Integrity Constraints For Access Control Models
|
|
- Buck Fields
- 5 years ago
- Views:
Transcription
1 1 / 19 Integrity Constraints For Access Control Models Romuald THION, Stéphane COULONDRE November
2 2 / 19 Outline 1 Introduction
3 3 / 19 Problem statement From Role-BAC to time (Generalized-Temporal-RBAC, [Joshi05]), team (Team-BAC, [Thomas97a]), tasks (Workflow-RBAC, [Wainer03]), organizations (Organization-BAC, [Miège05])... Goals identify a generic formal framework, characterize constraints in access control models, automate integrity checking.
4 4 / 19 Contribution Proposition Use integrity constraints (a.k.a. data dependencies) from databases. Contribution a simple modelization framework for access control models, formal characterization of constraints in access control models, a set of tools for administrators built from formal ones.
5 5 / 19 Generic definition Access control model : AC = (sch, P, Σ) Close to the deductive databases paradigm : sch : concepts and relations, P : authorization principles, Σ : integrity constraints. First modelization step sch and P acknowledged from the access control community, generic enough to capture core concepts and principles of models, main focus on Σ
6 6 / 19 Basic modelization (meta)-modelization sch vocabulary of the access control model, P set of closed FOL formulae, capture the semantic of authorization, clear separation between extensional and intensional DB. Model theoretic DATALOG semantic intensive policy I = P (I) least logical model of P, uniqueness and finiteness.
7 7 / 19 Data dependencies integrity constraints over relational data, not that far from DATALOG FOL fragment parallel between growing expressivity of data dependencies classes, of access control models. Some data dependencies classes Constraint-Generating Dependencies (CGD), Nullity-Generating Dependencies (NGD), Tuple-Generating Dependencies (TGD), Constrained Tuple-Generating Dependencies (CTGD).
8 8 / 19 Application to access control Capture semantic of constraints of extensive relations of specialized kinds of hierarchies of mutual exclusion, and other properties. Overview of properties of models Σ Only policies that satisfy Σ are correct. Formal definition of correctness Let AC = (sch, P, Σ) an access control model. A policy I over this model is correct iff I SAT (Σ).
9 9 / 19 Properties of schema Constraints on I a user have to be associated to each session, this user is unique, active roles is a subset of granted ones, only one role in a session. Use of data dependencies Endosse(S, R) U Représente(S, U) Représente(S, U) Représente(S, U ) U = U Représente(S, U) Endosse(S, R) Habilite(U, R) Endosse(S, R) Endosse(S, R ) R = R
10 10 / 19 Properties of hierarchies Kinds of hierarchies Use of data dependencies Hérite C (C, C ) Hérite C (C, C) C = C Domine C (C, C ) Domine C (C, C ) C = C Domine C (C, C) Domine C (C, C) C = C C(C) C(C ) C Hérite C (C, C ) Hérite C (C, C ) C(C) C(C ) C Hérite C (C, C) Hérite C (C, C )
11 11 / 19 Properties of authorizations Common principles of x-bac no bypass of core concepts, close to tuple-generating dependencies cannot be expressed in DATALOG-like. [Ferraiolo03] Property 3.2 : A subject s can perform an operation op on object o only if there exists a role r that is included in the subject s active role set and there exists an permission that is assigned to r such that the permission authorizes the performance of op on o. Use of data dependencies Accès(U, A, O) R Habilite(U, R) Affecte(R, A, O)
12 12 / 19 Properties of mutual exclusion Several definitions user-based session-based action-based permission-based. Use of data dependencies Exclusion(R, R ) Habilite(U, R) Habilite(U, R ) Exclusion(R, R ) Endosse(S, R) Endosse(S, R ) Exclusion(R, R ) Affecte(R, A, O) Affecte(R, A, O) Exclusion(R, R ) Affecte(R, A, O) Affecte(R, A, O)
13 13 / 19 Conception of access control model At the very first step abstract verification, integrity of models, simplification of models Logical implication problem Σ = σ no given policy over the model, decidable/semi-decidable according to dependencies.
14 14 / 19 Proof/decision procedure dedicated to TTGD, TGD ou CTGD, the chases [Beeri84, Maher96, Coulondre03, Wang05], strictly more expressive than P, computation without rewriting. Used to prove back some theorems read and write access in MAC [Sandhu93], no root role with mutual exclusion [Benantar06], inclusion of dynamic authorizations in static ones [Ferraiolo03], propagation of exclusion through inheritance [Gavrila98].
