Security design in distributed database systems

This paper deals with data security design in a distributed environment. A goal of the paper is to present a multiphase security design methodology reflecting the current approach to data base design. The aggregated distributed environment is considered, and a multilevel logical security system architecture is examined. For each level the content of the security logical schemata is defined and described. Finally, mapping rules between the logical levels are presented.     

A methodology for integration of heterogeneous databases

The transformation of existing local databases to meet diverse application needs at the global level is performed through a four-layered procedure that stresses total schema integration and virtual integration of local databases. The proposed methodology covers both schema integration and database integration, and uses a four-layered schema architecture (local schemata, local object schemata, global schema, and global view schemata) with each layer presenting an integrated view of the concepts that characterize the layer below. Mechanisms for accomplishing this objective are presented in theoretical terms, along with a running example. Object equivalence classes, property equivalence classes, and other related concepts are discussed in the context of logical integration of heterogeneous schemata, while object instance equivalence classes and property instance equivalence classes, and other related concepts are discussed for data integration purposes. The proposed methodology resolves naming conflicts, scaling conflicts, type conflicts, and level of abstraction, and other types of conflicts during schema integration, and data inconsistencies during data integration     

基于分布对象Web的主流数据库集成系统

面向新一代的分布式对象Web体系结构，将全局数据库技术，全局数据库事务管理技术，主流数据库对象化组件技术和先进的CORBA对象技术综合成一体，在支持异构分布式系统的CORBA机制，全局数据库模式，全局查询语言的定义，语法和语义分析，查询优化，主流数据库的对象化表示，事务的管理，并发控制，安全管理，全局事务的完整性处理，主流数据库的集成工具，多数据库系统的管理和维护策略等方面，针对实用化的目标开展研究并加以实现。     

安全Windows终端软件系统的研究与实现

针对Windows终端的安全问题,提出主/辅式双处理器、双操作系统的安全Windows终端解决方案。在阐述方案的总体架构和硬件平台的基础上,设计软件框架,分析设备管理、系统管理和安全控制等关键技术的设计与实现,包括主辅核设备的协同管理、多种内部通道的设计、网络数据包的流转等。     

A query processing algorithm for a system of heterogeneous distributed databases

This paper presents a query processing algorithm, formulated and developed in support of the prototype architecture of the Distributed Access View Integrated Database (DAVID) which is a heterogeneous distributed database management system. The objective of the proposed query processing algorithm is to produce an inexpensive strategy for a given query. The inexpensive query strategy is obtained primarily by computing the most profitable semi-joins and by determining the best sequence of join operations per processing site. The latter is obtained by applying a zero-one integer linear program that uses a non-parametric statistical estimation technique to compute the sizes of the temporary clusters. A cluster is a subset of the cartesian product of a list of atomic and non-atomic domains and is the structure that can represent in a uniform way data stored in relational, hierarchical and network databases.Following some background information on the development of the DAVID prototype, this paper introduces the schema architecture. The schema architecture describes the mechanism by which the component heterogeneous database schemata are mapped into the uniform global schema. This is followed by the formulation of the query processing algorithm, its implementation and an illustration of its use in the context of NASA's Astrophysics Data System.Recommended by: Y. Breitbart     

省级电子政务系统总体规划

针对电子政务系统建设面临的难点，提出了以统一的网络基础设施和信息安全基础设施为基础，以统一的电子政务平台为纽带，将各政府部门的政务系统连结在一起的新方案。各个部门须共享的数据和服务被转换成标准的格式，并以Web Service接口的形式对外发布，从而实现了异构平台下的数据共享与服务。详细介绍了省级电子政务系统的分层逻辑模型、信息共享与交换解决方案、共享数据库发布过程和共享数据库服务过程。     

Formulating global integrity constraints during derivation of global schema

In a heterogeneous distributed database environment, each component database is characterized by its own logical schema and its own set of integrity constraints. The task of generating a global schema from a constituent local schemata has been addressed by many researchers. The complementary problem of using multiple sets of integrity constraints to create a new set of global integrity constraints is examined in this paper. These global integrity constraints facilitate both query optimization and update validation tasks.     

Towards a new approach to secure database design

The problem of designing and managing a secure database system is considered in this paper. The approach which is proposed is primarily concerned with the security information definition and management in a database environment. A multiphase design methodology is presented reflecting current proposals of database design methodology. In particular four design phases are proposed: requirements analysis of the security system, conceptual, logical and physical design of security information. The content and the solution techniques of each phase are examined. A database management system architecture is also presented which is suitable to control access rights to the database.     

