Ehud Gudes

Exploiting local similarity for indexing paths in graph-structured data

XML and other semi-structured data may have partially specified or missing schema information, motivating the use of a structural summary which can be automatically computed from the data. These summaries also serve as indices for evaluating the complex path expressions common to XML and semi-structured query languages. However, to answer all path queries accurately, summaries must encode information about long, seldom-queried paths, leading to increased size and complexity with little added value. We introduce the A(k)-indices, a family of approximate structural summaries. They are based on the concept of k-bisimilarity, in which nodes are grouped based on local structure, i.e., the incoming paths of length up to k. The parameter k thus smoothly varies the level of detail (and accuracy) of the A(k)-index. For small values of k, the size of the index is substantially reduced. While smaller, the A(k) index is approximate, and we describe techniques for efficiently extracting exact answers to regular path queries. Our experiments show that, for moderate values of k, path evaluation using the A(k)-index ranges from being very efficient for simple queries to competitive for most complex queries, while using significantly less space than comparable structures.

Computing frequent graph patterns from semistructured data

Whereas data mining in structured data focuses on frequent data values, in semistructured and graph data the emphasis is on frequent labels and common topologies. Here, the structure of the data is just as important as its content. We study the problem of discovering typical patterns of graph data. The discovered patterns can be useful for many applications, including: compact representation of source information and a road-map for browsing and querying information sources. Difficulties arise in the discovery task from the complexity of some of the required sub-tasks, such as sub-graph isomorphism. This paper proposes a new algorithm for mining graph data, based on a novel definition of support. Empirical evidence shows practical, as well as theoretical, advantages of our approach.

A model for evaluation and administration of security in object-oriented databases

The integration of object-oriented programming concepts with databases is one of the most significant advances in the evolution of database systems. Many aspects of such a combination have been studied, but there are few models to provide security for this richly structured information. We develop an authorization model for object-oriented databases. This model consists of a set of policies, a structure for authorization rules, and algorithms to evaluate access requests against the authorization rules. User access policies are based on the concept of inherited authorization applied along the class structure hierarchy. We propose also a set of administrative policies that allow the control of user access and its decentralization. Finally, we study the effect of class structuring changes on authorization. >

Security Issues in NoSQL Databases

applications has created the need to store large amount of data in distributed databases that provide high availability and scalability. In recent years, a growing number of companies have adopted various types of non-relational databases, commonly referred to as NoSQL databases, and as the applications they serve emerge, they gain extensive market interest. These new database systems are not relational by definition and therefore they do not support full SQL functionality. Moreover, as opposed to relational databases they trade consistency and security for performance and scalability. As increasingly sensitive data is being stored in NoSQL databases, security issues become growing concerns. This paper reviews two of the most popular NoSQL databases (Cassandra and MongoDB) and outlines their main security features and problems.

The Design of a Cryptography Based Secure File System

The design of a secure file system based on user controlled cryptographic (UCC) transformations is investigated. With UCC transformations, cryptography not only complements other protection mechanisms, but can also enforce protection specifications. Files with different access permissions are enciphered by different cryptographic keys supplied by authorized users at access time. Several classes of protection policies such as: compartmentalized, hierarchical, and data dependent are discussed. Several protection implementation schemes are suggested and analyzed according to criteria such as: security, efficiency, and user convenience. These schemes provide a versatile and powerful set of design alternatives.

Designing secure indexes for encrypted databases

The conventional way to speedup queries execution is by using indexes. Designing secure indexes for an encrypted database environment raises the question of how to construct the index so that no information about the database content is exposed. In this paper, the challenges raised when designing a secure index for an encrypted database are outlined; the attacker model is described; possible attacks against secure indexes are discussed; the difficulty posed by multiple users sharing the same index are presented; and the design considerations regarding keys storage and encryption granularity are illustrated. Finally, a secure database-indexing scheme is suggested. In this scheme, protection against information leakage and unauthorized modifications is provided by using encryption, dummy values and pooling. Furthermore, the new scheme supports discretionary access control in a multi-user environment.

Discovering Frequent Graph Patterns Using Disjoint Paths

Whereas data mining in structured data focuses on frequent data values, in semistructured and graph data mining, the issue is frequent labels and common specific topologies. The structure of the data is just as important as its content. We study the problem of discovering typical patterns of graph data, a task made difficult because of the complexity of required subtasks, especially subgraph isomorphism. In this paper, we propose a new apriori-based algorithm for mining graph data, where the basic building blocks are relatively large, disjoint paths. The algorithm is proven to be sound and complete. Empirical evidence shows practical advantages of our approach for certain categories of graphs

Modeling and solving distributed constraint satisfaction problems (DCSPs)

Constraint satisfaction problems (CSP) are part of many real world domains, such as computer vision and scheduling problems. Often, CSPs are solved in real life by several agents, each of them working on a part of the problem [3, 4]. A distributed CSP can be viewed as a set of constraint networks(CN), each CN being solved by a different agent, where the CNs are connected by constraints. A major assumption of the present paper is that checking constraints inside the distributed components has a much lower cost than checking constraints across different components. The latter check involves some kind of message passing that the solving algorithm would like to minimize. The processing of CNs have been studied extensively in the last decade [1, 2], usually within the standard model which is sequential. Several at tempts have been made at studying the processing of CNs in parallel The most relevant study of distributed CSPs has been made by Yokoo [5]. The basic difference between our approach and Yokoos approach is that our algorithms try to take advantage of the differences between the DCSPs components. The model of a DCSP of the present paper uses agents that are connected by a communication network (i.e., no common memory, just message passing). The number of agents is equal or larger by a small constant, to the number of subproblems in the given division of the DCSP. Based on this we state the following goals for our multi-agent algorithms:

A security model for object-oriented databases

An authorization model for object-oriented databases is developed. This model consists of a set of policies, a structure for authorization rules, and an algorithm to evaluate access requests against the authorization rules. The model is illustrated by a specific database system intended for CAD/CAM (computer-aided design/manufacturing) applications, and incorporates knowledge rules with a database of objects combined through an object-oriented semantic association model (OSAM). The database is composed of objects that include a collection of facts and a collection of relevant rules. All the knowledge manipulation operations can be used to express the rules. Some of these rules could be integrity or security rule, i.e. they could be the basis for a mechanism to enforce integrity or security.<<ETX>>

Support measures for graph data

The concept of support is central to data mining. While the definition of support in transaction databases is intuitive and simple, that is not the case in graph datasets and databases. Most mining algorithms require the support of a pattern to be no greater than that of its subpatterns, a property called anti-monotonicity, or admissibility. This paper examines the requirements for admissibility of a support measure. Support measures for mining graphs are usually based on the notion of an instance graph---a graph representing all the instances of the pattern in a database and their intersection properties. Necessary and sufficient conditions for support measure admissibility, based on operations on instance graphs, are developed and proved. The sufficient conditions are used to prove admissibility of one support measure—the size of the independent set in the instance graph. Conversely, the necessary conditions are used to quickly show that some other support measures, such as weighted count of instances, are not admissible.