15 15 / 19 Administration of policies Basic usages computation of intensive relations, querying of policies, comparison of policies, integrity checking. Satisfaction problem I SAT (Σ) given accesss control policy over a model decidable problem
16 16 / 19 Redundant properties Mutual exclusion [Gavrila98] σ 1 any two roles assigned for a same user are not in separation of duties Habilite(User, Role 1 ) Habilite(User, Role 2 ) Exclusion(Role 1, Role 2 ) σ 2 no role is mutually exclusive with itself Exclusion(Role, Role) σ 3 mutual exclusion is symetric Exclusion(Role 1, Role 2 ) Exclusion(Role 2, Role 1 ) σ 4 any two roles in ssd do not inherits one another Hérite(Role 1, Role 2 ) Exclusion(Role 1, Role 2 ) σ 5 there is no role inheriting two roles in ssd Exclusion(Role 1, Role 2 ) Hérite(Senior, Role 1 ) Hérite(Senior, Role 2 ) σ 6 If a role inherits another role and that role is in ssd with a third one, then the inheriting role is in ssd with the third one. Hérite(Senior, Role 1 ) Exclusion(Role 1, Role 2 ) Exclusion(Senior, Role 2 ).
17 17 / 19 Results let P Σ = {σ 1, σ 2, σ 3, σ 4, σ 5, σ 6 }, automated simplification P Σ\{σ 4 } = σ 4, par application de σ 3, σ 6 et σ 2, P Σ\{σ 5 } = σ 5, par application de σ 3, σ 6, σ 3, σ 6 et σ 2 Prototype LIBDEPENDENCIES Tgds in base : [0] (for all)[r1,r2] separation(r1,r2)->exclusion(r1,r2). [1] (for all)[r1,r2] exclusion(r1,r2)->exclusion(r2,r1). [2] (for all)[r] exclusion(r,r)->error(reflex) (1= 1). [3] (for all)[r,r1,r2] exclusion(r1,r2),herite(r,r1)->exclusion(r,r2) Goal : (for all)[r,r1,r2] exclusion(r1,r2),herite(r,r1),herite(r,r2)-> (1= 1) there is an inconsistency in the store, therefore F =g number of rules applied for closure F(l):7 this chase was : seconds long
18 18 / 19 Synthesis Main symbols Symbol AC = (sch, P, Σ) sch = edb idb P Σ = Σ edb Σ idb I = I s I d I = I s I d Description access control model deductive database schema principles deduction rules properties data dependencies policy (in extenso) instance of edb derived policy (in intenso) instance of sch least model de P
19 19 / 19 Discussion Fragment of FOL neither negation nor disjunction, existential quantifier and constraints, decidability according to data dependencies classes. Main assumptions some principles cannot be expressed, distinction between conception and administration.
Representation and Reasoning on Role-Based Access Control Policies with Conceptual Graphs
Representation and Reasoning on Role-Based Access Control Policies with Conceptual Graphs Romuald Thion and Stéphane Coulondre LIRIS: Lyon Research Center for Images and Intelligent Information Systems,
More informationTowards a Logical Reconstruction of Relational Database Theory
Towards a Logical Reconstruction of Relational Database Theory On Conceptual Modelling, Lecture Notes in Computer Science. 1984 Raymond Reiter Summary by C. Rey November 27, 2008-1 / 63 Foreword DB: 2
More informationCS590U Access Control: Theory and Practice. Lecture 12 (February 23) Role Based Access Control
CS590U Access Control: Theory and Practice Lecture 12 (February 23) Role Based Access Control Role-Based Access Control Models. R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman. IEEE Computer,
More informationA Retrospective on Datalog 1.0
A Retrospective on Datalog 1.0 Phokion G. Kolaitis UC Santa Cruz and IBM Research - Almaden Datalog 2.0 Vienna, September 2012 2 / 79 A Brief History of Datalog In the beginning of time, there was E.F.
More informationThe Inverse of a Schema Mapping
The Inverse of a Schema Mapping Jorge Pérez Department of Computer Science, Universidad de Chile Blanco Encalada 2120, Santiago, Chile jperez@dcc.uchile.cl Abstract The inversion of schema mappings has
More informationConstraint Solving. Systems and Internet Infrastructure Security
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Constraint Solving Systems
More informationLecture 1: Conjunctive Queries
CS 784: Foundations of Data Management Spring 2017 Instructor: Paris Koutris Lecture 1: Conjunctive Queries A database schema R is a set of relations: we will typically use the symbols R, S, T,... to denote
More informationConjunctive queries. Many computational problems are much easier for conjunctive queries than for general first-order queries.
