共查询到20条相似文献,搜索用时 31 毫秒
1.
A content-based authorization model for digital libraries 总被引:4,自引:0,他引:4
Adam N.R. Atluri V. Bertino E. Ferrari E. 《Knowledge and Data Engineering, IEEE Transactions on》2002,14(2):296-315
Digital libraries (DLs) introduce several challenging requirements with respect to the formulation, specification and enforcement of adequate data protection policies. Unlike conventional database environments, a DL environment is typically characterized by a dynamic user population, often making accesses from remote locations, and by an extraordinarily large amount of multimedia information, stored in a variety of formats. Moreover, in a DL environment, access policies are often specified based on user qualifications and characteristics, rather than on user identity (e.g. a user can be given access to an R-rated video only if he/ she is more than 18 years old). Another crucial requirement is the support for content-dependent authorizations on digital library objects (e.g. all documents containing discussions on how to operate guns must be made available only to users who are 18 or older). Since traditional authorization models do not adequately meet the access control requirements typical of DLs, we propose a content-based authorization model that is suitable for a DL environment. Specifically, the most innovative features of our authorization model are: (1) flexible specification of authorizations based on the qualifications and (positive and negative) characteristics of users, (2) both content-dependent and content-independent access control to digital library objects, and (3) the varying granularity of authorization objects ranging from sets of library objects to specific portions of objects 相似文献
2.
Michiharu Kudo 《International Journal of Information Security》2002,1(2):116-130
Over the years a wide variety of access control models and policies have been proposed, and almost all the models have assumed
“grant the access request or deny it.” They do not provide any mechanism that enables us to bind authorization rules with
required operations such as logging and encryption. We propose the notion of a “provisional action” that tells the user that
his request will be authorized provided he (and/or the system) takes certain actions. The major advantage of our approach
is that arbitrary actions such as cryptographic operations can all coexist in the access control policy rules. We define a
fundamental authorization mechanism and then formalize a provision-based access control model. We also present algorithms
and describe their algorithmic complexity. Finally, we illustrate how provisional access control policy rules can be specified
effectively in practical usage scenarios.
Published online: 22 January 2002 相似文献
3.
An adaptive visual environment for digital libraries 总被引:1,自引:0,他引:1
M.F. Costabile F. Esposito G. Semeraro N. Fanizzi 《International Journal on Digital Libraries》1999,2(2-3):124-143
CDL (Corporate Digital Library) is a prototypical intelligent digital library service that is currently being developed at
the University of Bari, as an evolution of a previous project named IDL (Intelligent Digital Library). Among the characterizing
features of CDL there are a retrieval engine and several facilities available for the library users. In this paper, we present
the web-based visual environment we have developed with the aim of improving user-library interaction. The CDL environment
is equipped with some novel visual tools that are primarily intended for inexperienced users, who represent most of the users
that usually have access to digital libraries. Machine Learning techniques have been exploited in CDL for document analysis,
classification, and understanding, as well as for building a user modeling module, which is the basic component for providing
CDL with user interface adaptivity. This feature is also discussed in the paper.
Received: 15 December 1997 / Revised: June 1999 相似文献
4.
Authorization infrastructures are an integral part of any network where resources need to be protected. As networks expand and organizations start to federate access to their resources, authorization infrastructures become increasingly difficult to manage. In this paper, we explore the automatic adaptation of authorization assets (policies and subject access rights) in order to manage federated authorization infrastructures. We demonstrate adaptation through a Self-Adaptive Authorization Framework (SAAF) controller that is capable of managing policy based federated role/attribute access control authorization infrastructures. The SAAF controller implements a feedback loop to monitor the authorization infrastructure in terms of authorization assets and subject behavior, analyze potential adaptations for handling malicious behavior, and act upon authorization assets to control future authorization decisions. We evaluate a prototype of the SAAF controller by simulating malicious behavior within a deployed federated authorization infrastructure (federation), demonstrating the escalation of adaptation, along with a comparison of SAAF to current technology. 相似文献
5.
