Stefania Marrara

A fuzzy extension of the XPath query language

Today the current state of the art in querying XML data is represented by XPath and XQuery, both of which rely on Boolean conditions for node selection. Boolean selection is too restrictive when users do not use or even know the data structure precisely, e.g. when queries are written based on a summary rather than on a schema. In this paper we describe a XML querying framework, called FuzzyXPath, based on Fuzzy Set Theory, which relies on fuzzy conditions for the definition of flexible constraints on stored data. A function called “deep-similar” is introduced to replace XPath’s typical “deep-equal” function. The main goal is to provide a degree of similarity between two XML trees, assessing whether they are similar both structure-wise and content-wise. Several query examples are discussed in the field of XML based metadata for e-learning.

A fuzzy approach to multimodal biometric continuous authentication

In the last few years the security of the user’s identity has become of paramount importance. In this paper we investigate the opportunity of using a multimodal biometric system as input of a fuzzy controller designed with the aim of preventing user substitution after the initial authentication process.

A general approach to securely querying XML

XML access control requires the enforcement of highly expressive access control policies to support schema-, document and object-specific protection requirements. Access control models for XML data can be classified in two major categories: node filtering and query rewriting systems. The first category includes approaches that use access policies to compute secure user views on XML data sets. User queries are then evaluated on those views. In the second category of approaches, authorization rules are used to transform user queries to be evaluated against the original XML data set. The pros and cons for these approaches have been widely discussed in the framework of XML access control standardization activities. The aim of this paper is to describe a model combining the advantages of these approaches and overcoming their limitations, suitable as the basis of a standard technique for XML access control enforcement. The model specification is given using a Finite State Automata, ensuring generality w.r.t. specific implementation techniques.

Impostor Users Discovery Using a Multimodal Biometric Continuous Authentication Fuzzy System

In the last few years the security of the users identity has become of paramount importance. In this paper we investigate the behavior of a fuzzy controller with a multimodal biometric system as input designed with the aim of preventing user substitution after the initial authentication process. In particular this paper presents the results of the system behavior tested with impostor users.

FuzzyXPath: Using Fuzzy Logic an IR Features to Approximately Query XML Documents

XML has become a key technology for interoperability, providing a common data model to applications. However, diverse data modeling choices may lead to heterogeneous XML structure and content. In this paper, information retrieval and database-related techniques have been jointly applied to effectively tolerate XML data diversity in the evaluation of flexible queries. Approximate structure and content matching is supported via a straightforward extension to standard XPath syntax. Also, we outline a query execution technique representing a first step toward efficiently addressing structural pattern queries together with predicate support over XML elements content.

A flexible extension of XPath to improve XML querying

This work presents a flexible XML selection language, FleXPath which allows the formulation of flexible constraints on both structure and content of XML documents. Some experimental results, obtained with a preliminary prototype, are described in order to show that the idea promises good results.

Securely updating XML

We study the problem of updating XML repository through security views. Users are provided with the view of the repository schema they are entitled to see. They write update requests over their view using the XUpdate language. Each request is processed in two rewriting steps. First, the XPath expression selecting the nodes to update from the view is rewritten to another expression that only selects nodes the user is permitted to see. Second the XUpdate query is refined according to the write privileges held by the user.

An access control model for querying XML data

In the last few years, an increasing amount of si-structured data have become available electronically to humans and programs. In such a context, XML is rapidly erging as the new standard for si-structured data representation and exchange on the Internet. Securing XML data is then becoming increasingly important and several attpts at developing methods for securing XML data have been proposed. However, these proposals do not take into consideration scenarios where users want to query XML data by using complex query language.In this paper, we propose an extension to our previous access control model handling the new standard query language XQuery, which is a powerful and convenient language designed for querying XML data.

Efficient SOAP message exchange and evaluation through XML similarity

This paper investigates the possibility of using an XML tree similarity based approach in order to individuate similar SOAP messages, that can be aggregated by the Web Service Provider in a single message before checking it according to WS-Policy, saving time and computational costs.

A multimedia access control language for virtual and ambient intelligence environments

Access control models are becoming increasingly important in several application domains especially in distributed environments like those addressed by Web Services. Established approaches such as DAC [16] , MAC [16] RBAC [11, 12, 22] and others [6, 5, 15, 1] suggest representing users in different ways (labels, roles, credentials, etc.) in order to facilitate the association of authorization and access control policies. In intelligent and virtual ambient applications, users exist in a controlled environment equipped with multimedia sensors such as cameras and microphones, and use their terminals in several application environments. In this paper, we study the problem of integrating multimedia objects into access control models and particularly role-based ones. Here, we describe a Multimedia Access Control Language (M 2ACL) in which users and roles are described by using sets of mul- timedia objects,greatly increasing the flexibility of access control policies and their applicability to virtual and ambient intelligence (AmI environments.We address potential risks related to the use of multimedia objects by defining the concept of filter functions used to aggregate a set of values into a relevant one.Finally,we present a set of functional specification and the experiments conducted to validate the proposed approach.