Conjunctive queries Relational calculus queries without negation and disjunction. Conjunctive queries have a normal form: ( y 1 ) ( y n )(p 1 (x 1,..., x m, y 1,..., y n ) p k (x 1,..., x m, y 1,..., y
More informationXXXII Conference on Very Large Data Bases VLDB 2006 Seoul, Korea, 15 th September 2006
Andrea Calì Faculty of Computer Science Free University of Bolzano State University of New York at Stony Brook XXXII Conference on Very Large Data Bases VLDB 2006 Seoul, Korea, 15 th September 2006 F-Logic
More informationFOUNDATIONS OF SEMANTIC WEB TECHNOLOGIES
FOUNDATIONS OF SEMANTIC WEB TECHNOLOGIES RDFS Rule-based Reasoning Sebastian Rudolph Dresden, 16 April 2013 Content Overview & XML 9 APR DS2 Hypertableau II 7 JUN DS5 Introduction into RDF 9 APR DS3 Tutorial
More informationDATABASE THEORY. Lecture 18: Dependencies. TU Dresden, 3rd July Markus Krötzsch Knowledge-Based Systems
DATABASE THEORY Lecture 18: Dependencies Markus Krötzsch Knowledge-Based Systems TU Dresden, 3rd July 2018 Review: Databases and their schemas Lines: Line Type 85 bus 3 tram F1 ferry...... Stops: SID Stop
More informationDATABASE THEORY. Lecture 11: Introduction to Datalog. TU Dresden, 12th June Markus Krötzsch Knowledge-Based Systems
DATABASE THEORY Lecture 11: Introduction to Datalog Markus Krötzsch Knowledge-Based Systems TU Dresden, 12th June 2018 Announcement All lectures and the exercise on 19 June 2018 will be in room APB 1004
More informationRange Restriction for General Formulas
Range Restriction for General Formulas 1 Range Restriction for General Formulas Stefan Brass Martin-Luther-Universität Halle-Wittenberg Germany Range Restriction for General Formulas 2 Motivation Deductive
More informationAdvanced Access Control. Role-Based Access Control. Common Concepts. General RBAC Rules RBAC96
Advanced Access Control In many cases, identity is a bad criteria for authorization. We examine two modern paradigms for access control, which overcome this limitation: 1. Role-Based Access Control 2.
More informationStructural characterizations of schema mapping languages
Structural characterizations of schema mapping languages Balder ten Cate INRIA and ENS Cachan (research done while visiting IBM Almaden and UC Santa Cruz) Joint work with Phokion Kolaitis (ICDT 09) Schema
More informationData integration lecture 2
PhD course on View-based query processing Data integration lecture 2 Riccardo Rosati Dipartimento di Informatica e Sistemistica Università di Roma La Sapienza {rosati}@dis.uniroma1.it Corso di Dottorato
More informationRelative Information Completeness
Relative Information Completeness Abstract Wenfei Fan University of Edinburgh & Bell Labs wenfei@inf.ed.ac.uk The paper investigates the question of whether a partially closed database has complete information
More informationConflict Checking of Separation of Duty Constraints in RBAC - Implementation Experiences
xorbac Conflict Checking of Separation of Duty Constraints in RBAC - Implementation Experiences Mark Strembeck Department of Information Systems, New Media Lab Vienna University of Economics and BA, Austria
More informationCSC Discrete Math I, Spring Sets
CSC 125 - Discrete Math I, Spring 2017 Sets Sets A set is well-defined, unordered collection of objects The objects in a set are called the elements, or members, of the set A set is said to contain its
More informationA Game-Theoretic Approach to Constraint Satisfaction
A Game-Theoretic Approach to Constraint Satisfaction Phokion G. Kolaitis Computer Science Department University of California, Santa Cruz Santa Cruz, CA 95064 kolaitis@cse.ucsc.edu www.cse.ucsc.edu/ kolaitis
More informationRewriting Ontology-Mediated Queries. Carsten Lutz University of Bremen
Rewriting Ontology-Mediated Queries Carsten Lutz University of Bremen Data Access and Ontologies Today, data is often highly incomplete and very heterogeneous Examples include web data and large-scale
More informationData Security and Privacy. Topic 8: Role Based Access Control
Data Security and Privacy Topic 8: Role Based Access Control Plan for this lecture CodeShield: towards personalized application whitelisting. Christopher S. Gates, Ninghui Li, Jing Chen, Robert W. Proctor:
More informationCopyright 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley. Chapter 6 Outline. Unary Relational Operations: SELECT and
