy
metadata
MFM
quality assurance
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1056
2011-02-22T19:39:06Z
publication:dp
publication:ccpubs
publication:cc
A Hierarchical Approach to Model Web Query Interfaces for Web Source Integration
Kabisch, Thomas
Dragut, Eduard
Yu, Clement
Leser, Ulf
Much data in the Web is hidden behind Web query interfaces. In most cases the only means to "surface" the content of a Web database is by formulating complex queries on such interfaces. Applications such as Deep Web crawling and Web database integration require an automatic usage of these interfaces. Therefore, an important problem to be addressed is the automatic extraction of query interfaces into an appropriate model. We hypothesize the existence of a set of domain-independent "commonsense design rules" that guides the creation of Web query interfaces. These rules transform query interfaces into schema trees. In this paper we describe a Web query interface extraction algorithm, which combines HTML tokens and the geometric layout of these tokens within a Web page. Tokens are classified into several classes out of which the most significant ones are text tokens and field tokens. A tree structure is derived for text tokens using their geometric layout. Another tree structure is derived for the field tokens. The hierarchical representation of a query interface is obtained by iteratively merging these two trees. Thus, we convert the extraction problem into an integration problem. Our experiments show the promise of our algorithm: it outperforms the previous approaches on extracting query interfaces on about 6.5% in accuracy as evaluated over three corpora with more than 500 Deep Web interfaces from 15 different domains.
2009-01-01T08:00:00Z
text
application/pdf
https://docs.lib.purdue.edu/ccpubs/46
https://docs.lib.purdue.edu/context/ccpubs/article/1056/viewcontent/A_Hierarchical_Approach_to_Model_Web_Query_Interfaces_for_web_source_integration.pdf
Cyber Center Publications
Purdue University
design experimentation
languages
measurement
performance query
formulation query languages
query processing
world wide web
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1057
2012-07-02T12:26:31Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
A Hybrid Technique for Private Location-Based Queries with Database Protection
Ghinita, Gabriel
Kalnis, Panos
Kantarcioglu, Kantarcioglu
Bertino, Elisa
Mobile devices with global positioning capabilities allow users to retrieve points of interest (POI) in their proximity. To protect user privacy, it is important not to disclose exact user coordinates to un-trusted entities that provide location-based services. Currently, there are two main approaches to protect the location privacy of users: (i) hiding locations inside cloaking regions (CRs) and (ii) encrypting location data using private information retrieval (PIR) protocols. Previous work focused on finding good trade-offs between privacy and performance of user protection techniques, but disregarded the important issue of protecting the POI dataset D. For instance, location cloaking requires large-sized CRs, leading to excessive disclosure of POIs (O(|D|) in the worst case). PIR, on the other hand, reduces this bound to , but at the expense of high processing and communication overhead. We propose a hybrid, two-step approach to private location-based queries, which provides protection for both the users and the database. In the first step, user locations are generalized to coarse-grained CRs which provide strong privacy. Next, a PIR protocol is applied with respect to the obtained query CR. To protect excessive disclosure of POI locations, we devise a cryptographic protocol that privately evaluates whether a point is enclosed inside a rectangular region. We also introduce an algorithm to efficiently support PIR on dynamic POI sub-sets. Our method discloses O(1) POI, orders of magnitude fewer than CR- or PIR-based techniques. Experimental results show that the hybrid approach is scalable in practice, and clearly outperforms the pure-PIR approach in terms of computational and communication overhead.
2009-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/47
http://dx.doi.org/10.1007/978-3-642-02982-0_9
Cyber Center Publications
Purdue University
mobile devices
global positioning
loctation based services
cloaking regions
encryption
PIR
privacy
PIR
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1060
2012-07-02T12:26:14Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
A Privacy-Enhancing Content-Based Publish/Subscribe System Using Scalar Product Preserving Transformations
Choi, Sunoh
Ghinita, Gabriel
Bertino, Elisa
Users of content-based publish/subscribe systems (CBPS) are interested in receiving data items with values that satisfy certain conditions. Each user submits a list of subscription specifications to a broker, which routes data items from publishers to users. When a broker receives a notification that contains a value from a publisher, it forwards it only to the subscribers whose requests match the value. However, in many applications, the data published are confidential, and their contents must not be revealed to brokers. Furthermore, a user’s subscription may contain sensitive information that must be protected from brokers. Therefore, a difficult challenge arises: how to route publisher data to the appropriate subscribers without the intermediate brokers learning the plain text values of the notifications and subscriptions. To that extent, brokers must be able to perform operations on top of the encrypted contents of subscriptions and notifications. Such operations may be as simple as equality match, but often require more complex operations such as determining inclusion of data in a value interval. Previous work attempted to solve this problem by using one-way data mappings or specialized encryption functions that allow evaluation of conditions on ciphertexts. However, such operations are computationally expensive, and the resulting CBPS lack scalability. As fast dissemination is an important requirement in many applications, we focus on a new data transformation method called Asymmetric Scalar-product Preserving Encryption (ASPE) [1]. We devise methods that build upon ASPE to support private evaluation of several types of conditions. We also suggest techniques for secure aggregation of notifications, supporting functions such as sum, minimum, maximum and count. Our experimental evaluation shows that ASPE-based CBPS incurs 65% less overhead for exact-match filtering and 50% less overhead for range filtering compared to the state-of-the-art.
2010-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/50
http://dx.doi.org/10.1007/978-3-642-15364-8_32
Cyber Center Publications
Purdue University
Publish Subscribe Systems
Privacy
Confidentiality
Security
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1061
2012-07-02T12:25:59Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
A privacy-preserving approach to policy-based content dissemination
Shang, Ning
Nabeel, Mohamed
Paci, Federica
Bertino, Elisa
We propose a novel scheme for selective distribution of content, encoded as documents, that preserves the privacy of the users to whom the documents are delivered and is based on an efficient and novel group key management scheme. Our document broadcasting approach is based on access control policies specifying which users can access which documents, or subdocuments. Based on such policies, a broadcast document is segmented into multiple subdocuments, each encrypted with a different key. In line with modern attribute-based access control, policies are specified against identity attributes of users. However our broadcasting approach is privacy-preserving in that users are granted access to a specific document, or subdocument, according to the policies without the need of providing in clear information about their identity attributes to the document publisher. Under our approach, not only does the document publisher not learn the values of the identity attributes of users, but it also does not learn which policy conditions are verified by which users, thus inferences about the values of identity attributes are prevented. Moreover, our key management scheme on which the proposed broadcasting approach is based is efficient in that it does not require to send the decryption keys to the users along with the encrypted document. Users are able to reconstruct the keys to decrypt the authorized portions of a document based on subscription information they have received from the document publisher. The scheme also efficiently handles new subscription of users and revocation of subscriptions.
2010-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/51
http://dx.doi.org/10.1109/ICDE.2010.5447902
Cyber Center Publications
Purdue University
authorisation
data privacy
document handling
public key cryptography
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1063
2011-02-24T20:03:28Z
publication:dp
publication:ccpubs
publication:cc
A scalable call admission control algorithm
Ali, Zafar
Sheikh, Waseem
Chong, Edwin
Ghafoor, Arif
In this paper, we propose a scalable algorithm for connection admission control (CAC). The algorithm applies to a Multiprotocol Label Switching (MPLS) ATM switch with a FIFO buffer. The switch carries data from statistically independent variable bit rate (VBR) sources that asynchronously alternate between ON and OFF states with exponentially distributed periods. The sources may be heterogeneous both in terms of their statistical characteristics (peak cell rate, sustained cell rate, and burst size attributes) as well as their Quality of Service (QoS) requirements.
The performance of the proposed CAC scheme is evaluated using known performance bounds and simulation results. For the purpose of comparison, we also present scalability analyses for some of the previously proposed CAC schemes. Our results show that the proposed CAC scheme consistently performs better and operates the link close to the highest possible utilization level. Furthermore, the scheme scales well with increasing amount of resources (link capacity and buffer size) and accommodates intelligently the mix of traffic offered by sources of diversed burstiness characteristics.
