Arif Ghafoor

Synchronization and storage models for multimedia objects

A technique is presented for the formal specification and modeling of multimedia composition with respect to intermedia timing. The proposed model is based on the logic of temporal intervals and timed Petri nets. A strategy is evinced for constructing a database schema to facilitate data storage and retrieval of media elements based on the temporal relationship established by the proposed modeling tool. An algorithm which allows the retrieval of media elements from the constructed database in a manner which preserves the temporal requirements of the initial specification is presented. Using the proposed model, the synchronization requirements of complex structures of temporally related objects can be easily specified. >

A generalized temporal role-based access control model

Role-based access control (RBAC) models have generated a great interest in the security community as a powerful and generalized approach to security management. In many practical scenarios, users may be restricted to assume roles only at predefined time periods. Furthermore, roles may only be invoked on prespecified intervals of time depending upon when certain actions are permitted. To capture such dynamic aspects of a role, a temporal RBAC (TRBAC) model has been recently proposed. However, the TRBAC model addresses the role enabling constraints only. In This work, we propose a generalized temporal role-based access control (GTRBAC) model capable of expressing a wider range of temporal constraints. In particular, the model allows expressing periodic as well as duration constraints on roles, user-role assignments, and role-permission assignments. In an interval, activation of a role can further be restricted as a result of numerous activation constraints including cardinality constraints and maximum active duration constraints. The GTRBAC model extends the syntactic structure of the TRBAC model and its event and trigger expressions subsume those of TRBAC. Furthermore, GTRBAC allows expressing role hierarchies and separation of duty (SoD) constraints for specifying fine-grained temporal semantics.

Digital government security infrastructure design challenges

The authors propose an approach that provides a theoretical foundation for the use of object-oriented databases and object-relational databases in data warehouse, multidimensional database, and online analytical processing applications. This approach introduces a set of minimal constraints and extensions to the Unified Modeling Language for representing multidimensional modeling properties for these applications. Multidimensional modeling offers two benefits. First, the model closely parallels how data analyzers think and, therefore, helps users understand data. Second, multidimensional modeling helps predict what final users want to do, thereby facilitating performance improvements. The authors are using their approach to create an automatic implementation of a multidimensional model. They plan to integrate commercial online-analytical-processing tool facilities within their GOLD model case tool as well, a task that involves data warehouse prototyping and sample data generation issues.M ost developers agree that data warehouse, multidimensional database (MDB), and online analytical processing (OLAP) applications emphasize multidimen-sional modeling, which offers two benefits. First, the multidimensional model closely parallels how data analyzers think and, therefore, helps users understand data. Second, this approach helps predict what final users want to do, thereby facilitating performance improvements. Developers have proposed various approaches for the conceptual design of multidimensional systems. These proposals try to represent the main multidi-mensional properties at the conceptual level with special emphasis on data structures. A conceptual modeling approach for data warehouses , however, should also address other relevant aspects such as initial user requirements, system behavior , available data sources, and specific issues related to automatic generation of the database schemes. We believe that object orientation with the Unified Modeling Language can provide an adequate notation for modeling every aspect of a data warehouse system from user requirements to implementation. We propose an OO approach to accomplish the conceptual modeling of data warehouses, MDB, and OLAP applications. This approach introduces a set of minimal constraints and extensions to UML 1 for representing multidimensional modeling properties for these applications. We base these extensions on the standard mechanisms that UML provides for adapting itself to a specific method or model, such as constraints and tagged values. Our work builds on previous research, 2-4 which provided a foundation for the results we report here and for earlier versions of our work. We believe that our innovative approach provides a theoretical foundation for the use of OO databases and object-relational databases in data warehouses, MDB, and OLAP applications. We use UML to design data warehouses because it considers an information systems structural and dynamic properties at the conceptual level more naturally than do classic approaches such as the Entity-Relationship model. Further, UML provides powerful mechanisms—such as the Object Constraint Language 1 and the Object Query Language 1 —for embedding data warehouse constraints and initial user requirements in the conceptual model. This approach to modeling a data warehouse system yields simple yet powerful extended UML class diagrams that represent main data warehouse properties at the conceptual level. Multidimensional modeling structures information into facts and dimensions. We define a fact as an item of interest for an enterprise, and describe it through a set of attributes called measures or fact attributes—atomic or derived—which are contained in cells or points within the data cube. We base …