Chapter 6 The Relational Algebra and Relational Calculus Copyright 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 6 Outline Unary Relational Operations: SELECT and PROJECT Relational
More informationSmall Formulas for Large Programs: On-line Constraint Simplification In Scalable Static Analysis
Small Formulas for Large Programs: On-line Constraint Simplification In Scalable Static Analysis Isil Dillig, Thomas Dillig, Alex Aiken Stanford University Scalability and Formula Size Many program analysis
More informationFormal Specification for Role Based Access Control User/Role and Role/Role Relationship Management
Formal Specification for Role Based Access Control User/Role and Role/Role Relationship Management Serban I. Gavrila VDG Inc. 6009 Brookside Drive Chevy Chase, MD 20815 gavrila@csmes.ncsl.nist.gov John
More informationLogic and its Applications
Logic and its Applications Edmund Burke and Eric Foxley PRENTICE HALL London New York Toronto Sydney Tokyo Singapore Madrid Mexico City Munich Contents Preface xiii Propositional logic 1 1.1 Informal introduction
More informationDefinition: A context-free grammar (CFG) is a 4- tuple. variables = nonterminals, terminals, rules = productions,,
CMPSCI 601: Recall From Last Time Lecture 5 Definition: A context-free grammar (CFG) is a 4- tuple, variables = nonterminals, terminals, rules = productions,,, are all finite. 1 ( ) $ Pumping Lemma for
More informationChapter 3: Propositional Languages
Chapter 3: Propositional Languages We define here a general notion of a propositional language. We show how to obtain, as specific cases, various languages for propositional classical logic and some non-classical
More informationOn Reconciling Data Exchange, Data Integration, and Peer Data Management
On Reconciling Data Exchange, Data Integration, and Peer Data Management Giuseppe De Giacomo, Domenico Lembo, Maurizio Lenzerini, and Riccardo Rosati Dipartimento di Informatica e Sistemistica Sapienza
More informationKnowledge Representation and Reasoning Logics for Artificial Intelligence
Knowledge Representation and Reasoning Logics for Artificial Intelligence Stuart C. Shapiro Department of Computer Science and Engineering and Center for Cognitive Science University at Buffalo, The State
More informationAccess Control Models Part II
Access Control Models Part II CERIAS and CS &ECE Departments Pag. 1 Introduction Other models: The Chinese Wall Model it combines elements of DAC and MAC RBAC Model it is a DAC model; however, it is sometimes
More informationCS590U Access Control: Theory and Practice. Lecture 18 (March 10) SDSI Semantics & The RT Family of Role-based Trust-management Languages
CS590U Access Control: Theory and Practice Lecture 18 (March 10) SDSI Semantics & The RT Family of Role-based Trust-management Languages Understanding SPKI/SDSI Using First-Order Logic Ninghui Li and John
More informationInformation Security CS 526
Information Security CS 526 Topic 23: Role Based Access Control CS526 Topic 23: RBAC 1 Readings for This Lecture RBAC96 Family R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman. Role-Based Access
More informationFoundations of Schema Mapping Management
Foundations of Schema Mapping Management Marcelo Arenas Jorge Pérez Juan Reutter Cristian Riveros PUC Chile PUC Chile University of Edinburgh Oxford University marenas@ing.puc.cl jperez@ing.puc.cl juan.reutter@ed.ac.uk
More informationSafe Stratified Datalog With Integer Order Does not Have Syntax
Safe Stratified Datalog With Integer Order Does not Have Syntax Alexei P. Stolboushkin Department of Mathematics UCLA Los Angeles, CA 90024-1555 aps@math.ucla.edu Michael A. Taitslin Department of Computer
More informationDatabase Theory VU , SS Introduction: Relational Query Languages. Reinhard Pichler
Database Theory Database Theory VU 181.140, SS 2018 1. Introduction: Relational Query Languages Reinhard Pichler Institut für Informationssysteme Arbeitsbereich DBAI Technische Universität Wien 6 March,
More information}Optimization Formalisms for recursive queries. Module 11: Optimization of Recursive Queries. Module Outline Datalog
Module 11: Optimization of Recursive Queries 11.1 Formalisms for recursive queries Examples for problems requiring recursion: Module Outline 11.1 Formalisms for recursive queries 11.2 Computing recursive
