Storing and querying fuzzy XML data in relational databases

Information imprecision and uncertainty exist in many real-world applications and for this reason fuzzy data management has been extensively investigated in various database management systems. Currently, introducing native support for XML data in relational database management systems (RDBMs) has attracted considerable interest with a view to leveraging the powerful and reliable data management services provided by RDBMs. Although there is a rich literature on XML-to-relational storage, none of the existing solutions satisfactorily addresses the problem of storing fuzzy XML data in RDBMs. In this paper, we study the methodology of storing and querying fuzzy XML data in relational databases. In particular, we present an edge-based approach to shred fuzzy XML data into relational data. The unique feature of our approach is that no schema information is required for our data storage. On this basis, we present a generic approach to translate path expression queries into SQL for processing XML queries.     

Secure service composition with information flow control in service clouds

Service clouds built on cloud infrastructures and service-oriented architecture provide users with a novel pattern of composing basic services to achieve complicated tasks. However, in multiple clouds environment, outsourcing data and applications pose a great challenge to information flow security for the composite services, since sensitive data may be leaked to unauthorized attackers during service composition. Although model checking has been considered as a promising approach to enforce information flow security precisely, its high complexity on modeling and the heavy cost on verification cause great burdens to the process of service composition. In this paper, we propose a distributed approach to composing services securely with information flow control. In our approach, each service component is first verified through model checking, and then a compositional verification procedure is executed to ensure the information flow security along with the composition of these services. The experimental results indicate that our approach can reduce the cost of verification compared with the global verification approach.     

DAS下一种基于生成检测查询的数据有效性验证方法

在外包数据库服务(database-as-a-service,简称DAS)中,数据拥有者将数据外包给第三方:服务提供商(database service provider,简称DSP).与传统的DBMS相比,DAS通过提供基于Web的数据访问来节省数据库管理开销.为了保证DSP的服务质量,之前大部分工作关注于对数据隐秘性和数据有效性的研究.目前验证数据有效性的方法均要求DSP提供额外信息或储存额外数据,且每次更新都需要验证数据做相应调整,这在实际部署中是很低效的.为此提出了一种基于生成检测查询的数据有效性验证方法:通过用户发出过的多个查询生成检测查询,客户端根据检测查询的执行结果,并利用多个查询与检测查询的关系高效、有效地完成基于概率的有效性验证.通过实验验证了该方法的可行性.     

Extending OCL for OLAP querying on conceptual multidimensional models of data warehouses

The development of data warehouses begins with the definition of multidimensional models at the conceptual level in order to structure data, which will facilitate decision makers with an easier data analysis. Current proposals for conceptual multidimensional modelling focus on the design of static data warehouse structures, but few approaches model the queries which the data warehouse should support by means of OLAP (on-line analytical processing) tools. OLAP queries are, therefore, only defined once the rest of the data warehouse has been implemented, which prevents designers from verifying from the very beginning of the development whether the decision maker will be able to obtain the required information from the data warehouse. This article presents a solution to this drawback consisting of an extension to the object constraint language (OCL), which has been developed to include a set of predefined OLAP operators. These operators can be used to define platform-independent OLAP queries as a part of the specification of the data warehouse conceptual multidimensional model. Furthermore, OLAP tools require the implementation of queries to assure performance optimisations based on pre-aggregation. It is interesting to note that the OLAP queries defined by our approach can be automatically implemented in the rest of the data warehouse, in a coherent and integrated manner. This implementation is supported by a code-generation architecture aligned with model-driven technologies, in particular the MDA (model-driven architecture) proposal. Finally, our proposal has been validated by means of a set of sample data sets from a well-known case study.     

A model-driven framework for enterprise service management

With a steady pace of adoption of service-oriented architecture, enterprises have made significant progresses in implementing various kinds of Web services and converting existing applications to service-oriented architecture. As a significant number of services have been put into actual use, many service-oriented enterprises are faced with the problem of how to manage these services efficiently. In this paper, we propose a model-driven framework for a more efficient management of these services. In this framework, the creation and maintenance of enterprise integration solutions are modeled by flows, finite state machines (FSMs), role-based access control (RBAC) among other formal systems models as well as appropriate decision models. For instance, each enterprise integration solution would be modeled as composite services that can be described by respective flow, FSM and RBAC models. These solution models can then be stored, and later retrieved for the execution of these composite services. Furthermore, formal systems and decision models are also used to maintain and update these service-oriented solutions to improve the efficiency and quality of service management by taking advantage of the underlying service-oriented architecture.     