2008-04-01T07:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/53
http://dx.doi.org/10.1109/TNET.2007.900414
Cyber Center Publications
Purdue University
call admission control
management
multiprotocol label switching
network management
performance
performance attributes
security
security and protection
traffic management
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1064
2012-07-02T12:25:45Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
A secure multiparty computation privacy preserving OLAP framework over distributed XML data
Cuzzocrea, Alfredo
Bertino, Elisa
Privacy Preserving Distributed OLAP is becoming a critical challenge for next-generation Business Intelligence (BI) scenarios, due to the "natural suitability" of OLAP in analyzing distributed massive BI repositories in a multidimensional and multigranularity manner. In particular, in these scenarios XML-formatted BI repositories play a dominant role, due to the wellknow amenities of XML in modeling and representing distributed business data. However, while Privacy Preserving Distributed Data Mining has been widely investigated, very few efforts have focused on the problem of effectively and efficiently supporting privacy preserving OLAP over distributed collections of XML documents. In order to fulfill this gap, we propose a novel Secure Multiparty Computation (SMC)-based privacy preserving OLAP framework for distributed collections of XML documents. The framework has many novel features ranging from nice theoretical properties to an effective and efficient protocol. The efficiency of our approach has been validated by an experimental evaluation over distributed collections of synthetic XML documents.
2010-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/54
http://dx.doi.org/10.1145/1774088.1774447
Cyber Center Publications
Purdue University
privacy
security
privacy preserving
OLAP
XML
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1066
2012-07-02T12:25:31Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
ABSTRACT Access Control Enforcement for Conversation-based Web Services
Mecella, Massimo
Paci, Federica
Ouzzani, Mourad
Bertino, Elisa
Service Oriented Computing is emerging as the main approach to build distributed enterprise applications on the Web. The widespread use of Web services is hindered by the lack of adequate security and privacy support. In this paper, we present a novel framework for enforcing access control in conversation-based Web services. Our approach takes into account the conversational nature of Web services. This is in contrast with existing approaches to access control enforcement that assume a Web service as a set of independent operations. Furthermore, our approach achieves a tradeoff between the need to protect Web service's access control policies and the need to disclose to clients the portion of access control policies related to the conversations they are interested in. This is important to avoid situations where the client cannot progress in the conversation due to the lack of required security requirements. We introduce the concept of k-trustworthiness that defines the conversations for which a client can provide credentials maximizing the likelihood that it will eventually hit a final state.
2006-05-01T07:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/56
http://dx.doi.org/10.1145/1135777.1135818
Cyber Center Publications
Purdue University
Service Oriented Computing
distributed enterprise applications
security and privacy
access control
k-trustworthiness
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1067
2012-07-02T12:25:12Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Access control policy combining: theory meets practice
Li, Ninghui
Wang, Qihua
Qardaji, Wahbeh
Bertino, Elisa
Many access control policy languages, e.g., XACML, allow a policy to contain multiple sub-policies, and the result of the policy on a request is determined by combining the results of the sub-policies according to some policy combining algorithms (PCAs). Existing access control policy languages, however, do not provide a formal language for specifying PCAs. As a result, it is difficult to extend them with new PCAs. While several formal policy combining algebras have been proposed, they did not address important practical issues such as policy evaluation errors and obligations; furthermore, they cannot express PCAs that consider all sub-policies as a whole (e.g., weak majority or strong majority). We propose a policy combining language PCL, which can succinctly and precisely express a variety of PCAs. PCL represents an advancement both in terms of theory and practice. It is based on automata theory and linear constraints, and is more expressive than existing approaches. We have implemented PCL and integrated it with SUN's XACML implementation. With PCL, a policy evaluation engine only needs to understand PCL to evaluate any PCA specified in it.
2009-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/57
http://dx.doi.org/10.1145/1542207.1542229
Cyber Center Publications
Purdue University
access controls
languages
policy combination
security
xacml
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1068
2012-07-02T12:24:58Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Adaptive Management of Multigranular Spatio-Temporal Object Attributes
Camossi, Elena
Bertino, Elisa
Guerrini, Giovanna
Bertolotto, Michela
In applications involving spatio-temporal modelling, granularities of data may have to adapt according to the evolving semantics and significance of data. In this paper we define ST 2_ODMGe, a multigranular spatio-temporal model supporting evolutions , which encompass the dynamic adaptation of attribute granularities, and the deletion of attribute values. Evolutions are specified as Event - Condition - Action rules and are executed at run-time. The event, the condition, and the action may refer to a period of time and a geographical area. The evolution may also be constrained by the attribute values. The ability of dynamically evolving the object attributes results in a more flexible management of multigranular spatio-temporal data but it requires revisiting the notion of object consistency with respect to class definitions and access to multigranular object values. Both issues are formally investigated in the paper.
2009-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/58
http://dx.doi.org/10.1007/978-3-642-02982-0_21
Cyber Center Publications
Purdue University
spatio-temporal modeling
granularities of data
attribute valuesm
multigranular object values
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1043
2012-07-02T12:28:04Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Anonymous Geo-Forwarding in MANETs through Location Cloaking
Wu, Xiaoxin
Liu, Jun
Hong, Xiaoyan
Bertino, Elisa
In this paper, we address the problem of destination anonymity for applications in mobile ad hoc networks where geographic information is ready for use in both ad hoc routing and Internet services. Geographic forwarding becomes a lightweight routing protocol in favor of the scenarios. Traditionally the anonymity of an entity of interest can be achieved by hiding it among a group of other entities with similar characteristics, i.e., an anonymity set. In mobile ad hoc networks, generating and maintaining an anonymity set for any ad hoc node is challenging because of the node mobility, consequently the dynamic network topology. We propose protocols that use the destination position to generate a geographic area called {em anonymity zone (AZ)}. A packet for a destination is delivered to all the nodes in the AZ, which make up the anonymity set. The size of the anonymity set may decrease because nodes are mobile, yet the corresponding anonymity set management is simple. We design techniques to further improve node anonymity and reduce communication overhead. We use analysis and extensive simulation to study the node anonymity and routing performance, and to determine the parameters that most impact the anonymity level that can be achieved by our protocol.
2008-10-01T07:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/176
http://dx.doi.org/10.1109/TPDS.2008.28
Cyber Center Publications
Purdue University
Algorithm/protocol design and analysis
Location-dependent and sensitive
Network-level security and protection
Routing protocols
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1041
2012-07-02T12:28:22Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Efficient and Secure Content Processing and Distribution by Cooperative Intermediaries
Koglin, Yunhua
Yao, Denfeng
Bertino, Elisa
Content services such as content filtering and transcoding, adapt contents to meet system requirements, display capacities, or user preferences. Data security in such a framework is an important problem, and crucial for many web applications. In this paper, we propose an approach that addresses data integrity and confidentiality in content adaptation and caching by intermediaries. Our approach permits multiple intermediaries to simultaneously perform content services on different portions of the data. Our protocol supports decentralized proxy and key managements and flexible delegation of services. Our experimental results show that our approach is efficient and minimizes the amount of data transmitted across the network.
2008-05-01T07:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/178
http://dx.doi.org/10.1109/TPDS.2007.70758
Cyber Center Publications
Purdue University
Database Management
Data sharing
Security
integrity
protection
Distributed systems
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1040
2012-07-02T12:28:35Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
A New Model for Secure Dissemination of XML Content
Kundu, Ashish
Bertino, Elisa
The paper proposes an approach to content dissemination that exploits the structural properties of an Extensible Markup Language (XML) document object model in order to provide an efficient dissemination and at the same time assuring content integrity and confidentiality. Our approach is based on the notion of encrypted postorder numbers that support the integrity and confidentiality requirements of XML content as well as facilitate efficient identification, extraction, and distribution of selected content portions. By using such notion, we develop a structure-based routing scheme that prevents information leaks in the XML data dissemination, and assures that content is delivered to users according to the access control policies, that is, policies specifying which users can receive which portions of the contents. Our proposed dissemination approach further enhances such structure-based, policy-based routing by combining it with multicast in order to achieve high efficiency in terms of bandwidth usage and speed of data delivery, thereby enhancing scalability. Our dissemination approach thus represents an efficient and secure mechanism for use in applications such as publish-subscribe systems for XML Documents. The publish-subscribe model restricts the consumer and document source information to the routers to which they register with. Our framework facilitates dissemination of contents with varying degrees of confidentiality and integrity requirements in a mix of trusted and untrusted networks, which is prevalent in current settings across enterprise networks and the Web. Also, it does not require the routers to be aware of any security policy in the sense that the routers do not need to implement any policy related to access control.
