Barbara Catania

GEO-RBAC: a spatially aware RBAC

Securing access to data in location-based services and mobile applications requires the definition of spatially aware access control systems. Even if some approaches have already been proposed either in the context of geographic database systems or context-aware applications, a comprehensive framework, general and flexible enough to cope with spatial aspects in real mobile applications, is still missing. In this paper, we make one step towards this direction and we present GEO-RBAC, an extension of the RBAC model to deal with spatial and location-based information. In GEO-RBAC, spatial entities are used to model objects, user positions, and geographically bounded roles. Roles are activated based on the position of the user. Besides a physical position, obtained from a given mobile terminal or a cellular phone, users are also assigned a logical and device independent position, representing the feature (the road, the town, the region) in which they are located. To make the model more flexible and re-usable, we also introduce the concept of role schema, specifying the name of the role as well as the type of the role spatial boundary and the granularity of the logical position. We then extend GEO-RBAC to cope with hierarchies, modeling permission, user, and activation inheritance.

A logical framework for reasoning about access control models

The increased availability of tools and technologies to access and use the data has made more urgent the needs for data protection. Moreover, emerging applications and data models call for more flexible and expressive access control models. This has lead to an extensive research activity that has resulted in the definition of a variety of access control models, that greatly differ with respect to the access control policies they can support. The need thus arises of developing some sort of tools that make it possible to reason about the expressive power of such models and to make a comparison among the various proposals. In this paper we make a first step in this direction by proposing a formal framework for reasoning about access control models. The framework we propose is based on a logical formalism and is general enough to model both discretionary and mandatory access control policies. Each instance of the proposed framework corresponds to a C-Datalog program [8], interpreted according to a stable model semantics. In the paper, besides giving the syntax and the formal semantic of our framework, we show some examples of its application.

Autologous fat graft in scar treatment.

Introduction Regenerative medicine is an emerging and rapidly evolving field of research and therapy, thanks to new discoveries on stem cells. Adipose tissue is a connective tissue which contains a reserve of mesenchymal stem cells. Clinical improvements in trophic characteristics of teguments after autologous fat graft are well described in literature. In this paper, we present our observation after 6 years of autologous fat graft experience in scar remodeling. Materials and Methods All patients recruited had retractile and painful scars compromising the normal daily activity/mobility of the joint involved. We performed surgical procedure with Coleman technique. In 20 patients, we performed a clinical assessment using Patient and Observer Scar Assessment Scale (POSAS) and Durometer measurements. Results In all treated scars, a qualitative improvement was shown both from an aesthetic and functional point of view. Most importantly, reduction or complete resolution of pain and increases in scar elasticity were objectively assessable in all cases. In patients studied using Durometer and POSAS score, areas treated with autologous fat graft showed statistically significant reduction in hardness measurements in comparison with areas infiltrated with saline solution. POSAS scores showed a statistically significant reduction of a great deal of POSAS parameters as a result of an improvement of both clinical evaluation and patient perception. Conclusions Injection of processed autologous fat seems to be a promising and effective therapeutic approach for scars with different origin such as burns and other trauma scars, and post-surgery and radiotherapy outcomes. In general, we can affirm that treated areas regain characteristics similar to normal skin, which are clinically objectivable, leading not only to aesthetic but also functional results.

Integrating XML and databases

XML is becoming a standard for data communication over the Internet. Like HTML, it is a markup language, but it supports a richer set of features, such as user-defined tags that allow both data and descriptive information about data to be represented within a single document. At the same time, presentation aspects remain decoupled from data representation. XMLs flexibility lets it serve as a metalanguage for defining other markup languages specialized for specific contexts. A document type definition (DTD) describes the tags documents can use, customized to the specific semantic requirements of the application context, and the rules connecting tags with their contents. These capabilities make XML a common data format for data interchange between computer systems and between applications. XMLs proliferation raises the question of how data transferred by XML documents can be read, stored, and queried. In other words, how can database management systems (DBMSs) handle XML documents?.

A formal model of views for object-oriented database systems

The de nition of a view mechanism is an important issue for object-oriented database systems, in order to provide a number of features that are crucial for the development of advanced applications. Due to the complexity of the data model, the object-oriented paradigm introduces new problems in the de nition of a view mechanism. Several approaches have been de ned, each de ning a particular view mechanism tailored to a set of functionalities that the view mechanism should support. In particular, views can be used as shorthand in queries, can support the de nition of external schemas, can be used for content-dependent authorization, and, nally, can support some form of schema evolution. In this paper, we formally introduce a view model for object-oriented databases. Our view model is comparable to existing view models for what concerns the supported features; however, our model is the only one for which a formal de nition is given. This formal de nition of object-oriented view mechanisms is useful both for understanding what views are and as a basis for further investigations on view properties. The paper introduces the model, discussing all the supported features both from a theoretical and practical point of view. A comparison of our model with other models is also presented.