Constantine Stephanidis Anthony Savidis 《Universal Access in the Information Society》2001,1(1):40-55
Accessibility and high quality of interaction with products, applications, and services by anyone, anywhere, and at any time are fundamental requirements
for universal access in the emerging Information Society. This paper discusses these requirements, and their relation to the concept of automated
adaptation of user interfaces. An example application is presented, showing how adaptation can be used to accommodate the
requirements of different user categories and contexts of use. This application is then used as a vehicle for discussing a
new engineering paradigm appropriate for the development of adaptation-based user interfaces. Finally, the paper investigates
issues concerning the interaction technologies required for universal access.
Published online: 23 May 2001 相似文献
6.
In a video-on-demand (VOD) environment, disk arrays are often used to support the disk bandwidth requirement. This can pose
serious problems on available disk bandwidth upon disk failure. In this paper, we explore the approach of replicating frequently
accessed movies to provide high data bandwidth and fault tolerance required in a disk-array-based video server. An isochronous
continuous video stream imposes different requirements from a random access pattern on databases or files. Explicitly, we
propose a new replica placement method, called rotational mirrored declustering (RMD), to support high data availability for disk arrays in a VOD environment. In essence, RMD is similar to the conventional
mirrored declustering in that replicas are stored in different disk arrays. However, it is different from the latter in that
the replica placements in different disk arrays under RMD are properly rotated. Combining the merits of prior chained and
mirrored declustering methods, RMD is particularly suitable for storing multiple movie copies to support VOD applications.
To assess the performance of RMD, we conduct a series of experiments by emulating the storage and delivery of movies in a
VOD system. Our results show that RMD consistently outperforms the conventional methods in terms of load-balancing and fault-tolerance
capability after disk failure, and is deemed a viable approach to supporting replica placement in a disk-array-based video
server. 相似文献
7.
The number of Digital Libraries (DLs) accessible over the Open Archives Initiative–Protocol for Metadata Harvesting (OAI–PMH) has been constantly increasing in the past years. Earlier efforts in the DL area have concentrated on metadata harvesting and provisioning of value-added Federated Digital Library (FDL) services to the users. FDL services, however, have to meet significant performance and scalability requirements, which is difficult to achieve in centralized metadata harvesting systems. The goal of the present study was to evaluate the benefits of using Web Services Resource Framework (WSRF) compliant grid middleware infrastructure for providing efficient and reliable FDL services. The presented FDL application allows for parallel harvesting of OAI–PMH compliant DLs. The results show that this approach efficiently solves the performance related problems, while it also contributes to greater flexibility of the system. The quality of service is improved as metadata can be updated frequently, and the system does not exhibit a single point of failure. 相似文献
8.
Discussion-based exercises are a prevalent form of training in emergency management, aimed at improving coordinative decision
making between the various agencies involved in disaster response. In each exercise, small multi-agency groups of decision
makers discuss potential courses of action within a fictitious disaster scenario presented as a textual narrative supported
by visual materials. We present a cognitive engineering analysis of the problem of designing disaster scenarios for effective
discussion-based exercises. The analysis was carried out through the development of a pilot authoring environment to establish
and address the requirements of a training organisation in the UK. The pilot authoring environment embodies a simple theoretical
model of the exercise process in which facts of a disaster scenario afford discussion of pertinent issues which are elicited by considerations fed to trainees. This representational scheme allows the authoring environment to complement and extend authors’ mental models
of exercises, and thereby enhance five aspects of authoring: rationalisation; continuity of rationale; evolution; adaptability;
and the integration of evaluation feedback. 相似文献
9.
David Crandall Sameer Antani Rangachar Kasturi 《International Journal on Document Analysis and Recognition》2003,5(2-3):138-157
Abstract. The popularity of digital video is increasing rapidly. To help users navigate libraries of video, algorithms that automatically
index video based on content are needed. One approach is to extract text appearing in video, which often reflects a scene's
semantic content. This is a difficult problem due to the unconstrained nature of general-purpose video. Text can have arbitrary
color, size, and orientation. Backgrounds may be complex and changing. Most work so far has made restrictive assumptions about
the nature of text occurring in video. Such work is therefore not directly applicable to unconstrained, general-purpose video.