More informationComparing the Expressive Power of Access Control Models
Comparing the Expressive Power of Access Control Models Mahesh V. Tripunitara tripunit@cerias.purdue.edu Ninghui Li ninghui@cs.purdue.edu Center for Education and Research in Information Assurance and
More information}Optimization. Module 11: Optimization of Recursive Queries. Module Outline
Module 11: Optimization of Recursive Queries Module Outline 11.1 Formalisms for recursive queries 11.2 Computing recursive queries 11.3 Partial transitive closures User Query Transformation & Optimization
More informationGeneral Access Control Model for DAC
General Access Control Model for DAC Also includes a set of rules to modify access control matrix Owner access right Control access right The concept of a copy flag (*) Access control system commands General
More informationTheorem proving. PVS theorem prover. Hoare style verification PVS. More on embeddings. What if. Abhik Roychoudhury CS 6214
Theorem proving PVS theorem prover Abhik Roychoudhury National University of Singapore Both specification and implementation can be formalized in a suitable logic. Proof rules for proving statements in
More informationBibliographic citation
Bibliographic citation Andrea Calì, Georg Gottlob, Andreas Pieris: Tractable Query Answering over Conceptual Schemata. In Alberto H. F. Laender, Silvana Castano, Umeshwar Dayal, Fabio Casati, Jos Palazzo
More informationCMPS 277 Principles of Database Systems. https://courses.soe.ucsc.edu/courses/cmps277/fall11/01. Lecture #11
CMPS 277 Principles of Database Systems https://courses.soe.ucsc.edu/courses/cmps277/fall11/01 Lecture #11 1 Limitations of Relational Algebra & Relational Calculus Outline: Relational Algebra and Relational
More informationIsabelle/HOL:Selected Features and Recent Improvements
/: Selected Features and Recent Improvements webertj@in.tum.de Security of Systems Group, Radboud University Nijmegen February 20, 2007 /:Selected Features and Recent Improvements 1 2 Logic User Interface
More informationDetecting Logical Errors in SQL Queries
Detecting Logical Errors in SQL Queries Stefan Brass Christian Goldberg Martin-Luther-Universität Halle-Wittenberg, Institut für Informatik, Von-Seckendorff-Platz 1, D-06099 Halle (Saale), Germany (brass
More informationA Generating Plans from Proofs
A Generating Plans from Proofs Michael Benedikt, University of Oxford and Balder ten Cate, LogicBlox and UC-Santa Cruz and Efthymia Tsamoura, University of Oxford Categories and Subject Descriptors: H.2.3
More informationDescription Logics. Description Logics and Databases
1 + Description Logics Description Logics and Databases Enrico Franconi Department of Computer Science University of Manchester http://www.cs.man.ac.uk/~franconi 2 + Description Logics and Databases Queries
More informationCS 356 Lecture 7 Access Control. Spring 2013
CS 356 Lecture 7 Access Control Spring 2013 Review Chapter 1: Basic Concepts and Terminology Integrity, Confidentiality, Availability, Authentication, and Accountability Types of threats: active vs. passive,
More informationVerification of Data-Aware Processes Data Centric Dynamic Systems
Verification of Data-Aware Processes Data Centric Dynamic Systems Diego Calvanese, Marco Montali Research Centre for Knowledge and Data (KRDB) Free University of Bozen-Bolzano, Italy 29th European Summer
More informationQuery Decomposition and Data Localization
Query Decomposition and Data Localization Query Decomposition and Data Localization Query decomposition and data localization consists of two steps: Mapping of calculus query (SQL) to algebra operations
More informationDatabase Theory VU , SS Codd s Theorem. Reinhard Pichler
Database Theory Database Theory VU 181.140, SS 2011 3. Codd s Theorem Reinhard Pichler Institut für Informationssysteme Arbeitsbereich DBAI Technische Universität Wien 29 March, 2011 Pichler 29 March,
More information15-819M: Data, Code, Decisions
15-819M: Data, Code, Decisions 08: First-Order Logic André Platzer aplatzer@cs.cmu.edu Carnegie Mellon University, Pittsburgh, PA André Platzer (CMU) 15-819M/08: Data, Code, Decisions 1 / 40 Outline 1
More informationDatalog Evaluation. Linh Anh Nguyen. Institute of Informatics University of Warsaw