2008-05-01T07:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/179
http://dx.doi.org/10.1109/TSMCC.2008.919213
Cyber Center Publications
Purdue University
XML
authorisation
data integrity
message passing
middleware
world wide web
content dissemination security
XML document object model
encryption
extensible markup language
postorder traversal
peorder traversal
publish-subscribe
structure-based routing
trees
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1074
2011-02-16T16:51:34Z
publication:dp
publication:ccpubs
publication:cc
An optimal bandwidth allocation and data droppage scheme for differentiated services in a wireless network
Sheikh, Waseem
Ghafoor, Arif
This paper presents an optimal proportional bandwidth allocation and data droppage scheme to provide differentiated services (DiffServ) for downlink pre-orchestrated multimedia data in a single-hop wireless network. The proposed resource allocation scheme finds the optimal bandwidth allocation and data drop rates under minimum quality-of-service (QoS) constraints. It combines the desirable attributes of relative DiffServ and absolute DiffServ approaches. In contrast to relative DiffServ approach, the proposed scheme guarantees the minimum amount of bandwidth provided to each user without dropping any data at the base-station, when the network has sufficient resources. If the network does not have sufficient resources to provide minimum bandwidth guarantees to all users without dropping data, the proportional data dropper finds the optimal data drop rates within acceptable levels of QoS and thus avoids the inflexibility of absolute DiffServ approach. The optimal bandwidth allocation and data droppage problems are formulated as constrained nonlinear optimization problems and solved using efficient techniques. Simulations are performed to show that the proposed scheme exhibits the desirable features of absolute and relative DiffServ.
2010-06-01T07:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/64
http://dx.doi.org/10.1002/wcm.779
Cyber Center Publications
Purdue University
bandwidth allocation
data droppage
quality-of-service
differentiated services
wireless network
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1079
2012-07-02T12:20:00Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Assured information sharing: concepts and issues
Bertino, Elisa
The need to share information across organization is an imperative for many organizations, in both the private and public sectors. Sharing must not however undermine privacy and confidentiality of information. Accountability about the use of information, integrity, and support for compliance with respect to organizational policies are also crucial requirements. In this paper we introduce the notion of assured information sharing lifecycle as a framework for reasoning about approaches and techniques for securely sharing of information. We then focus on policies relevant in the context of secure information sharing and discuss tools for policy management.
2009-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/69
http://dx.doi.org/10.1145/1626195.1626203
Cyber Center Publications
Purdue University
design information
lifecycle
information sharing
management
policy management systems
security
security policies
security
integrity
protection
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1098
2014-04-10T15:03:14Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Efficient Private Record Linkage
Yakout, Mohamed
Atallah, Mikhail J.
Elmagarmid, Ahmed
Record linkage is the computation of the associations among records of multiple databases. It arises in contexts like the integration of such databases, online interactions and negotiations, and many others. The autonomous entities who wish to carry out the record matching computation are often reluctant to fully share their data. In such a framework where the entities are unwilling to share data with each other, the problem of carrying out the linkage computation without full data exchange has been called private record linkage. Previous private record linkage techniques have made use of a third party. We provide efficient techniques for private record linkage that improve on previous work in that (i) they make no use of a third party; (ii) they achieve much better performance than that of previous schemes in terms of execution time and quality of output (i.e., practically without false negatives and minimal false positives). Our software implementation provides experimental validation of our approach and the above claims.
2009-03-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/88
http://dx.doi.org/10.1109/ICDE.2009.221
Cyber Center Publications
Purdue University
Record Linkage
privacy preserving
data integration
database security
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1101
2012-06-29T20:09:29Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
EXAM: a comprehensive environment for the analysis of access control policies
Lin, Dan
Rao, Prathima
Bertino, Elisa
Li, Ninghui
As distributed collaborative applications and architectures are adopting policy-based solutions for tasks such as access control, network security and data privacy, the management and consolidation of a large number of policies is becoming a crucial component of such solutions. In large-scale distributed collaborative applications like web services, there is need for analyzing policy interaction and performing policy integration. In this demonstration, we present EXAM, a comprehensive environment for policy analysis and management, which can be used to perform a variety of functions such as policy property analyses, policy similarity analysis, policy integration.Our work focuses on analysis of access control policies written in XACML (Extensible Access Control Markup Language). We consider XACML policies because XACML is a rich language able to represent many policies of interest to real world applications and is gaining widespread adoption in the industry.
2010-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/91
http://dx.doi.org/10.1109/POLICY.2008.30
Cyber Center Publications
Purdue University
XACML
Policy Analysis
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1085
2012-07-02T12:17:46Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Collaborative Computing: Networking, Applications and Worksharing-A structure preserving approach for securing XML documents
Bertino, Elisa
Nabeel, Mohamed
With the widespread adoption of XML as the message format to disseminate content over distributed systems including Web Services and Publish-Subscribe systems, different methods have been proposed for securing messages. We focus on a subset of such systems where incremental updates are disseminated. The goal of this paper is to develop an approach for disseminating only the updated or accessible portions of XML content while assuring confidentiality and integrity at message level. While sending only the updates greatly reduces the bandwidth requirements, it introduces the challenge of assuring security efficiently for partial messages disseminated to intermediaries and clients. We propose a novel localized encoding scheme based on conventional cryptographic functions to enforce security for confidentiality and content integrity at the granularity of XML node level. We also address structural integrity with respect to the complete XML document to which clients have access. Our solution takes every possible measure to minimize indirect information leakage by making the rest of the structure of XML documents to which intermediaries and clients do not have access oblivious. The experimental results show that our scheme is superior to conventional techniques of securing XML documents when the percentage of update with respect to original documents is low.
2009-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/75
http://dx.doi.org/10.1109/COLCOM.2007.4553802
Cyber Center Publications
Purdue University
Web services
XML
cryptography
message passing
middleware
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1106
2014-04-10T14:58:34Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
GDR: a system for guided data repair
Yakout, Mohamed
Elmagarmid, Ahmed
Neville, Jennifer
Ouzzani, Mourad
Improving data quality is a time-consuming, labor-intensive and often domain specific operation. Existing data repair approaches are either fully automated or not efficient in interactively involving the users. We present a demo of GDR, a Guided Data Repair system that uses a novel approach to efficiently involve the user alongside automatic data repair techniques to reach better data quality as quickly as possible. Specifically, GDR generates data repairs and acquire feedback on them that would be most beneficial in improving the data quality. GDR quantifies the data quality benefit of generated repairs by combining mechanisms from decision theory and active learning. Based on these benefit scores, groups of repairs are ranked and displayed to the user. User feedback is used to train a machine learning component to eventually replace the user in deciding on the validity of a suggested repair. We describe how the generated repairs are ranked and displayed to the user in a "useful-looking" way and demonstrate how data quality can be effectively improved with minimal feedback from the user.
2010-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/96
http://dx.doi.org/10.1145/1807167.1807325
Cyber Center Publications
Purdue University
data quality
data repair
GDR
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1112
2012-06-29T20:08:30Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Guest Editors' Introduction: Data Quality in the Internet Era
Bertino, Elisa
Maurino, Andrea
Scannapieco, Monica
The vast amount of data available on the Internet introduces new challenging data quality problems, such as accessibility and usability. Low information quality is common in various Web applications, including Web 2.0 tools. Consequently, information quality on the Internet is one of the most crucial requirements for an effective use of data from the Web and pervasive deployment of Web-based applications.