In addition, most work so far has focused only on detecting the spatial extent of text in individual video frames. However,
text occurring in video usually persists for several seconds. This constitutes a text event that should be entered only once
in the video index. Therefore it is also necessary to determine the temporal extent of text events. This is a non-trivial
problem because text may move, rotate, grow, shrink, or otherwise change over time. Such text effects are common in television
programs and commercials but so far have received little attention in the literature. This paper discusses detecting, binarizing,
and tracking caption text in general-purpose MPEG-1 video. Solutions are proposed for each of these problems and compared
with existing work found in the literature.
Received: January 29, 2002 / Accepted: September 13, 2002
D. Crandall is now with Eastman Kodak Company, 1700 Dewey Avenue, Rochester, NY 14650-1816, USA; e-mail: david.crandall@kodak.com
S. Antani is now with the National Library of Medicine, 8600 Rockville Pike, Bethesda, MD 20894, USA; e-mail: antani@nlm.nih.gov
Correspondence to: David Crandall 相似文献
10.
Why do the business requirements and the final software product often have little in common? Why are stakeholders, developers
and managers reluctant to embrace a full requirements process? Why does everybody say, ‘We don’t have time for requirements’?
Why is the potentially most beneficial part of the development process ignored or short-changed?
Following are some observations about why the real requirements for the product often go undiscovered. We will address this
by focusing on the different concerns of the people involved in requirements. 相似文献
11.
Darrell Raymond 《Requirements Engineering》2002,7(4):179-191
Engineering information system deployment is squeezed by a shrinking commitment to requirements definition and an expanding
need to determine the security requirements of such systems. This paper examines the causes and effects of this squeeze. Commitment
is shrinking because of past requirements experiences, misunderstood trends in system development and requirements fatigue,
while needs are expanding because of recent emphasis on Internet access to data, online transactions and workflow, which greatly
increase the severity of the authorisation problem. Some approaches to quantifying and addressing this problem are introduced.
Correspondence and offprint requests to: D. Raymond, 305 Bushview Crescent, Waterloo, Ontario, Canada N2V 2A6. Email: darrell.raymond@sympatico.ca 相似文献
12.
Ela Hunt Malcolm P. Atkinson Robert W. Irving 《The VLDB Journal The International Journal on Very Large Data Bases》2002,11(3):256-271
Our aim is to develop new database technologies for the approximate matching of unstructured string data using indexes. We
explore the potential of the suffix tree data structure in this context. We present a new method of building suffix trees,
allowing us to build trees in excess of RAM size, which has hitherto not been possible. We show that this method performs
in practice as well as the O(n) method of Ukkonen [70]. Using this method we build indexes for 200 Mb of protein and 300 Mbp of DNA, whose disk-image exceeds
the available RAM. We show experimentally that suffix trees can be effectively used in approximate string matching with biological
data. For a range of query lengths and error bounds the suffix tree reduces the size of the unoptimised O(mn) dynamic programming calculation required in the evaluation of string similarity, and the gain from indexing increases with
index size. In the indexes we built this reduction is significant, and less than 0.3% of the expected matrix is evaluated.
We detail the requirements for further database and algorithmic research to support efficient use of large suffix indexes
in biological applications.
Received: November 1, 2001 / Accepted: March 2, 2002 Published online: September 25, 2002 相似文献
13.
Juliano Lopes de Oliveira Marcos André Gonçalves Claudia Bauzer Medeiros 《International Journal on Digital Libraries》1999,2(2-3):190-206
Geographic data are useful for a large set of applications, such as urban planning and environmental control. These data are,
however, very expensive to acquire and maintain. Moreover, their use is often restricted due to a lack of dissemination mechanisms.
Digital libraries are a good approach for increasing data availability and therefore reducing costs, since they provide efficient
storage and access to large volumes of data. One major drawback to this approach is that it creates the necessity of providing
facilities for a large and heterogeneous community of users to search and interact with these geographic libraries. We present
a solution to this problem, based on a framework that allows the design and construction of customizable user interfaces for
applications based on Geographic Digital Libraries (GDL). This framework relies on two main concepts: a geographic user interface
architecture and a geographic digital library model.