The Piazza peer data management system

Intuitively, data management and data integration tools are well-suited for exchanging information in a semantically meaningful way. Unfortunately, they suffer from two significant problems: They typically require a comprehensive schema design before they can be used to store or share information and they are difficult to extend because schema evolution is heavyweight and may break backward compatibility. As a result, many small-scale data sharing tasks are more easily facilitated by nondatabase-oriented tools that have little support for semantics. The goal of the peer data management system (PDMS) is to address this need: We propose the use of a decentralized, easily extensible data management architecture in which any user can contribute new data, schema information, or even mappings between other peers' schemes. PDMSs represent a natural step beyond data integration systems, replacing their single logical schema with an interlinked collection of semantic mappings between peers' individual schemas. This paper describes-several aspects of the Piazza PDMS, including the schema mediation formalism, query answering and optimization algorithms, and the relevance of PDMSs to the semantic Web.     

Dynamic data sharing and security in a collaborative product definition management system

Product definition management (PDM) is a system that supports management of both engineering data and the product development process during the total product life cycle. The formation of a virtual enterprise is becoming a growing trend, and vendors of PDM systems have recently developed a new generation of PDM systems called collaborative product definition management (cPDM). This paper presents the concept of a virtual engineering community (VEC) to support concurrent product development within geographically distributed partners. A previous case study has shown that collaborative engineering design may be modelled from a parameter perspective [1]. Effective implementation of the parameter approach raises the following problems: how to support data sharing and secure that span the partner borders. This paper describes the system architecture, deployed security mechanisms, the prototype developed within cPDM, and the system demonstration using a real test. The implementation of this architecture extends a common commercial PDM system (Axalan™) and utilizes standard software to create a security framework for the involved resources. Collaboration infrastructure, shared team spaces and shared resources are essential to enable virtual teams to work together. Various organizational and technical challenges are implied. The outlined architecture features a federated data approach. These issues are discussed and potential perspectives in the area of collaboration engineering are identified.     

一种弱中心化的银行可信数据管理方案

针对传统银行系统的中心化数据存储模式高效便捷但不透明、而新兴的去中心化的应用系统公开透明但共识机制低效的问题,提出了一种面向银行系统的总分双链的弱中心化可信数据管理方案。该模式的核心思想是应用区块链技术打造彼此交叉且相互印证的总分双链的数据存储结构,并利用分户账回溯定位技术,结合大量轻客户端基于密码学技术的分布式监督为个体提供交易验证的可能,从而实现数据的中心化可信存储与管理。它将中心化的数据存储与去中心化的数据验证相结合,从而兼有中心化管理的高效性和分布式机制的透明性,其本质上是一种民主监督下的中心模式,在满足银行独立,完全掌控数据的同时能够自证清白,并兼顾隐私与监督之间的平衡。     

分布式防火墙系统的安全机制设计

分布式系统因为其物理位置上的松耦合结构具有一定的脆弱性，系统中各成员的动态性和数据传输的不可靠性使得系统自身的安全成为分,布式系统亟待解决的问题。本文就以分布式防火墙系统为例，提出了一个安全模型架构，通过自定义的一套简单，灵活，实用的安全机制来实现系统自身的安全性。     

CSDL: A Conceptual Schema Definition Language for the Design of Data Base Applications

A language to support the incremental design of the conceptual schemata of data bases is presented. Abstractions are expressed in terms of high-evel constructs and operations on these abstractions allow the definition of other abstractions. Both abstractions and operations on them are totally independent from the underlying internal representation of the schema, which is created consistently by applying the operators of the language. In addition, the language offers a. number of support facilities for type checking of relationships and graphical displays of the conceptual schemata for easier understanding.     

一个安全网络文件系统的设计与实现

安全网络文件系统能够保证在开放环境下数据的安全性,其设计应当综合权衡安全性、性能和使用方便性.描述了一个安全网络文件系统SecNFS的设计与实现,包括设计思想、体系结构、共享方案、密钥管理、安全分析和实现方法.     