Datalog Evaluation Linh Anh Nguyen Institute of Informatics University of Warsaw Outline Simple Evaluation Methods Query-Subquery Recursive Magic-Set Technique Query-Subquery Nets [2/64] Linh Anh Nguyen
More informationOn Mutually-Exclusive Roles and Separation of Duty
On Mutually-Exclusive Roles and Separation of Duty Ninghui Li ninghui@cs.purdue.edu Ziad Bizri zelbizri@cs.purdue.edu Mahesh V. Tripunitara tripunit@cerias.purdue.edu Center for Education and Research
More informationBDDC v2 A basic bdd-based logical calculator
BDDC v2 A basic bdd-based logical calculator Pascal RAYMOND November 24, 2008, (rev. September 28, 2015) BDDC is a tool for manipulating logical formula. It is based on a Binary Decision Diagram library,
More informationStructural Characterizations of Schema-Mapping Languages
Structural Characterizations of Schema-Mapping Languages Balder ten Cate University of Amsterdam and UC Santa Cruz balder.tencate@uva.nl Phokion G. Kolaitis UC Santa Cruz and IBM Almaden kolaitis@cs.ucsc.edu
More informationSummary of Course Coverage
CS-227, Discrete Structures I Spring 2006 Semester Summary of Course Coverage 1) Propositional Calculus a) Negation (logical NOT) b) Conjunction (logical AND) c) Disjunction (logical inclusive-or) d) Inequalities
More informationTowards a Semantic Web Modeling Language
Towards a Semantic Web Modeling Language Draft Christoph Wernhard Persist AG Rheinstr. 7c 14513 Teltow Tel: 03328/3477-0 wernhard@persistag.com May 25, 2000 1 Introduction The Semantic Web [2] requires
More informationHybrid Role Hierarchy for Generalized Temporal Role Based Access Control Model
Hybrid Role Hierarchy for Generalized Temporal Role Based Access Control Model James B. D. Joshi #, Elisa Bertino *, Arif Ghafoor # Center for Education and Research in Information Assurance and Security
More informationConjunctive Query Containment in Description Logics with n-ary Relations
Conjunctive Query Containment in Description Logics with n-ary Relations Diego Calvanese and Giuseppe De Giacomo and Maurizio Lenzerini Dipartimento di Informatica e Sistemistica Università di Roma La
More information[Ch 6] Set Theory. 1. Basic Concepts and Definitions. 400 lecture note #4. 1) Basics
400 lecture note #4 [Ch 6] Set Theory 1. Basic Concepts and Definitions 1) Basics Element: ; A is a set consisting of elements x which is in a/another set S such that P(x) is true. Empty set: notated {
More informationThe Complexity of Data Exchange
The Complexity of Data Exchange Phokion G. Kolaitis IBM Almaden kolaitis@almaden.ibm.com Jonathan Panttaja UC Santa Cruz jpanttaj@cs.ucsc.edu Wang-Chiew Tan UC Santa Cruz wctan@cs.ucsc.edu ABSTRACT Data
More informationTerm Algebras with Length Function and Bounded Quantifier Elimination
with Length Function and Bounded Ting Zhang, Henny B Sipma, Zohar Manna Stanford University tingz,sipma,zm@csstanfordedu STeP Group, September 3, 2004 TPHOLs 2004 - p 1/37 Motivation: Program Verification
More information8. Negation 8-1. Deductive Databases and Logic Programming. (Sommer 2017) Chapter 8: Negation
8. Negation 8-1 Deductive Databases and Logic Programming (Sommer 2017) Chapter 8: Negation Motivation, Differences to Logical Negation Syntax, Supported Models, Clark s Completion Stratification, Perfect
More informationOntologies and Databases
Ontologies and Databases Diego Calvanese KRDB Research Centre Free University of Bozen-Bolzano Reasoning Web Summer School 2009 September 3 4, 2009 Bressanone, Italy Overview of the Tutorial 1 Introduction
More informationAn Efficient Framework for User Authorization Queries in RBAC Systems
An Efficient Framework for User Authorization Queries in RBAC Systems Guneshi T. Wickramaarachchi Purdue University 305 N. University Street, West Lafayette, IN 47907, USA gwickram@purdue.edu Wahbeh H.
More informationFoundations of AI. 9. Predicate Logic. Syntax and Semantics, Normal Forms, Herbrand Expansion, Resolution
Foundations of AI 9. Predicate Logic Syntax and Semantics, Normal Forms, Herbrand Expansion, Resolution Wolfram Burgard, Andreas Karwath, Bernhard Nebel, and Martin Riedmiller 09/1 Contents Motivation
More informationHANDBOOK OF LOGIC IN ARTIFICIAL INTELLIGENCE AND LOGIC PROGRAMMING
HANDBOOK OF LOGIC IN ARTIFICIAL INTELLIGENCE AND LOGIC PROGRAMMING Volume 5 Logic Programming Edited by DOV M. GABBAY and C. J. HOGGER Imperial College of Science, Technology and Medicine London and J.