2010-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/102
http://dx.doi.org/10.1109/MIC.2010.93
Cyber Center Publications
Purdue University
Internet
data quality
information quality
instance matching
mashups
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1080
2012-07-02T12:18:56Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Assuring Data Trustworthiness - Concepts and Research Challenges
Bertino, Elisa
Lim, Hyo-Sang
Today, more than ever, there is a critical need to share data within and across organizations so that analysts and decision makers can analyze and mine the data, and make effective decisions. However, in order for analysts and decision makers to produce accurate analysis and make effective decisions and take actions, data must be trustworthy. Therefore, it is critical that data trustworthiness issues, which also include data quality, provenance and lineage, be investigated for organizational data sharing, situation assessment, multi-sensor data integration and numerous other functions to support decision makers and analysts. The problem of providing trustworthy data to users is an inherently difficult problem that requires articulated solutions combining different methods and techniques. In the paper we first elaborate on the data trustworthiness challenge and discuss a framework to address this challenge. We then present an initial approach for assess the trustworthiness of streaming data and discuss open research directions.
2010-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/70
http://dx.doi.org/10.1007/978-3-642-15546-8_1
Cyber Center Publications
Purdue University
Data Trustworthiness
Data Integrity and Quality
Security
Policy
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1107
2014-04-10T15:06:16Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Generalization of ACID Properties
Medjahed, Brahim
Ouzzani, Mourad
Elmagarmid, Ahmed
ACID (Atomicity, Consistency, Isolation, and Durability) is a set of properties that guarantee the reliability of database transactions [2]. ACID properties were initially developed with traditional, business-oriented applications (e.g., banking) in mind. Hence, they do not fully support the functional and performance requirements of advanced database applications such as computer-aided design, computer-aided manufacturing, office automation, network management, multidatabases, and mobile databases. For instance, transactions in computer-aided design applications are generally of long duration and preserving the traditional ACID properties in such transactions would require locking resources for long periods of time. This has lead to the generalization of ACID properties as Recovery, Consistency, Visibility and Permanence. The aim of such generalization is to relax some of the constraints and restrictions imposed by the ACID properties. For example, visibility relaxes the isolation property by enabling the sharing of partial results and hence promoting cooperation among concurrent transactions. Hence, the more generalized are ACID properties, the more flexible is the corresponding transaction model.
2009-01-01T08:00:00Z
text
application/pdf
https://docs.lib.purdue.edu/ccpubs/97
https://docs.lib.purdue.edu/context/ccpubs/article/1107/viewcontent/Generalization_of_ACID_Properties.pdf
Cyber Center Publications
Purdue University
Advanced Transaction Models
Extended Transaction Models
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1092
2012-07-02T12:17:12Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Credibility-enhanced curated database: Improving the value of curated databases
Ni, Qun
Bertino, Elisa
In curated databases, annotations may contain opinions different from those in sources. Moreover, annotations may contradict each other and have uncertainty. Such situations result in a natural question: "Which opinion is most likely to be correct?" In this paper, we define a credibility-enhanced curated database and propose an efficient method to accurately evaluate the correctness of sources and annotations in curated databases.
2010-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/82
http://dx.doi.org/10.1109/ICDE.2010.5447857
Cyber Center Publications
Purdue University
database management systems
uncertainty handling
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1116
2012-06-29T20:07:39Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Interactive Location Cloaking with the PROBE Obfuscator
Ghinita, Gabriel
Damiani, Maria Luisa
Bertino, Elisa
Silvestri, Claudio
The problem of private location-based queries has been intensively researched in recent years. Several location protection algorithms exist, most of which use some form of location cloaking. However, existing work focuses on the analysis of privacy and performance, and less on the user's perspective on location privacy. We developed a prototype of the PROBE system with an emphasis on visualization of the location cloaking process, which improves user experience and increases privacy awareness.
2009-05-01T07:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/106
http://dx.doi.org/10.1109/MDM.2009.49
Cyber Center Publications
Purdue University
location based queries
location cloaking
privacy
performance
PROBE
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1093
2012-07-02T12:16:57Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
D-algebra for composing access control policy decisions
Ni, Qun
Bertino, Elisa
Lobo, Jorge
This paper proposes a D-algebra to compose decisions from multiple access control policies. Compared to other algebra-based approaches aimed at policy composition, D-algebra is the only one that satisfies both functional completeness (any possible decision matrix can be expressed by a D-algebra formula) and computational effectiveness (a formula can be computed efficiently given any decision matrix). The D-algebra has several relevant applications in the context of access control policies, namely the analysis of policy languages decision mechanisms, and the development of tools for policy authoring and enforcement.
2009-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/83
http://dx.doi.org/10.1145/1533057.1533097
Cyber Center Publications
Purdue University
access controls
decision
management
many-valued logic
mv-algebras
policy composition
security
security and protection
standardization
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1084
2012-07-02T12:17:59Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Biometrics-based identifiers for digital identity management
Bhargav-Spantzel, Abhilasha
Squicciarini, Anna
Bertino, Elisa
Kong, Xiangwei
We present algorithms to reliably generate biometric identifiers from a user's biometric image which in turn is used for identity verification possibly in conjunction with cryptographic keys. The biometric identifier generation algorithms employ image hashing functions using singular value decomposition and support vector classification techniques. Our algorithms capture generic biometric features that ensure unique and repeatable biometric identifiers. We provide an empirical evaluation of our techniques using 2569 images of 488 different individuals for three types of biometric images; namely fingerprint, iris and face. Based on the biometric type and the classification models, as a result of the empirical evaluation we can generate biometric identifiers ranging from 64 bits up to 214 bits. We provide an example use of the biometric identifiers in privacy preserving multi-factor identity verification based on zero knowledge proofs. Therefore several identity verification factors, including various traditional identity attributes, can be used in conjunction with one or more biometrics of the individual to provide strong identity verification. We also ensure security and privacy of the biometric data. More specifically, we analyze several attack scenarios. We assure privacy of the biometric using the one-way hashing property, in that no information about the original biometric image is revealed from the biometric identifier.
2010-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/74
http://dx.doi.org/10.1145/1750389.1750401
Cyber Center Publications
Purdue University
biometric identifiers
security
protection
data encryption
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1096
2012-07-02T12:16:41Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Efficient and privacy-preserving enforcement of attribute-based access control
Shang, Ning
Paci, Federica
Bertino, Elisa
Modern access control models, developed for protecting data from accesses across the Internet, require to verify the identity of users in order to make sure that users have the required permissions for accessing the data. User's identity consists of data, referred to as identity attributes, that encode relevant-security properties of the users. Because identity attributes often convey sensitive information about users, they have to be protected. The Oblivious Commitment-Based Envelope (OCBE) protocols address the protection requirements of both users and service providers. The OCBE protocols makes it possible for a party, referred as sender, to send an encrypted message to a receiver such that the receiver can open the message if and only if its committed value satisfies a predicate and that the sender does not learn anything about the receiver's committed value. The possible predicates are comparison predicates =, ≠, >, <, ≤, ≥. In this paper, we present an extension that improves the efficiency of EQ-OCBE protocol, that is, the OCBE protocol for equality predicates. Our extension allows a party to decrypt data sent by a service provider if and only if the party satisfies all the equality conditions in the access control policy.
2010-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/86
http://dx.doi.org/10.1145/1750389.1750398
Cyber Center Publications
Purdue University
identity attributes
relevant-security
OCBE protocols
predicates
decrypt data
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1123
2011-02-24T15:22:24Z
publication:dp
publication:ccpubs
publication:cc
Outsourcing Search Services on Private Spatial Data
Yiu, Man Lung
Ghinita, Gabriel
Jensen, Christian
Kalnis, Panos
Cloud computing services enable organizations and individuals to outsource the management of their data to a service provider in order to save on hardware investments and reduce maintenance costs. Only authorized users are allowed to access the data. Nobody else, including the service provider, should be able to view the data. For instance, a real-estate company that owns a large database of properties wants to allow its paying customers to query for houses according to location. On the other hand, the untrusted service provider should not be able to learn the property locations and, e.g., selling the information to a competitor. To tackle the problem, we propose to transform the location datasets before uploading them to the service provider. The paper develops a spatial transformation that re-distributes the locations in space, and it also proposes a cryptographic-based transformation. The data owner selects the transformation key and shares it with authorized users. Without the key, it is infeasible to reconstruct the original data points from the transformed points. The proposed transformations present distinct trade-offs between query efficiency and data confidentiality. In addition, we describe attack models for studying the security properties of the transformations. Empirical studies demonstrate that the proposed methods are efficient and applicable in practice.