Model-driven specification and enforcement of RBAC break-glass policies for process-aware information systems

ContextIn many organizational environments critical tasks exist which – in exceptional cases such as an emergency – must be performed by a subject although he/she is usually not authorized to perform these tasks. Break-glass policies have been introduced as a sophisticated exception handling mechanism to resolve such situations. They enable certain subjects to break or override the standard access control policies of an information system in a controlled manner.ObjectiveIn the context of business process modeling a number of approaches exist that allow for the formal specification and modeling of process-related access control concepts. However, corresponding support for break-glass policies is still missing. In this paper, we aim at specifying a break-glass extension for process-related role-based access control (RBAC) models.MethodWe use model-driven development (MDD) techniques to provide an integrated, tool-supported approach for the definition and enforcement of break-glass policies in process-aware information systems. In particular, we provide modeling support on the computation independent model (CIM) layer as well as on the platform independent model (PIM) and platform specific model (PSM) layers.ResultsOur approach is generic in the sense that it can be used to extend process-aware information systems or process modeling languages with support for process-related RBAC and corresponding break-glass policies. Based on the formal CIM layer metamodel, we present a UML extension on the PIM layer that allows for the integrated modeling of processes and process-related break-glass policies via extended UML Activity diagrams. We evaluated our approach in a case study on real-world processes. Moreover, we implemented our approach at the PSM layer as an extension to the BusinessActivity library and runtime engine.ConclusionOur integrated modeling approach for process-related break-glass policies allows for specifying break-glass rules in process-aware information systems.     

ArchIS: an XML-based approach to transaction-time temporal database systems

Effective support for temporal applications by database systems represents an important technical objective that is difficult to achieve since it requires an integrated solution for several problems, including (i) expressive temporal representations and data models, (ii) powerful languages for temporal queries and snapshot queries, (iii) indexing, clustering and query optimization techniques for managing temporal information efficiently, and (iv) architectures that bring together the different pieces of enabling technology into a robust system. In this paper, we present the ArchIS system that achieves these objectives by supporting a temporally grouped data model on top of RDBMS. ArchIS’ architecture uses (a) XML to support temporally grouped (virtual) representations of the database history, (b) XQuery to express powerful temporal queries on such views, (c) temporal clustering and indexing techniques for managing the actual historical data in a relational database, and (d) SQL/XML for executing the queries on the XML views as equivalent queries on the relational database. The performance studies presented in the paper show that ArchIS is quite effective at storing and retrieving under complex query conditions the transaction-time history of relational databases, and can also assure excellent storage efficiency by providing compression as an option. This approach achieves full-functionality transaction-time databases without requiring temporal extensions in XML or database standards, and provides critical support to emerging application areas such as RFID.     

一种基于网格服务的数据库元数据管理框架

该文主要针对数据网格的分布式异构数据库环境,提出一种基于网格服务来实现数据库元数据采集、存储、查询功能的参考框架。文章讨论了对于异构数据库的元数据,如何实现动/静态信息的管理。通过扩展GlobusToolkit中的MDS(MonitoringandDiscoverService)目录服务模块,使其支持后台关系型数据库,来存储静态元数据,而利用信息采集程序(InformationProvider)来生成动态元数据。整个系统框架建立在网格服务(GridService)基础之上,以网格服务方式提供元数据的访问功能。     

A Trust-Based Context-Aware Access Control Model for Web-Services

A key challenge in Web services security is the design of effective access control schemes that can adequately meet the unique security challenges posed by the Web services paradigm. Despite the recent advances in Web based access control approaches applicable to Web services, there remain issues that impede the development of effective access control models for Web services environment. Amongst them are the lack of context-aware models for access control, and reliance on identity or capability-based access control schemes. Additionally, the unique service access control features required in Web services technology are not captured in existing schemes. In this paper, we motivate the design of an access control scheme that addresses these issues, and propose an extended, trust-enhanced version of our XML-based Role Based Access Control (X-RBAC) framework that incorporates trust and context into access control. We outline the configuration mechanism needed to apply our model to the Web services environment, and provide a service access control specification. The paper presents an example service access policy composed using our framework, and also describes the implementation architecture for the system.This is an extended version of the paper that has been presented at the 3rd International Conference on Web Services (ICWS), San Diego, 6–9 July 2004.Recommended by: Athman Bouguettaya and Boualem Benatallah     