Interval-based conceptual models for time-dependent multimedia data

Multimedia data often have time dependencies that must be satisfied at presentation time. To support a general-purpose multimedia information system, these timing relationships must be managed to provide utility to both the data presentation system and the multimedia author. New conceptual models for capturing these timing relationships, and managing them as part of a database are proposed. Specifically, n-ary and reverse temporal relations are introduced and defined along with their temporal constraints. These new relations are a generalization of earlier temporal models and establish the basis for conceptual database structures and temporal access control algorithms to facilitate forward, reverse, and partial-interval evaluation during multimedia object playout. The proposed relations are defined to ensure a property of monotonically increasing playout deadlines to facilitate both real-time deadline-driven playout scheduling or optimistic interval-based process playout. A translation of the conceptual models to a structure suitable for a relational database is presented. >

Security models for web-based applications

Using traditional and emerging access control approaches to develop secure applications for the Web.

Multimedia synchronization protocols for broadband integrated services

Protocols to provide synchronization of data elements with arbitrary temporal relationships of both stream and non-stream broadband traffic types are proposed. It is specified that the provision of a synchronization function be performed within a packet switched network, and, accordingly, a two-level communication architecture is presented. The lower level, called the network synchronization protocol (NSP), provides the ability to establish and maintain individual connections with specified synchronization characteristics. The upper level, the application synchronization protocol (ASP), supports an integrated synchronization service for multimedia applications. The ASP identifies the temporal relationships among an applications data objects and manages the synchronization of arriving data for playout. The proposed NSP and ASP are mapped to the session and application layers of the open-systems-interconnection (OSI) reference model, respectively. >

Network considerations for distributed multimedia object composition and communication

Terminology is defined, and issues related to providing temporal data integration in a distributed environment are identified. Current technological approaches to the issues are reviewed, and the state of the art is assessed. A unified model for synchronization at three levels, based on previously reviewed approaches, is presented. Directions for future efforts are indicated.<<ETX>>

Secure interoperation in a multidomain environment employing RBAC policies

Multidomain application environments where distributed multiple organizations interoperate with each other are becoming a reality as witnessed by emerging Internet-based enterprise applications. Composition of a global coherent security policy that governs information and resource accesses in such environments is a challenging problem. In this paper, we propose a policy integration framework for merging heterogeneous role-based access control (RBAC) policies of multiple domains into a global access control policy. A key challenge in composition of this policy is the resolution of conflicts that may arise among the RBAC policies of individual domains. We propose an integer programming (IP)-based approach for optimal resolution of such conflicts. The optimality criterion is to maximize interdomain role accesses without exceeding the autonomy losses beyond the acceptable limit.

A trust-based context-aware access control model for Web-services

A key challenge in Web services security is the design of effective access control schemes that can adequately meet the unique security challenges posed by the Web services paradigm. Despite the recent advances in Web based access control approaches applicable to Web services, there remain issues that impede the development of effective access control models for Web services environment. Amongst them are the lack of context-aware models for access control, and reliance on identity or capability-based access control schemes. In this paper, we motivate the design of an access control scheme that addresses these issues, and propose an extended, trust-enhanced version of our XML-based role based access control (X-RBAC) framework that incorporates context-based access control. We outline the configuration mechanism needed to apply our model to the Web services environment, and also describe the implementation architecture for the system.

Spatio-temporal composition of distributed multimedia objects for value-added networks

The overall process necessary to perform spatial and temporal data composition for a distributed multimedia information system is addressed. With respect to delays introduced through the network, it is found that temporal composition can be most suitably achieved at the workstation. Spatial composition is most effectively performed in a hierarchical fashion as dictated by the availability of system resources. The subsequent composition methodology combines spatial and temporal composition as a network service. Database organizations and data distributions are also investigated, and spatial and temporal composition functions and their composition into the network architecture are discussed. The issue of mapping the composition process onto the network resources as a value-added service is also addressed.<<ETX>>