2009-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/113
http://dx.doi.org/10.1007/s00778-009-0169-7
Cyber Center Publications
Purdue University
data outsourcing
spatial query processing
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1100
2012-06-29T20:09:42Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Enforcing spatial constraints for mobile RBAC systems
Kirkpatrick, Michael
Bertino, Elisa
Proposed models for spatially-aware extensions of role-based access control (RBAC) combine the administrative and security advantages of RBAC with the dynamic nature of mobile and pervasive computing systems. However, implementing systems that enforce these models poses a number of challenges. As a solution, we propose an architecture for designing such a system. The architecture is based on an enhanced RBAC model that supports location-based access control policies by incorporating spatial constraints. Enforcing spatially-aware RBAC policies in a mobile environment requires addressing several challenges. First, one must guarantee the integrity of a user's location during an access request. We adopt a proximity-based solution using Near-Field Communication (NFC) technology. The next challenge is to verify the user's position continuously satisfies the location constraints. To capture these policy restrictions, we incorporate elements of the UCON_ABC usage control model in our architecture. In this work, we also propose a number of protocols, describe our prototype implementation, report the performance of our prototype, and evaluate the security guarantees.
2010-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/90
http://dx.doi.org/10.1145/1809842.1809860
Cyber Center Publications
Purdue University
spatial aware
RBAC
security
mobile
location based access
UCON_ABC
NFC
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1133
2012-06-29T19:50:13Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Privacy-aware role-based access control
Ni, Qun
Bertino, Elisa
Lobo, Jorge
Brodie, Carolyn
In this article, we introduce a comprehensive framework supporting a privacy-aware access control mechanism, that is, a mechanism tailored to enforce access control to data containing personally identifiable information and, as such, privacy sensitive. The key component of the framework is a family of models (P-RBAC) that extend the well-known RBAC model in order to provide full support for expressing highly complex privacy-related policies, taking into account features like purposes and obligations. We formally define the notion of privacy-aware permissions and the notion of conflicting permission assignments in P-RBAC, together with efficient conflict-checking algorithms. The framework also includes a flexible authoring tool, based on the use of the SPARCLE system, supporting the high-level specification of P-RBAC permissions. SPARCLE supports the use of natural language for authoring policies and is able to automatically generate P-RBAC permissions from these natural language specifications. In the article, we also report performance evaluation results and contrast our approach with other relevant access control and privacy policy frameworks such as P3P, EPAL, and XACML.
2010-07-01T07:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/123
http://dx.doi.org/10.1145/1805974.1805980
Cyber Center Publications
Purdue University
security and protection
access controls
information systems
database management
database application
data mining
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1108
2011-02-24T20:24:04Z
publication:dp
publication:ccpubs
publication:cc
Genetic and physiological basis of adaptive salt tolerance divergence between coastal and inland Mimulus guttatus
Lowry, David
Hall, Megan
Salt, David
Willis, John
Local adaptation is a well-established phenomenon whereby habitat-mediated natural selection drives the differentiation of populations. However, little is known about how specific traits and loci combine to cause local adaptation. Here, we conducted a set of experiments to determine which physiological mechanisms contribute to locally adaptive divergence in salt tolerance between coastal perennial and inland annual ecotypes of Mimulus guttatus. Quantitative trait locus (QTL) mapping was used to discover loci involved in salt spray tolerance and leaf sodium (Na(+)) concentration. To determine whether these QTLs confer fitness in the field, we examined their effects in reciprocal transplant experiments using recombinant inbred lines (RILs). Coastal plants had constitutively higher leaf Na(+) concentrations and greater levels of tissue tolerance, but no difference in osmotic stress tolerance. Three QTLs contributed to salt spray tolerance and two QTLs to leaf Na(+) concentration. All three salt-spray tolerance QTLs had a significant fitness effects at the coastal field site but no effects inland. Leaf Na(+) QTLs had no detectable fitness effects in the field. * Physiological results are consistent with adaptation of coastal populations to salt spray and soil salinity. Field results suggest that there may not be trade-offs across habitats for alleles involved in local salt spray adaptations.
2008-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/98
http://dx.doi.org/10.1111/j.1469-8137.2009.02901.x
Cyber Center Publications
Purdue University
adaptation
habitat-mediated natural selection
salt tolerance
ecotypes of Mimulus guttatus
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1113
2012-06-29T20:08:14Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
How to authenticate graphs without leaking
Kundu, Ashish
Bertino, Elisa
Secure data sharing in multi-party environments requires that both authenticity and confidentiality of the data be assured. Digital signature schemes are commonly employed for authentication of data. However, no such technique exists for directed graphs, even though such graphs are one of the most widely used data organization structures. Existing schemes for DAGs are authenticity-preserving but not confidentiality-preserving, and lead to leakage of sensitive information during authentication. In this paper, we propose two schemes on how to authenticate DAGs and directed cyclic graphs without leaking, which are the first such schemes in the literature. It is based on the structure of the graph as defined by depth-first graph traversals and aggregate signatures. Graphs are structurally different from trees in that they have four types of edges: tree, forward, cross, and back-edges in a depth-first traversal. The fact that an edge is a forward, cross or a back-edge conveys information that is sensitive in several contexts. Moreover, back-edges pose a more difficult problem than the one posed by forward, and cross-edges primarily because back-edges add bidirectional properties to graphs. We prove that the proposed technique is both authenticity-preserving and non-leaking. While providing such strong security properties, our scheme is also efficient, as supported by the performance results.
2010-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/103
http://dx.doi.org/10.1145/1739041.1739114
Cyber Center Publications
Purdue University
multi-party environments
graphs
leaking
confidentiality preserving
DAG
cyclic graphs
non-leaking
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1121
2012-06-29T20:06:57Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Mask: a system for privacy-preserving policy-based access to published content
Nabeel, Mohamed
Shang, Ning
Zage, John
Bertino, Elisa
We propose to demonstrate Mask, the first system addressing the seemingly-unsolvable problem of how to selectively share contents among a group of users based on access control policies expressed as conditions against the identity attributes of these users while at the same time assuring the privacy of these identity attributes from the content publisher. Mask consists of three entities: a Content Publisher, Users referred to as Subscribers, and Identity Providers that issue certified identity attributes. The content publisher specifies access control policies against identity attributes of subscribers indicating which conditions the identity attributes of a subscriber must verify in order for this subscriber to access a document or a subdocument. The main novelty of Mask is that, even though the publisher is able to match the identity attributes of the subscribers against its own access control policies, the publisher does not learn the values of the identity attributes of the subscribers; the privacy of the authorized subscribers is thus preserved. Based on the specified access control policies, documents are divided into subdocuments and the subdocuments having different access control policies are encrypted with different keys. Subscribers derive the keys corresponding to the subdocuments they are authorized to access. Key distribution in Mask is supported by a novel group key management protocol by which subscribers can reconstruct the decryption keys from the subscription information they receive from the publisher. The publisher however does not learn which decryption keys each subscriber is able to reconstruct. In this demonstration, we show our system using a healthcare scenario.
2010-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/111
http://dx.doi.org/10.1145/1807167.1807329
Cyber Center Publications
Purdue University
MASK
identity attributes
privacy
content publisher
access control policies
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1124
2012-06-29T20:06:32Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Physically restricted authentication with trusted hardware
Kirkpatrick, Michael
Bertino, Elisa
Modern computer systems permit users to access protected information from remote locations. In certain secure environments, it would be desirable to restrict this access to a particular computer or set of computers. Existing solutions of machine-level authentication are undesirable for two reasons. First, they do not allow fine-grained application layer access decisions. Second, they are vulnerable to insider attacks in which a trusted administrator acts maliciously. In this work, we describe a novel approach using secure hardware that solves these problems. In our design, multiple administrators are required for installation of a system. After installation, the authentication privileges are physically linked to that machine, and no administrator can bypass these controls. We define an administrative model and detail the requirements for an authentication protocol to be compatible with our methodology. Our design presents some challenges for large-scale systems, in addition to the benefit of reduced maintenance.