Received: 15 December 1997 / Revised: June 1999 相似文献
14.
Peter G. Fairweather John T. Richards Vicki L. Hanson 《Universal Access in the Information Society》2002,2(1):70-75
This paper describes a set of interfaces and mechanisms to enhance access to the World Wide Web for persons with sensory,
cognitive, or motor limitations. Paradoxically, although complex Web architectures are often accused of impeding accessibility,
their layers expand the range of points where interventions can be staged to improve it. This paper identifies some of these
access control points and evaluates the particular strengths and weaknesses of each. In particular, it describes an approach
to enhance access that is distributed across multiple control points and implemented as an aggregation of services.
Published online: 6 November 2002 相似文献
15.
The dominating set problem asks for a small subset D of nodes in a graph such that every node is either in D or adjacent to a node in D. This problem arises in a number of distributed network applications, where it is important to locate a small number of centers
in the network such that every node is nearby at least one center. Finding a dominating set of minimum size is NP-complete,
and the best known approximation is logarithmic in the maximum degree of the graph and is provided by the same simple greedy
approach that gives the well-known logarithmic approximation result for the closely related set cover problem. We describe
and analyze new randomized distributed algorithms for the dominating set problem that run in polylogarithmic time, independent
of the diameter of the network, and that return a dominating set of size within a logarithmic factor from optimal, with high
probability. In particular, our best algorithm runs in rounds with high probability, where n is the number of nodes, is one plus the maximum degree of any node, and each round involves a constant number of message exchanges among any two
neighbors; the size of the dominating set obtained is within of the optimal in expectation and within of the optimal with high probability. We also describe generalizations to the weighted case and the case of multiple covering
requirements.
Received: January 2002 / Accepted: August 2002
RID="*"
ID="*" Supported by NSF CAREER award NSF CCR-9983901
RID="*"
ID="*" Supported by NSF CAREER award NSF CCR-9983901 相似文献
16.
Large-Scale Requirements Analysis Revisited: The need for Understanding the Political Ecology of Requirements Engineering 总被引:1,自引:1,他引:1
This paper addresses the political nature of requirements for large systems, and argues that requirements engineering theory and practice must become more engaged with these issues.
It argues that large-scale system requirements is constructed through a political decision process, whereby requirements emerge
as a set of mappings between consecutive solution spaces justified by a problem space of concern to a set of principals. These
solution spaces are complex socio-technical ensembles that often exhibit non-linear behaviour in expansion due to domain complexity
and political ambiguity. Stabilisation of solutions into agreed-on specifications occurs only through the exercise of organisational
power. Effective requirements engineering in such cases is most effectively seen as a form of heterogeneous engineering in which technical, social, economic and institutional factors are brought together in a current solution space that provides
the baseline for construction of proposed new solution spaces. 相似文献
17.
Arunprasad P. Marathe Kenneth Salem 《The VLDB Journal The International Journal on Very Large Data Bases》2002,11(1):68-91
Arrays are a common and important class of data. At present, database systems do not provide adequate array support: arrays
can neither be easily defined nor conveniently manipulated. Further, array manipulations are not optimized. This paper describes
a language called the Array Manipulation Language (AML), for expressing array manipulations, and a collection of optimization techniques for AML expressions.
In the AML framework for array manipulation, arbitrary externally-defined functions can be applied to arrays in a structured
manner. AML can be adapted to different application domains by choosing appropriate external function definitions. This paper
concentrates on arrays occurring in databases of digital images such as satellite or medical images.
AML queries can be treated declaratively and subjected to rewrite optimizations. Rewriting minimizes the number of applications
of potentially costly external functions required to compute a query result. AML queries can also be optimized for space.
Query results are generated a piece at a time by pipelined execution plans, and the amount of memory required by a plan depends
on the order in which pieces are generated. An optimizer can consider generating the pieces of the query result in a variety
of orders, and can efficiently choose orders that require less space. An AML-based prototype array database system called
ArrayDB has been built, and it is used to show the effectiveness of these optimization techniques.