一种新型的安全Windows终端系统研究与实现

针对Windows终端的安全问题,提出主/辅式双核、双操作系统的Windows终端主动安全防护解决方案.说明了方案的设计思路、硬件体系结构和软件框架.在保持主核Windows系统的软硬件结构不变的基础上,增加辅核系统,独立运行高安全嵌入式操作系统,对所有进出Windows系统的网络数据进行安全处理.硬件采用"PC处理器+PCI控制系统+双端口缓冲+ARM处理器+网络接口"的架构.软件主要包括各种驱动程序、系统管理模块和安全控制模块等.     

Schema theory for genetic programming with one-point crossover and point mutation

We review the main results obtained in the theory of schemata in genetic programming (GP), emphasizing their strengths and weaknesses. Then we propose a new, simpler definition of the concept of schema for GP, which is closer to the original concept of schema in genetic algorithms (GAs). Along with a new form of crossover, one-point crossover, and point mutation, this concept of schema has been used to derive an improved schema theorem for GP that describes the propagation of schemata from one generation to the next. We discuss this result and show that our schema theorem is the natural counterpart for GP of the schema theorem for GAs, to which it asymptotically converges.     

A Methodology for Data Schema Integration in the Entity Relationship Model

The conceptual design of databases is usually seen as divided into two steps: view modeling, during which user requirements are formally expressed by means of several user oriented conceptual schemata, and schema integration, whose goal is to merge such schemata into a unique global conceptual schema. This paper is devoted to describe a methodology for schema integration. An enriched entity relationship model is chosen as the data model. The integration process consists of three steps: first, several types of conflicts between the different user schemata are checked and solved; second, schemata are merged into a draft integrated schema, that is, third, enriched and restructured according to specific goals.     

Providing Security and Interoperation of Heterogeneous Systems

Interoperation and information sharing among databases independently developed and maintained by different organizations is today a pressing need, if not a practice. Governmental, military, financial, medical, and private institutions are more and more required to become part of a distributed infrastructure and selectively share their data with other organizations. This sharing process inevitably opens the local system to new vulnerabilities and enlarges the space of possible threats to the data and resources it maintains. As a complicating factor, in general, data sources are heterogeneous both in the data models they adopt and in the security models by which protection requirements are stated. We present a modeling and architectural solution to the problem of providing interoperation while preserving autonomy and security of the local sources based on the use of wrappers and a mediator. A wrapper associated with each source provides a uniform data interface and a mapping between the source's security lattice and other lattices. The mediator processes global access requests by interfacing applications and data sources. The combination of wrappers and mediator thus provides a uniform data model interface and allows the mapping between restrictions stated by the different security policies. We describe the practical application of these ideas to the problem of trusted interoperation of health care databases, targeted to enforcing security in distributed applications referring to independent heterogeneous sources protected by mandatory policy restrictions. We describe the architecture and operation of the system developed, and describe the tasks of the different components.     

Design and assurance strategy for the NRL Pump

The NRL Pump forwards messages from a low level system to a high level system and monitors the timing of acknowledgments from the high level system to minimize leaks. It is the keystone to a proposed architecture that uses specialized high assurance devices to separate data at different security levels. We describe the software design and assurance argument strategy for this device, the Network NRL Pump, which can be used in any multilevel secure distributed architecture. We have completed the system requirements and logical design of a prototype pump and are working on its physical design     

Specification and synthesis of hybrid automata for physics-based animation

Physics-based animation programs can often be modeled in terms of hybrid automata. A hybrid automaton includes both discrete and continuous dynamical variables. The discrete variables define the automaton’s modes of behavior. The continuous variables are governed by mode-dependent differential equations. This paper describes a system for specifying and automatically synthesizing physics-based animation programs based on hybrid automata. The system presents a program developer with a family of parameterized specification schemata. Each schema describes a pattern of behavior as a hybrid automaton passes through a sequence of modes. The developer specifies a program by selecting one or more schemata and supplying application-specific instantiation parameters for each of them. Each schema is associated with a set of axioms in a logic of hybrid automata. The axioms serve to document the semantics of the specification schema. Each schema is also associated with a set of implementation rules. The rules synthesize program components implementing the specification in a general physics-based animation architecture. The system allows animation programs to be developed and tested in an incremental manner. The system itself can be extended to incorporate additional schemata for specifying new patterns of behavior, along with new sets of axioms and implementation rules. It has been implemented and tested on over a dozen examples. We believe this research is a significant step toward a specification and synthesis system that is flexible enough to handle a wide variety of animation programs, yet restricted enough to permit programs to be synthesized automatically.