2009-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/114
http://dx.doi.org/10.1145/1655108.1655118
Cyber Center Publications
Purdue University
applied cryptography
authentication
authentication more tags
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1129
2012-06-29T19:51:10Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Preventing velocity-based linkage attacks in location-aware applications
Ghinita, Gabriel
Damiani, Maria Luisa
Silvestri, Claudio
Bertino, Elisa
Mobile devices with positioning capabilities allow users to participate in novel and exciting location-based applications. For instance, users may track the whereabouts of their acquaintances in location-aware social networking applications, e.g., GoogleLatitude. Furthermore, users can request information about landmarks in their proximity. Such scenarios require users to report their coordinates to other parties, which may not be fully trusted. Reporting precise locations may result in serious privacy violations, such as disclosure of lifestyle details, sexual orientation, etc. A typical approach to preserve location privacy is to generate a cloaking region (CR) that encloses the user position. However, if locations are continuously reported, an attacker can correlate CRs from multiple timestamps to accurately pinpoint the user position within a CR. In this work, we protect against linkage attacks that infer exact locations based on prior knowledge about maximum user velocity. Assume user u who reports two consecutive cloaked regions A and B. We consider two distinct protection scenarios: in the first case, the attacker does not have information about the sensitive locations on the map, and the objective is to ensure that u can reach some point in B from any point in A. In the second case, the attacker knows the placement of sensitive locations, and the objective is to ensure that u can reach any point in B from any point in A. We propose spatial and temporal cloaking transformations to preserve user privacy, and we show experimentally that privacy can be achieved without significant quality of service deterioration.
2009-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/119
http://dx.doi.org/10.1145/1653771.1653807
Cyber Center Publications
Purdue University
database applications
design
experimentation
general location privacy
location-aware social networks
security
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1140
2012-06-29T19:45:28Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Private record matching using differential privacy
Inan, Ali
Kantarcioglu, Murat
Ghinita, Gabriel
Bertino, Elisa
Private matching between datasets owned by distinct parties is a challenging problem with several applications. Private matching allows two parties to identify the records that are close to each other according to some distance functions, such that no additional information other than the join result is disclosed to any party. Private matching can be solved securely and accurately using secure multi-party computation (SMC) techniques, but such an approach is prohibitively expensive in practice. Previous work proposed the release of sanitized versions of the sensitive datasets which allows blocking, i.e., filtering out sub-sets of records that cannot be part of the join result. This way, SMC is applied only to a small fraction of record pairs, reducing the matching cost to acceptable levels. The blocking step is essential for the privacy, accuracy and efficiency of matching. However, the state-of-the-art focuses on sanitization based on k-anonymity, which does not provide sufficient privacy. We propose an alternative design centered on differential privacy, a novel paradigm that provides strong privacy guarantees. The realization of the new model presents difficult challenges, such as the evaluation of distance-based matching conditions with the help of only a statistical queries interface. Specialized versions of data indexing structures (e.g., kd-trees) also need to be devised, in order to comply with differential privacy. Experiments conducted on the real-world Census-income dataset show that, although our methods provide strong privacy, their effectiveness in reducing matching cost is not far from that of k-anonymity based counterparts
2010-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/130
http://dx.doi.org/10.1145/1739041.1739059
Cyber Center Publications
Purdue University
statistical databases
security
integrity
protection
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1071
2012-07-02T12:24:30Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
An algebra for fine-grained integration of XACML policies
Rao, Prathima
Lin, Dan
Bertino, Elisa
Li, Ninghui
Collaborative and distributed applications, such as dynamic coalitions and virtualized grid computing, often require integrating access control policies of collaborating parties. Such an integration must be able to support complex authorization specifications and the fine-grained integration requirements that the various parties may have. In this paper, we introduce an algebra for fine-grained integration of sophisticated policies. The algebra, which consists of three binary and two unary operations, is able to support the specification of a large variety of integration constraints. To assess the expressive power of our algebra, we introduce a notion of completeness and prove that our algebra is complete with respect to this notion. We then propose a framework that uses the algebra for the fine-grained integration of policies expressed in XACML. We also present a methodology for generating the actual integrated XACML policy, based on the notion of Multi-Terminal Binary Decision Diagrams.
2009-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/61
http://dx.doi.org/10.1145/1542207.1542218
Cyber Center Publications
Purdue University
distributed applications
virtual grid computing
access control
privacy
security
integration constraints
XACML
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1072
2011-04-29T18:50:15Z
publication:dp
publication:ccpubs
publication:cc
An Interoperable Approach to Multifactor Identity Verification
Paci, Federica
Ferrini, Rodolfo
Musci, Andrea
Steuer, Kevin, Jr
Naming heterogeneity occurs in digital identity management systems when the various parties involved in managing digital identities use different vocabularies to denote identity attribute names. To resolve potential interoperability issues due to naming heterogeneity, the authors propose a new protocol that uses lookup tables, dictionaries, and ontology mapping techniques.
2009-05-01T07:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/62
http://dx.doi.org/10.1109/MC.2009.142
Cyber Center Publications
Purdue University
Identity management systems
Ontology mappings
Identity attributes
Digital identity
Security & privacy
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1077
2012-07-02T12:24:12Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Assessing the trustworthiness of location data based on provenance
Dai, Chenyun
Lim, Hyo-Sang
Bertino, Elisa
Moon, Yang-Sae
Trustworthiness of location information about particular individuals is of particular interest in the areas of forensic science and epidemic control. In many cases, location information is not precise and may include fraudulent information. With the growth of mobile computing and positioning systems, e.g., GPS and cell phones, it has become possible to trace the location of moving objects. Such Systems provide us an opportunity to find out the true locations of individuals. In this paper, we present a model to compute trustworthiness of the location information of an individual based on different evidences from different sources. We also introduce a collusion attack that may bias the computation. Based on the analysis of the attack, we present the algorithm to detect and reduce the effect of collusion attacks. Our experimental results show the efficiency and effectiveness of our approach.
2009-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/67
http://dx.doi.org/10.1145/1653771.1653810
Cyber Center Publications
Purdue University
algorithms
database applications
location data
security
trustworthiness
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1087
2014-04-10T15:09:05Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Community-Cyberinfrastructure-Enabled Discovery in Science and Engineering
Elmagarmid, Ahmed
Samuel, Arjmand
Ouzzani, Mourad
A community cyberinfrastructure would enable a new era of multidisciplinary research and collaboration in science and engineering. With such an infrastructure, researchers could share knowledge and results along with computing cycles, storage, and bandwidth. A generic, transparent cyberinfrastructure would also foster more meaningful analyses of data and visualization, modeling, and simulation of real-world phenomena.
2008-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/77
http://dx.doi.org/10.1109/MCSE.2008.111
Cyber Center Publications
Purdue University
cyber
cyber infrastructure
cyberinfrastructure
discovery
cyber community
cybercommunity
functional requirement
architecture
CiSE
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1089
2012-07-02T12:17:28Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Controlling data disclosure in computational PIR protocols
Shang, Ning
Ghinita, Gabriel
Zhou, Yongbin
Bertino, Elisa
Private Information Retrieval (PIR) protocols allow users to learn data items stored at a server which is not fully trusted, without disclosing to the server the particular data element retrieved. Several PIR protocols have been proposed, which provide strong guarantees on user privacy. Nevertheless, in many application scenarios it is important to protect the database as well. In this paper, we investigate the amount of data disclosed by the the most prominent PIR protocols during a single run. We show that a malicious user can stage attacks that allow an excessive amount of data to be retrieved from the server. Furthermore, this vulnerability can be exploited even if the client follows the legitimate steps of the PIR protocol, hence the malicious request can not be detected and rejected by the server. We devise mechanisms that limit the PIR disclosure to a single data item.
