Nataliya Rassadko

On Generating Benchmark Data for Entity Matching

Entity matching has been a fundamental task in every major integration and data cleaning effort. It aims at identifying whether two different pieces of information are referring to the same real world object. It can also form the basis of entity search by finding the entities in a repository that best match a user specification. Despite the many different entity matching techniques that have been developed over time, there is still no widely accepted benchmark for evaluating and comparing them. This paper introduces EMBench, a principled system for the evaluation of entity matching systems. In contrast to existing similar efforts, EMBench offers a unique test case generation approach that combines different levels of types, complexity, and scales, allowing a complete and accurate evaluation of the different aspects of a matching system. After presenting the basic principles of EMBench and its functionality, a comprehensive evaluation is performed on some existing matching systems that showcases its discriminative power in highlighting their capabilities and limitations. EMBench has all the characteristics of a benchmark and can serve as a standard evaluation methodology provided that it gains popularity and wide acceptance.

Generalized XML security views

We investigate a generalization of the notion of XML security view introduced by Stoica and Farkas (Proceedings of the 16th International Conference on Data and Applications Security (IFIP’02). IFIP Conference Proceedings, vol. 256, pp. 133–146. Kluwer, Dordrecht, 2002) and later refined by Fan et al. (Proceedings of the ACM SIG- MOD International Conference on Management of Data (SIGMOD’04), pp. 587–598. ACM Press, New York, 2004). The model consists of access control policies specified over DTDs with XPath expressions for data-dependent access control. We provide the notion of security views characterizing information accessible to authorized users. This is a trans- formed DTD schema that can be used by users for query formulation. We develop an algorithm to materialize an authorized version of the document from the view and an algorithm to construct the view from an access control specification. We show that our view construction combined with materialization produces the same result as the direct application of the DTD access specification on the document. We also propose a number of generalizations of possible security policies and show how they affect view construction algorithm. Finally, we provide an evaluation of our system.

Query rewriting algorithm evaluation for XML security views

We investigate the experimental effectiveness of query rewriting over XML security views. Our model consists of access control policies specified over DTDs with XPath expression for data-dependent access control policies. We provide the notion of security views for characterizing information accessible to authorized users. This is a transformed (sanitized) DTD schema that is used by users for query formulation. To avoid the overhead of view materialization in query answering, these queries later undergo rewriting so that they are valid over the original DTD schema, and thus the query answer is computed fromthe original XML data. We provide an algorithm for query rewriting and show its performance compared with the naive approach, i.e. the approach that requires view materialization.

Policy classes and query rewriting algorithm for XML security views

Most state-of-the-art approaches of securing XML documents are based on a partial annotation of an XML tree with security labels which are later propagated to unlabeled nodes of the XML so that the resulting labeling is full (i.e. defined for every XML node). The first contribution of this paper is an investigation of possible alternatives for policy definition that lead to a fully annotated XML. We provide a classification of policies using different options of security label propagation and conflict resolution. Our second contribution is a generalized algorithm that constructs a full DTD annotation (from the the partial one) w.r.t. the policy classification. Finally, we discuss the query rewriting approach for our model of XML security views.

Feature-based entity matching: the FBEM model, implementation, evaluation

Entity matching or resolution is at the heart of many integration tasks in modern information systems. As with any core functionality, good quality of results is vital to ensure that upper-level tasks perform as desired. In this paper we introduce the FBEM algorithm and illustrate its usefulness for general-purpose use cases. We analyze its result quality with a range of experiments on heterogeneous data sources, and show that the approach provides good results for entities of different types, such as persons, organizations or publications, while posing minimal requirements to input data formats and requiring no training.

Satisfaction of Control Objectives by Control Processes

Showing that business processes comply with regulatory requirements is not easy. We investigate this compliance problem in the case that the requirements are expressed as a directed, acyclic graph, with high-level requirements (called control objectives ) at the top and with low-level requirements (called control activities ) at the bottom. These control activities are then implemented by control processes . We introduce two algorithms: the first identifies whether a given set of control activities is sufficient to satisfy the top-level control objectives; the second identifies those steps of control processes that contribute to the satisfaction of top-level control objectives. We illustrate these concepts and the algorithms by examples taken from a large healthcare provider.

Security views for outsourced business processes

The workflow of a Virtual Organization is often divided into fragments that are run by different entities having different clearance level or accessibility permissions. Therefore, an important issue is a decomposition of the overall business process into workflow views that can be outsourced to the side of the corresponding contractors. In this paper, we introduce the notion of business process security view and present an algorithm for the automatic derivation of such views from a security specification that may express conditional accessibility based on the actual data flowing across business process. Our solution borrows the idea of virtual views from relational database views. We also discuss an architecture and an implementation for workflow view synchronization.