Managing Role-Based Access Control Policies for Grid Databases in OGSA-DAI Using CAS

In this paper, we present a role-based access control method for accessing databases through the Open Grid Services Architecture – Data Access and Integration (OGSA-DAI) framework. OGSA-DAI is an efficient Grid-enabled middleware implementation of interfaces and services to access and control data sources and sinks. However, in OGSA-DAI, access control causes substantial administration overhead for resource providers in virtual organizations (VOs) because each of them has to manage a role-map file containing authorization information for individual Grid users. To solve this problem, we used the Community Authorization Service (CAS) provided by the Globus Toolkit to support the role-based access control (RBAC) within OGSA-DAI. CAS uses the Security Assertion Markup Language (SAML). Our method shows that CAS can support a wide range of security policies using role-privileges, role hierarchies, and constraints. The resource providers need to maintain only the mapping information from VO roles to local database roles and the local policies in the role-map files, so that the number of entries in the role-map file is reduced dramatically. Also, unnecessary authentication, mapping and connections can be avoided by denying invalid requests at the VO level. Thus, our access control method provides increased manageability for a large number of users and reduces day-to-day administration tasks of the resource providers, while they maintain the ultimate authority over their resources. Performance analysis shows that our method adds very little overhead to the existing security infrastructure of OGSA-DAI.     

通用高速数据库访问优化研究

在数据库应用程序中，数据访问性能的好坏是制约整个应用程序的一个重要方面，特别是在B／S和C／S结构中，这一点就显得尤为重要。但是现今的很多数据库应用程序所使用的数据库访问操作的代码运行效率并不高，造成了各种宝贵资源的浪费，也降低了整个应用程序的性能。本文从比较通用的角度出发，分析各种访问方式的一些通用数据库操作，提出一些适用于各种访问方式的优化方法扣策略。     

Managing deadline miss ratio and sensor data freshness in real-time databases

The demand for real-time data services is increasing in many applications including e-commerce, agile manufacturing, and telecommunications network management. In these applications, it is desirable to execute transactions within their deadlines, i.e., before the real-world status changes, using fresh (temporally consistent) data. However, meeting these fundamental requirements is challenging due to dynamic workloads and data access patterns in these applications. Further, transaction timeliness and data freshness requirements may conflict. We define average/transient deadline miss ratio and new data freshness metrics to let a database administrator specify the desired quality of real-time data services for a specific application. We also present a novel QoS management architecture for real-time databases to support the desired QoS even in the presence of unpredictable workloads and access patterns. To prevent overload and support the desired QoS, the presented architecture applies feedback control, admission control, and flexible freshness management schemes. A simulation study shows that our QoS-aware approach can achieve a near zero miss ratio and perfect freshness, meeting basic requirements for real-time transaction processing. In contrast, baseline approaches fail to support the desired miss ratio and/or freshness in the presence of unpredictable workloads and data access patterns.     

Auto-Discovering Configurations for Service Management

Determining service configurations is essential for effective service management. In this paper we describe a model-driven approach for service configuration auto-discovery. We develop metrics for performance and scalability analysis of such auto-discovery mechanisms. Our approach addresses several problems in auto-discovery: specification of what services to discover, how to efficiently distribute service discovery, and how to match instances of services into related groups. We use object-oriented models for discovery specifications, a flexible bus-based architecture for distribution and communication, and a novel multi-phased, instance matching approach. We have applied our approach to typical e-commerce services, Enterprise Resource Planning applications, like SAP, and Microsoft Exchange services running on a mixture of Windows and Unix platforms. The main contribution of this work is the flexibility of our models, architecture and algorithms to address discovery of a multitude of services.     