2010-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/79
http://dx.doi.org/10.1145/1755688.1755727
Cyber Center Publications
Purdue University
security
integrity
protection
database administration
PIR
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1091
2014-04-10T15:05:18Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Correctness Criteria Beyond Serializability
Ouzzani, Mourad
Medjahed, Brahim
Elmagarmid, Ahmed
A transaction is a logical unit of work that includes one or more database access operations such as insertion, deletion, modification, and retrieval [8]. A schedule (or history) S of n transactions T1,...,Tn is an ordering of the transactions that satisfies the following two conditions: (i) the operations of Ti (i = 1,...,n) in S must occur in the same order in which they appear in Ti, and (ii) operations from Tj (j 6¼ i) may be interleaved with Ti’s operations in S. A schedule S is serial if for every two transactions Ti and Tj that appear in S, either all operations of Ti appear before all operations of Tj, or vice versa. Otherwise, the schedule is called nonserial or concurrent. Non-serial schedules of transactions may lead to concurrency problems such as lost update, dirty read, and unrepeatable read. For instance, the lost update problem occurs whenever two transactions, while attempting to modify a data item, both read the item’s old value before either of them writes the item’s new value [2]. The simplest way for controlling concurrency is to allow only serial schedules. However, with no concurrency, database systems may make poor use of their resources and hence, be inefficient, resulting in smaller transaction execution rate for example. To broaden the class of allowable transaction schedules, serializability has been proposed as the major correctness criterion for concurrency control [7,11]. Serializability ensures that a concurrent schedule of transactions is equivalent to some serial schedule of the same transactions [12]. While serializability has been successfully used in traditional database applications, e.g., airline reservations and banking, it has been proven to be restrictive and hardly applicable in advanced applications such as Computer- Aided Design (CAD), Computer-Aided Manufacturing (CAM), office automation, and multidatabases. These applications introduced new requirements that either prevent the use of serializability (e.g., violation of local autonomy in multidatabases) or make the use of serializability inefficient (e.g., long-running transactions in CAD/CAM applications). These limitations have motivated the introduction of more flexible correctness criteria that go beyond the traditional serializability.
2009-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/81
http://dx.doi.org/10.1007/978-0-387-39940-9_722
Cyber Center Publications
Purdue University
Concurrency control
Preserving database consistency
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1094
2011-02-25T21:45:13Z
publication:dp
publication:ccpubs
publication:cc
Deriving Customized Integrated Web Query Interfaces
Dragut, Eduard
Fang, Fang
Yu, Clement
Meng, Weiyi
Given a set of query interfaces from providers in the same domain (e.g., car rental), the goal is to build automatically an integrated interface that makes the access to individual sources transparent to users. Our goal is to allow users to choose their preferred providers. Consequently, the integrated interface should reflect only the query interfaces of these sources. The problem scrutinized in this work is deriving customized integrated interfaces. On the hypothesis that query interfaces on the Web are easily understood by ordinary users (well-designed assumption), mainly because of the way their attributes are organized (structural property) and named (lexical property), we develop algorithms to construct customized integrated interfaces. Experiments are performed to validate our analytical studies, including a user survey.
2009-09-01T07:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/84
http://dx.doi.org/10.1109/WI-IAT.2009.115
Cyber Center Publications
Purdue University
Deep Web
search
integration
metasearch engine
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1099
2011-02-22T18:45:11Z
publication:dp
publication:ccpubs
publication:cc
Enabling search services on outsourced private spatial data
Yiu, Man Lung
Ghinita, Gabriel
Jensen, Christian
Kalnis, Panos
Cloud computing services enable organizations and individuals to outsource the management of their data to a service provider in order to save on hardware investments and reduce maintenance costs. Only authorized users are allowed to access the data. Nobody else, including the service provider, should be able to view the data. For instance, a real-estate company that owns a large database of properties wants to allow its paying customers to query for houses according to location. On the other hand, the untrusted service provider should not be able to learn the property locations and, e.g., selling the information to a competitor. To tackle the problem, we propose to transform the location datasets before uploading them to the service provider. The paper develops a spatial transformation that re-distributes the locations in space, and it also proposes a cryptographic-based transformation. The data owner selects the transformation key and shares it with authorized users. Without the key, it is infeasible to reconstruct the original data points from the transformed points. The proposed transformations present distinct trade-offs between query efficiency and data confidentiality. In addition, we describe attack models for studying the security properties of the transformations. Empirical studies demonstrate that the proposed methods are efficient and applicable in practice.
2010-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/89
http://dx.doi.org/10.1007/s00778-009-0169-7
Cyber Center Publications
Purdue University
cloud computing
datasets
cryptoraphic based transformation
query efficiency
data confidentiality
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1102
2012-06-29T20:09:13Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
FENCE: Continuous access control enforcement in dynamic data stream environments
Nehme, Rimma
Lim, Hyo-Sang
Bertino, Elisa
In this paper, we present FENCE framework that addresses the problem of continuous access control enforcement in dynamic data stream environments. The distinguishing characteristics of FENCE include: (1) the stream-centric approach to security, (2) the symmetric modeling of security for both continuous queries and streaming data, and (3) security-aware query processing that considers both regular and security-related selectivities. In FENCE, both data and query security restrictions are modeled in the form of streaming security metadata, called "security punctuations", embedded inside data streams. We have implemented FENCE in a prototype DSMS and briefly summarize our performance observations.
2010-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/92
http://dx.doi.org/10.1109/ICDE.2010.5447899
Cyber Center Publications
Purdue University
FENCE framework
continuous access control
dynamic data stream
stream centric
security
symmetric modeling
security aware query processing
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1105
2011-02-24T20:19:42Z
publication:dp
publication:ccpubs
publication:cc
Future directions in multimedia retrieval: impact of new technology
Zhang, Aidong
Chang, Shih-Fu
Ghafoor, Arif
Huang, Thomas
Jain, Ramesh
Lienhart, Rainer
PANEL SUMMARY With experts from the multimedia research communities, this panel explores the impacts of new technology on possible future directions of research on multimedia retrieval. Recent advances in technology, such as various sensors and all kinds of cameras ranging from installed on personal phones to surveillance equipments, have contributed to the acceleration of the accumulation of various multimedia data. In addition, advances in technology in storage, networking, and web designs have made these data easily accessible. However, increasingly fast and extensive applications of these technologies in science, industry, education, entertainment, and art have also created new needs for more sophisticated tools for more efficient searching and browsing of multimedia data. We are, therefore, facing a challenge: on the one hand, the traditional retrieval techniques must now be updated into more advanced search and browsing tools that can impact users in the real-world, and on the other hand, we find ourselves, once again, in the position to envision and to provide innovative approaches in the management and the retrieval of these fastgrowing data of massive quantities. This panel discusses new research issues and problems on the topics of content analysis, user interaction, content description and indexing, and evaluation for the purpose of developing nextgeneration tools of ever more advanced applications in multimedia search and browsing.
2008-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/95
http://dx.doi.org/10.1145/1386352.1386448
Cyber Center Publications
Purdue University
Algorithms
Design
Experimentation
Human Factors
Performance
Standardization
Theory
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1110
2012-06-29T20:08:59Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Group-Based Negotiations in P2P Systems
Squicciarini, Anna
Paci, Federica
Bertino, Elisa
Trombetta, Alberto
In P2P systems, groups are typically formed to share resources and/or to carry on joint tasks. In distributed environments formed by a large number of peers conventional authentication techniques are inadequate for the group joining process, and more advanced ones are needed. Complex transactions among peers may require more elaborate interactions based on what peers can do or possess instead of peers' identity. In this work, we propose a novel peer group joining protocol. We introduce a highly expressive resource negotiation language, able to support the specification of a large variety of conditions applying to single peers or groups of peers. Moreover, we define protocols to test such resource availability customized to the level of assurance required by the peers. Our approach has been tested and evaluated on an extension of the JXTA P2P platform. Our results show the robustness of our approach in detecting malicious peers, detected both during the negotiation and during the peer group lifetime. Regardless of the peer group cardinality and interaction frequency, the peers always detect possible free riders within a small time frame.