More informationUpdate Exchange With Mappings and Provenance
University of Pennsylvania ScholarlyCommons Technical Reports (CIS) Department of Computer & Information Science November 2007 Update Exchange With Mappings and Provenance Todd J. Green University of Pennsylvania,
More informationTHE RELATIONAL MODEL. University of Waterloo
THE RELATIONAL MODEL 1-1 List of Slides 1 2 The Relational Model 3 Relations and Databases 4 Example 5 Another Example 6 What does it mean? 7 Example Database 8 What can we do with it? 9 Variables and
More informationCSE 20 DISCRETE MATH. Fall
CSE 20 DISCRETE MATH Fall 2017 http://cseweb.ucsd.edu/classes/fa17/cse20-ab/ Final exam The final exam is Saturday December 16 11:30am-2:30pm. Lecture A will take the exam in Lecture B will take the exam
More informationNegations in Refinement Type Systems
Negations in Refinement Type Systems T. Tsukada (U. Tokyo) 14th March 2016 Shonan, JAPAN This Talk About refinement intersection type systems that refute judgements of other type systems. Background Refinement
More informationReview Material: First Order Logic (FOL)
Information Integration on the WEB with RDF, OWL and SPARQL Review Material: First Order Logic (FOL) Grant Weddell October 7, 2013 Syntax of FOL Signatures Vocabularies are called signatures in FOL. The
More informationModel Checking of Location and Mobility Related Security Policy Specifications in Ambient Calculus
Model Checking of Location and Mobility Related Security Policy Specifications in Ambient Calculus Devrim Ünal (presenter) devrimu@uekae.tubitak.gov.tr National Institute of Electronics and Cryptology,
More informationData Integration: Logic Query Languages
Data Integration: Logic Query Languages Jan Chomicki University at Buffalo Datalog Datalog A logic language Datalog programs consist of logical facts and rules Datalog is a subset of Prolog (no data structures)
More informationOWL 2 Profiles. An Introduction to Lightweight Ontology Languages. Markus Krötzsch University of Oxford. Reasoning Web 2012
University of Oxford Department of Computer Science OWL 2 Profiles An Introduction to Lightweight Ontology Languages Markus Krötzsch University of Oxford Reasoning Web 2012 Remark for the Online Version
More informationPropositional Logic. Part I
Part I Propositional Logic 1 Classical Logic and the Material Conditional 1.1 Introduction 1.1.1 The first purpose of this chapter is to review classical propositional logic, including semantic tableaux.
More informationTyped Lambda Calculus
Department of Linguistics Ohio State University Sept. 8, 2016 The Two Sides of A typed lambda calculus (TLC) can be viewed in two complementary ways: model-theoretically, as a system of notation for functions
More informationOn the Hardness of Counting the Solutions of SPARQL Queries
On the Hardness of Counting the Solutions of SPARQL Queries Reinhard Pichler and Sebastian Skritek Vienna University of Technology, Faculty of Informatics {pichler,skritek}@dbai.tuwien.ac.at 1 Introduction
More informationContainment and Minimization of RDF/S Query Patterns. Outline
Containment and Minimization of RDF/S Query Patterns Giorgos Serfiotis, Ioanna Koffina Computer Science Department, University of Crete and Institute of Computer Science - FORTH Val Tannen Computer and
More informationDatabase Theory: Beyond FO
Database Theory: Beyond FO CS 645 Feb 11, 2010 Some slide content based on materials of Dan Suciu, Ullman/Widom 1 TODAY: Coming lectures Limited expressiveness of FO Adding recursion (Datalog) Expressiveness
More informationFunction Symbols in Tuple-Generating Dependencies: Expressive Power and Computability
Function Symbols in Tuple-Generating Dependencies: Expressive Power and Computability Georg Gottlob 1,2, Reinhard Pichler 1, and Emanuel Sallinger 2 1 TU Wien and 2 University of Oxford Tuple-generating
More informationReasoning With Characteristic Models
This papers appears in the Proceedings of the Eleventh National Conference on Artificial Intelligence (AAAI-93), Washington, D.C., 1993. Reasoning With Characteristic Models Henry A. Kautz, Michael J.
More informationLabel-Based Access Control: An ABAC Model with Enumerated Authorization Policy
Label-Based Access Control: An ABAC Model with Enumerated Authorization Policy Prosunjit Biswas Univ. of Texas at San Antonio eft434@my.utsa.edu Ravi Sandhu Univ. of Texas at San Antonio ravi.sandhu@utsa.edu
More informationRBAC: Motivations. Users: Permissions:
Role-based access control 1 RBAC: Motivations Complexity of security administration For large number of subjects and objects, the number of authorizations can become extremely large For dynamic user population,
More informationPooya Saadatpanah, Michalis Famelis, Jan Gorzny, Nathan Robinson, Marsha Chechik, Rick Salay. September 30th, University of Toronto.