Data adapter for querying and transformation between SQL and NoSQL database

As the growing of applications with big data in cloud computing become popular, many existing systems expect to expand their service to support the explosive increase of data. We propose a data adapter system to support hybrid database architecture including a relational database (RDB) and NoSQL database. It can support query from application and deal with database transformation at the same time. We provide three modes of query approach in data adapter system: blocking transformation mode (BT mode), blocking dump mode (BD mode), and direct access mode (DA mode). We provide a data synchronization mechanism and describe the design and implementation in detail. This paper focuses on velocity with proposed three modes and partly variety with data stored in RDB, NoSQL database and temporary files. With the proposed data adapter system, we can provide a seamless mechanism to use RDB and NoSQL database at the same time.     

可定制的通用数据访问模型的设计与实现

通过对元数据库结构定义和通用数据访问的设计,给出了一个可定制的通用数据访问模型的设计及实现方法,使能通过定制完成数据访问和展示,降低数据库应用系统的开发难度。最后给出了模型在远程教学系统和器材管理的应用。     

Multiple similarity queries: a basic DBMS operation for mining inmetric databases

Metric databases are databases where a metric distance function is defined for pairs of database objects. In such databases, similarity queries in the form of range queries or k-nearest-neighbor queries are the most important query types. In traditional query processing, single queries are issued independently by different users. In many data mining applications, however, the database is typically explored by iteratively asking similarity queries for answers of previous similarity queries. We introduce a generic scheme for such data mining algorithms and we investigate two orthogonal approaches, reducing I/O cost as well as CPU cost, to speed-up the processing of multiple similarity queries. The proposed techniques apply to any type of similarity query and to an implementation based on an index or using a sequential scan. Parallelization yields an additional impressive speed-up. An extensive performance evaluation confirms the efficiency of our approach     

An MDE-based methodology for closed-world integrity constraint checking in the semantic web

Ontology-based data-centric systems support open-world reasoning. Therefore, for these systems, Web Ontology Language (OWL) and Semantic Web Rule Language (SWRL) are not suitable for expressing integrity constraints based on the closed-world assumption. Thus, the requirement of integrating the open-world assumption of OWL/SWRL with closed-world integrity constraint checking is inevitable. SPARQL, recommended by World Wide Web (W3C), is a query language for RDF graphs, and many research studies have shown that it is a perfect candidate for closed-world constraint checking for ontology-based data-centric applications. In this regard, many research studies have been performed to transform integrity constraints into SPARQL queries where some studies have shown the limitations of partial expressivity of knowledge bases while performing the indirect transformations, whereas others are limited to a platform-specific implementation. To address these issues, this paper presents a flexible and formal methodology that employs Model-Driven Engineering (MDE) to model closed-world integrity constraints for open-world reasoning. The proposed approach offers semantic validation of data by expressing integrity constraints at both the model level and the code level. Moreover, straightforward transformations from OWL/SWRL to SPARQL can be performed. Finally, the methodology is demonstrated via a real-world case study of water observations data.     

Efficient keyword search over virtual XML views

Emerging applications such as personalized portals, enterprise search, and web integration systems often require keyword search over semi-structured views. However, traditional information retrieval techniques are likely to be expensive in this context because they rely on the assumption that the set of documents being searched is materialized. In this paper, we present a system architecture and algorithm that can efficiently evaluate keyword search queries over virtual (unmaterialized) XML views. An interesting aspect of our approach is that it exploits indices present on the base data and thereby avoids materializing large parts of the view that are not relevant to the query results. Another feature of the algorithm is that by solely using indices, we can still score the results of queries over the virtual view, and the resulting scores are the same as if the view was materialized. Our performance evaluation using the INEX data set in the Quark (Bhaskar et al. in Quark: an efficient XQuery full-text implementation. In: SIGMOD, 2006) open-source XML database system indicates that the proposed approach is scalable and efficient.     

J2EE通用数据访问对象(DAO)模式设计与实现

当开发一个健壮的Java应用程序的时候,一个好的方法就是把持久层的API实现与一般的API的松耦合。数据访问对象（Data Access Objects）模式,使得你可以创建一个简单组件。本文通过对数据访问对象模式的探讨实现了一种通用的数据访问对象（DAO）模式。它封装实现了对应用程序的数据访问操作,从而使开发人员不必关心内部实现。使用DAO模式访问数据,可以动态地配置不同的持久化机制。