Edited by M. Carey. Received: 10 August 2001 / Accepted: 11 December 2001 Published online: 24 May 2002 相似文献
18.
Managing Role-Based Access Control Policies for Grid Databases in OGSA-DAI Using CAS 总被引:2,自引:0,他引:2
In this paper, we present a role-based access control method for accessing databases through the Open Grid Services Architecture
– Data Access and Integration (OGSA-DAI) framework. OGSA-DAI is an efficient Grid-enabled middleware implementation of interfaces
and services to access and control data sources and sinks. However, in OGSA-DAI, access control causes substantial administration
overhead for resource providers in virtual organizations (VOs) because each of them has to manage a role-map file containing
authorization information for individual Grid users. To solve this problem, we used the Community Authorization Service (CAS)
provided by the Globus Toolkit to support the role-based access control (RBAC) within OGSA-DAI. CAS uses the Security Assertion
Markup Language (SAML). Our method shows that CAS can support a wide range of security policies using role-privileges, role
hierarchies, and constraints. The resource providers need to maintain only the mapping information from VO roles to local
database roles and the local policies in the role-map files, so that the number of entries in the role-map file is reduced
dramatically. Also, unnecessary authentication, mapping and connections can be avoided by denying invalid requests at the
VO level. Thus, our access control method provides increased manageability for a large number of users and reduces day-to-day
administration tasks of the resource providers, while they maintain the ultimate authority over their resources. Performance
analysis shows that our method adds very little overhead to the existing security infrastructure of OGSA-DAI. 相似文献
19.
E. Pontelli D. Gillan G. Gupta A. Karshmer E. Saad W. Xiong 《Universal Access in the Information Society》2002,2(1):56-69
This paper provides an overview of a project aimed at using knowledge-based technology to improve accessibility of the Web
for visually impaired users. The focus is on the multi-dimensional components of Web pages (tables and frames); our cognitive
studies demonstrate that spatial information is essential in comprehending tabular data, and this aspect has been largely
overlooked in the existing literature. Our approach addresses these issues by using explicit representations of the navigational semantics of the documents and using a domain-specific language to query the semantic representation and derive navigation strategies. Navigational knowledge is explicitly generated and
associated to the tabular and multi-dimensional HTML structures of documents. This semantic representation provides to the
blind user an abstract representation of the layout of the document; the user is then allowed to issue commands from the domain-specific
language to access and traverse the document according to its abstract layout.
Published online: 6 November 2002 相似文献
20.
I/O scheduling for digital continuous media 总被引:4,自引:0,他引:4
A growing set of applications require access to digital video and audio. In order to provide playback of such continuous
media (CM), scheduling strategies for CM data servers (CMS) are necessary. In some domains, particularly defense and industrial process control, the timing requirements of these applications
are strict and essential to their correct operation. In this paper we develop a scheduling strategy for multiple access to
a CMS such that the timing guarantees are maintained at all times. First, we develop a scheduling strategy for the steady state,
i.e., when there are no changes in playback rate or operation. We derive an optimal Batched SCAN (BSCAN) algorithm that requires minimum buffer space to schedule concurrent accesses. The scheduling strategy incorporates two key
constraints: (1) data fetches from the storage system are assumed to be in integral multiples of the block size, and (2) playback
guarantees are ensured for frame-oriented streams when each frame can span multiple blocks. We discuss modifications to the
scheduling strategy to handle compressed data like motion-JPEG and MPEG.
Second, we develop techniques to handle dynamic changes brought about by VCR-like operations executed by applications. We define a suite of primitive VCR-like operations that can be executed. We show that an unregulated change in the BSCAN schedule, in response to VCR-like operations, will affect playback guarantees. We develop two general techniques to ensure playback guarantees while responding
to VCR-like operations: passive and active accumulation. Using user response time as a metric we show that active accumulation algorithms
outperform passive accumulation algorithms. An optimal response-time algorithm in a class of active accumulation strategies
is derived. The results presented here are validated by extensive simulation studies. 相似文献