2010-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/100
http://dx.doi.org/10.1109/TPDS.2010.25
Cyber Center Publications
Purdue University
P2P
group joining process
protocol
JXTA
peer group
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1111
2012-06-29T20:08:45Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Guest Editorial: Special Section on Service-Oriented Distributed Computing Systems
Bertino, Elisa
Chu, William Cheng-Chung
Guest Editorial: Special Section on Service-Oriented Distributed Computing Systems
2009-07-01T07:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/101
http://dx.doi.org/10.1109/TSC.2009.24
Cyber Center Publications
Purdue University
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1114
2012-06-29T20:08:00Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Identity Attribute-Based Role Provisioning for Human WS-BPEL Processes
Paci, Federica
Ferrini, Rodolfo
Bertino, Elisa
The WS-BPEL specification focuses on business processes the activities of which are assumed to be interactions with Web services. However, WS-BPEL processes go beyond the orchestration of activities exposed as Web services. There are cases in which people must be considered as additional participants to the execution of a process. The inclusion of humans, in turn, requires solutionsto support the specification and enforcement of authorizations to users for the execution of human activities while enforcing authorization constraints.In this paper, we extend RBAC-WS-BPEL, a role-based authorization framework for WS-BPEL processes with an identity attribute-based role provisioning approach that preserves the privacy of the users who claim the execution of human activities. Such approach is based on the notion of identity records and role provisioning policies, and uses Pedersen commitments, aggregated zero knowledge proof of knowledge, andOblivious Commitment-Based Envelope protocols to achieve privacy of user identity information.
2009-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/104
http://dx.doi.org/10.1109/ICWS.2009.84
Cyber Center Publications
Purdue University
role
access control
privacy
identity attributes
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1118
2012-06-29T20:07:25Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
L'Elimination de la subjectivité dans la recommandation de confiance
Hasan, Omar
Brunie, Lionel
Pierson, Jean-Marc
Bertino, Elisa
In ubiquitous environments, a party who wishes to make a transaction often requires that it has a certain level of trust in the other party. It is frequently the case that the parties are unknown to each other and thus share no preexisting trust. Trust-based systems enable users to establish trust in unknown users through trust recommendation from known users. For example, Bob may choose to trust an unknown user Carol when he receives a recommendation from his friend Alice that Carol's trustworthiness is 0.8 on the interval [0, 1]. In this paper we highlight the problem that when a trust value is recommended by one user to another it may lose its real meaning due to subjectivity. Bob may regard 0.8 as a very high value of trust but it is possible that Alice perceived this same value as only average. We present a solution for the elimination of subjectivity from trust recommendation. We run experiments to compare our subjectivity-eliminated trust recommendation method with the unmodified method. In a random graph based web of trust with high subjectivity, it is observed that the novel method can give better results up to 95% of the time.
2009-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/108
http://dx.doi.org/10.1145/1739268.1739270
Cyber Center Publications
Purdue University
algorithms
distributed applications
experimentation
human factors
security
social networks
subjectivity
trust
ubiquitous environments
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1120
2012-06-29T20:07:11Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Location-Aware Authentication and Access Control
Bertino, Elisa
Kirkpatrick, Michael
The paper first discusses motivations why taking into account location information in authentication and access control is important. The paper then surveys current approaches to location-aware authentication, including the notion of context-based flexible authentication policies, and to location-aware access control, with focus on the GEO-RBAC model. Throughout the discussion, the paper identifies open research directions.
2009-05-01T07:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/110
http://dx.doi.org/10.1109/AINA.2009.50
Cyber Center Publications
Purdue University
Security
privacy
distributed systems
mobile applications
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1122
2012-06-29T20:06:45Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Multi-granular Spatio-temporal Object Models: Concepts and Research Directions
Bertino, Elisa
Camossi, Elena
Bertolotto, Michela
The capability of representing spatio-temporal objects is fundamental when analysing and monitoring the changes in the spatial configuration of a geographical area over a period of time. An important requirement when managing spatio-temporal objects is the support for multiple granularities. In this paper we discuss how the modelling constructs of object data models can be extended for representing and queryingmulti-granular spatio-temporal objects. In particular, we describe object-oriented formalizations for granularities, granules, and multi-granular values, exploring the issues of value conversions. Furthermore, we formally define an object-oriented multi-granular query language, and discuss dynamic multi-granularity. Finally, we discuss open research issues.
2009-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/112
http://dx.doi.org/10.1007/978-3-642-14681-7_8
Cyber Center Publications
Purdue University
spatio-trmporal objects
spatial configuration
multiple granularities
value conversions
object oriented
query language
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1125
2011-02-25T20:34:16Z
publication:dp
publication:ccpubs
publication:cc
Phytoremediation of metals
Salt, David
Baker, Alan
Introduction: For phytoextraction to be a viable alternative to existing soil remediation strategies it will require the existence of high biomass, rapidly growing metal-accumulating plants. It is also of critical importance that the concentration of metal in the harvestable plant tissue be higher than in the soil. This will ensure that the volume of contaminated plant material generated by the phytoextraction processes is less than the original volume of the contaminated soil. Unfortunately, plants do not exist at present which have these desirable characteristics. To generate this type of plant requires detailed information on the rate-limiting steps in the phytoextraction process.
2008-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/115
http://dx.doi.org/10.1002/9783527620951.ch17
Cyber Center Publications
Purdue University
Phytoextraction
Biotechnology
rhizofiltration
metals
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1126
2012-06-29T19:51:25Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Policy-Driven Service Composition with Information Flow Control
She, Wei
Yen, I-Ling
Thuraisingham, Bhavani
Bertino, Elisa
Ensuring secure information flow is a critical task for service composition in multi-domain systems. Research in security-aware service composition provides some preliminary solutions to this problem, but there are still issues to be addressed. In this paper, we develop a service composition mechanism specifically focusing on the secure information flow control issues. We first introduce a general model for information flow control in service chains, considering the transformation factors of services and security classes of data resources in a service chain. Then, we develop general rules to guide service composition satisfying secure information flow requirements. Finally, to achieve efficient service composition, we develop a three-phase protocol to allow rapid filtering of candidate compositions that are unlikely to satisfy the information flow constraints and thorough evaluation of highly promising candidates. Our approach can achieve effective and efficient service composition considering secure information flow.
2010-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/116
http://dx.doi.org/10.1109/ICWS.2010.37
Cyber Center Publications
Purdue University
security
privacy
multi domain systems
data resources
service composition
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
oai:docs.lib.purdue.edu:ccpubs-1127
2014-04-10T14:59:48Z
publication:dp
publication:comp_sci
publication:ccpubs
publication:cc
publication:sci
publication:cspubs
Preserving privacy and fairness in peer-to-peer data integration
Elmeleegy, Hazem
Ouzzani, Mourad
Elmagarmid, Ahmed
Abusalah, Ahmad
Peer-to-peer data integration - a.k.a. Peer Data Management Systems (PDMSs) - promises to extend the classical data integration approach to the Internet scale. Unfortunately, some challenges remain before realizing this promise. One of the biggest challenges is preserving the privacy of the exchanged data while passing through several intermediate peers. Another challenge is protecting the mappings used for data translation. Protecting the privacy without being unfair to any of the peers is yet a third challenge. This paper presents a novel query answering protocol in PDMSs to address these challenges. The protocol employs a technique based on noise selection and insertion to protect the query results, and a commutative encryption-based technique to protect the mappings and ensure fairness among peers. An extensive security analysis of the protocol shows that it is resilient to several possible types of attacks. We implemented the protocol within an established PDMS: the Hyperion system. We conducted an experimental study using real data from the healthcare domain. The results show that our protocol manages to achieve its privacy and fairness goals, while maintaining query processing time at the interactive level.
2010-01-01T08:00:00Z
text
https://docs.lib.purdue.edu/ccpubs/117
http://dx.doi.org/10.1145/1807167.1807249
Cyber Center Publications
Purdue University
heterogreneous databases
data translation
PDMS
encryption
Engineering
Life Sciences
Medicine and Health Sciences
Physical Sciences and Mathematics
1621181/oai_dc/100//