Towards a logical model for patterns

Nowadays, the vast volume of collected digital data obliges us to employ processing methods like pattern recognition and data mining in order to reduce the complexity of data management. In this paper, we present the architecture and the logical foundations for the management of the produced knowledge artifacts, which we call patterns. To this end, we first introduce the concept of Pattern-Base Management System; then, we provide the logical foundations of a general framework based on the notions of pattern types and pattern classes, which stand for the intensional and extensional description of pattern instances, respectively. The framework is general and extensible enough to cover a broad range of real-world patterns, each of which is characterized by its structure, the related underlying data, an expression that carries the semantics of the pattern, and measurements of how successful the representation of raw data is. Finally, some remarkable types of relationships between patterns are discussed.

An extended algebra for constraint databases

Constraint relational databases use constraints to both model and query data. A constraint relation contains a finite set of generalized tuples. Each generalized tuple is represented by a conjunction of constraints on a given logical theory and, depending on the logical theory and the specific conjunction of constraints, it may possibly represent an infinite set of relational tuples. For their characteristics, constraint databases are well suited to model multidimensional and structured data, like spatial and temporal data. The definition of an algebra for constraint relational databases is important in order to make constraint databases a practical technology. We extend the previously defined constraint algebra (called generalized relational algebra). First, we show that the relational model is not the only possible semantic reference model for constraint relational databases and we show how constraint relations can be interpreted under the nested relational model. Then, we introduce two distinct classes of constraint algebras, one based on the relational algebra, and one based on the nested relational algebra, and we present an algebra of the latter type. The algebra is proved equivalent to the generalized relational algebra when input relations are modified by introducing generalized tuple identifiers. However, from a user point of view, it is more suitable. Thus, the difference existing between such algebras is similar to the difference existing between the relational algebra and the nested relational algebra, dealing with only one level of nesting. We also show how external functions can be added to the proposed algebra.

A system to specify and manage multipolicy access control models

This paper describes the architecture and the core specification language of an extensible access control system, called MACS-Multipolicy Access Control System. Several access control models are supported. by the proposed system, including the mandatory model, a flexible discretionary model, and RBAC. In addition, by using the core specification language, users can define their own access control models. The language is complemented by a number of tools supporting users in the tasks of model specification and analysis, and authorization management. The proposed system is a multipolicy system in that it allows one to apply different policies to different partitions of the set of objects to be protected. Therefore, different access control policies can co-exist, thus enhancing the flexibility of the system.

Manipulating Spatial Data in Constraint Databases

Constraint databases have recently been proposed as a powerful framework to model and retrieve spatial data. In a constraint database, a spatial object is represented as a quantifier free conjunction of (usually linear) constraints, called generalized tuple. The set of solutions of such quantifier free formula represents the set of points belonging to the extension of the object. The relational algebra can be easily extended to deal with generalized relations. However, such algebra has some limitations when it is used for modeling spatial data. First of all, there is no explicit way to deal with the set of points representing a spatial object as a whole. Rather, only point-based computations can be performed using this algebra. Second, practical constraint database languages typically use linear constraints. This allows to use efficient algorithms but, at the same time, some interesting queries cannot be represented (for example, the distance between two objects cannot be computed). Finally, no update language for spatial constraint databases has been defined yet. The aim of this paper is to overcome some of the previous limitations. In particular, we extend the model and the algebra to directly deal with the set of points represented by a generalized tuple (a spatial object), retaining at the same time the ability of expressing all computations that can be expressed by other constraint database languages. Moreover, we discuss the introduction of external functions in the proposed algebra, in order to cover all the functionalities that cannot be expressed in the chosen logical theory. Finally, we propose an update language for spatial constraint databases, based on the same principles of the algebra.

An authorization model for geographical maps

Access control is an important component of any database management system. Several access control models have been proposed for conventional databases. However, these models do not seem adequate for geographical databases, due to the peculiarities of geographical data. Previous work on access control models for geographical data mainly concerns raster maps (images). In this paper, we present a discretionary access control model for geographical maps. We assume that each map is composed of a set of features. Each feature is represented in one or more maps by spatial objects, described by means of different spatial properties: geometric properties, describing the shape, extension and location of the objects, and topological properties, describing the topological relationships existing among objects. The proposed access control model allows the security administrator to define authorizations against map objects at a very fine granularity level, taking into account the various spatial representations and the object dimension. The model also supports both positive and negative authorizations as well as different propagation rules that make access control very flexible.