Comparing the Pooya Michalis Jan Nathan Marsha Chechik, Rick Salay University of Toronto September 30th, 2012 MoDeVVa 12 1 / 32 in software modeling : pervasive in MDE Models with uncertainty: Represent
More informationIntroduction p. 1 The purpose and fundamentals of access control p. 2 Authorization versus authentication p. 3 Users, subjects, objects, operations,
Preface p. xv Acknowledgments p. xvii Introduction p. 1 The purpose and fundamentals of access control p. 2 Authorization versus authentication p. 3 Users, subjects, objects, operations, and permissions
More informationINCONSISTENT DATABASES
INCONSISTENT DATABASES Leopoldo Bertossi Carleton University, http://www.scs.carleton.ca/ bertossi SYNONYMS None DEFINITION An inconsistent database is a database instance that does not satisfy those integrity
More informationLOGIC AND DISCRETE MATHEMATICS
LOGIC AND DISCRETE MATHEMATICS A Computer Science Perspective WINFRIED KARL GRASSMANN Department of Computer Science University of Saskatchewan JEAN-PAUL TREMBLAY Department of Computer Science University
More informationINHERITANCE PROPERTIES OF ROLE HIERARCHIES. W.A. Jansen National Institute of Standards and Technology Gaithersburg, MD 20899, USA
INHERITANCE PROPERTIES OF ROLE HIERARCHIES W.A. Jansen National Institute of Standards and Technology Gaithersburg, MD 20899, USA wjansen@nist.gov Abstract: Role Based Access Control (RBAC) refers to a
More informationChapter 8: Enhanced ER Model
Chapter 8: Enhanced ER Model Subclasses, Superclasses, and Inheritance Specialization and Generalization Constraints and Characteristics of Specialization and Generalization Hierarchies Modeling of UNION
More informationIntroduction to Linear-Time Temporal Logic. CSE 814 Introduction to LTL
Introduction to Linear-Time Temporal Logic CSE 814 Introduction to LTL 1 Outline Motivation for TL in general Types of properties to be expressed in TL Structures on which LTL formulas are evaluated Syntax
More informationAccess Patterns and Integrity Constraints Revisited
Access Patterns and Integrity Constraints Revisited Vince Bárány Department of Mathematics Technical University of Darmstadt barany@mathematik.tu-darmstadt.de Michael Benedikt Department of Computer Science
More informationIntroductory logic and sets for Computer scientists
Introductory logic and sets for Computer scientists Nimal Nissanke University of Reading ADDISON WESLEY LONGMAN Harlow, England II Reading, Massachusetts Menlo Park, California New York Don Mills, Ontario
More informationKnowledge Representation
Knowledge Representation References Rich and Knight, Artificial Intelligence, 2nd ed. McGraw-Hill, 1991 Russell and Norvig, Artificial Intelligence: A modern approach, 2nd ed. Prentice Hall, 2003 Outline
More informationLogik für Informatiker Logic for computer scientists
Logik für Informatiker for computer scientists WiSe 2011/12 Overview Motivation Why is logic needed in computer science? The LPL book and software Scheinkriterien Why is logic needed in computer science?
More informationA CSP Search Algorithm with Reduced Branching Factor
A CSP Search Algorithm with Reduced Branching Factor Igor Razgon and Amnon Meisels Department of Computer Science, Ben-Gurion University of the Negev, Beer-Sheva, 84-105, Israel {irazgon,am}@cs.bgu.ac.il
More informationKnowledge Representation and Ontologies Part 1: Modeling Information through Ontologies
Knowledge Representation and Ontologies Diego Calvanese Faculty of Computer Science Master of Science in Computer Science A.Y. 2011/2012 Part 1 Modeling Information through Ontologies D. Calvanese (FUB)
More informationOntology and Database Systems: Knowledge Representation and Ontologies Part 1: Modeling Information through Ontologies
Ontology and Database Systems: Knowledge Representation and Ontologies Diego Calvanese Faculty of Computer Science European Master in Computational Logic A.Y. 2016/2017 Part 1 Modeling Information through
More informationQuery Rewriting Using Views in the Presence of Inclusion Dependencies
Query Rewriting Using Views in the Presence of Inclusion Dependencies Qingyuan Bai Jun Hong Michael F. McTear School of Computing and Mathematics, University of Ulster at Jordanstown, Newtownabbey, Co.
More information