Wiebren de Jonge

The logical disk: a new approach to improving file systems

The Logical Disk (LD) defines a new interface to disk storage that separates file management and disk management by using logical block numbers and block lists. The LD interface is designed to support multiple file systems and to allow multiple implementations, both of which are important given the increasing use of kernels that support multiple operating system personalities.A log-structured implementation of LD (LLD) demonstrates that LD can be implemented efficiently. LLD adds about 5% to 10% to the purchase cost of a disk for the main memory it requires. Combining LLD with an existing file system results in a log-structured file system that exhibits the same performance characteristics as the Sprite log-structured file system.

Answering queries without revealing secrets

Question-answering systems must often keep certain information secret. This can be accomplished, for example, by sometimes refusing to answer a query. Here the danger of revealing a secret by refusing to answer a query is investigated. First several criteria that can be used to decide whether or not to answer a query are developed. Then it is shown which of these criteria are safe if the questioner knows nothing at all about what is kept secret. Furthermore, it is proved that one of these criteria is safe even if the user of the system knows which information is to be kept secret.

Roles and Dynamic Subclasses: A Modal Logic Approach

In this paper, we argue that object-oriented models must be able to represent three kinds of taxonomic structures: static subclasses, dynamic subclasses and role classes. If CAR is a static subclass of VEHICLE, then a vehicle that is not a car can never migrate to the CAR subclass. If EMPloyee is a dynamic subclass of PERSON, then a PERSON that is not an employee may migrate to EMP. In both cases, an instance of the subclass is identical to an instance of the superclass. Finally, if EMP is modeled as a role class of PERSON every employee differs from every person, but a PERSON instance can acquire one or more EMP instances as roles. We outline an approach to formalizing these taxonomic structures in order-sorted dynamic logic with equality.

Attacks on Some RSA Signatures

Two simple redundancy schemes are shown to be inadequate in securing RSA signatures against attacks based on multiplicative properties. The schemes generalize the requirement that each valid message starts or ends with a fixed number of zero bits. Even though only messages with proper redundancy are signed, forgers are able to construct signatures on messages of their choice.

Compromising statistical databases responding to queries about means

This paper describes how to compromise a statistical database which <italic>only</italic> answers queries about arithmetic means for query sets whose cardinality falls in the range [<italic>k, N</italic> - <italic>k</italic>], for some <italic>k</italic> > 0, where <italic>N</italic> ≥ 2<italic>k</italic> is the number of records in the database. The compromise is shown to be easy and to require only a little preknowledge; knowing the cardinality of just one nonempty query set is usually sufficient. This means that not only count and sum queries, but also queries for arithmetic means can be extremely dangerous for the security of a statistical database, and that this threat must be taken into account explicitly by protective measures. This seems quite important from a practical standpoint: while arithmetic means were known for some time to be not altogether harmless, the (perhaps surprising) extent of the threat is now shown.

High-level programming features for improving the efficiency of a relational database system

This paper discusses some high-level language programming constructs that can be used to manipulate the relations of a relational database system efficiently. Three different constructs are described: (1) tuple identifiers that directly reference tuples of a relation; (2) cursors that may iterate over the tuples of a relation; and (3) markings, a form of temporary relation consisting of a set of tuple identifiers. In each case, attention is given to syntactic, semantic, and implementation considerations. The use of these features is first presented within the context of the programming language PLAIN, and it is then shown how these features could be used more generally to provide database manipulation capabilities in a high-level programming language. Consideration is also given to issues of programming methodology, with an important goal being the achievement of a balance between the enforcement of good programming practices and the ability to write efficient programs.

Some variations on RSA signatures and their security

The homomorphic structure of RSA signatures can impair security. Variations on a generalization of RSA signatures are considered with the aim of obviating such vulnerabilities. Of these variations, which involve a function of the message in the exponent, several are shown to have potential weaknesses similar to those of RSA.No attacks have been found for one of the variations. Its security does not depend on redundancy present in or artificially combined with messages. The same holds for a well-known use of RSA that relies on a one-way compression function. A comparison between the schemes is given.

Encoding and Manipulating Pictorial Data with S+-trees

We are concerned in this paper with the efficient encoding and manipulation of pixel trees that are resident on secondary devices. We introduce a new structure, the S+-tree, that consists of a paged linear treecode representation of the picture (data) and an index whose entries represent separators among some of the leafcodes embedded in the linear representation.

Privacy and security in information systems using programming language features

Abstract This paper describes a specification and implementation scheme for providing an integrated approach to security and privacy rules and shows how they may be achieved with a formal specification language that permits the association of operations with logical conditions. The implementation of these rules is shown in the programming language PLAIN. In this way, the access and notification control that has typically been performed by operating systems, database management systems, and programming languages is brought together in an integrated programming environment.