Showing papers on "Data access published in 2005"

GEO-RBAC: a spatially aware RBAC

Abstract: Securing access to data in location-based services and mobile applications requires the definition of spatially aware access-control systems. Even if some approaches have already been proposed either in the context of geographic database systems or context-aware applications, a comprehensive framework, general and flexible enough to deal with spatial aspects in real mobile applications, is still missing. In this paper, we make one step toward this direction and present GEO-RBAC, an extension of the RBAC model enhanced with spatial-and location-based information. In GEORBAC, spatial entities are used to model objects, user positions, and geographically bounded roles. Roles are activated based on the position of the user. Besides a physical position, obtained from a given mobile terminal or a cellular phone, users are also assigned a logical and device-independent position, representing the feature (the road, the town, the region) in which they are located. To enhance flexibility and reusability, we also introduce the concept of role schema, specifying the name of the role, as well as the type of the role spatial boundary and the granularity of the logical position. We then extend GEO-RBAC to support hierarchies, modeling permission, user, and activation inheritance, and separation of duty constraints. The proposed classes of constraints extend the conventional ones to deal with different granularities (schema/instance level) and spatial information. We conclude the paper with an analysis of several properties concerning the resulting model.

Verification and change-impact analysis of access-control policies

Abstract: Sensitive data are increasingly available on-line through the Web and other distributed protocols. This heightens the need to carefully control access to data. Control means not only preventing the leakage of data but also permitting access to necessary information. Indeed, the same datum is often treated differently depending on context. System designers create policies to express conditions on the access to data. To reduce source clutter and improve maintenance, developers increasingly use domain-specific, declarative languages to express these policies. In turn, administrators need to analyze policies relative to properties, and to understand the effect of policy changes even in the absence of properties. This paper presents Margrave, a software suite for analyzing role-based access-control policies. Margrave includes a verifier that analyzes policies written in the XACML language, translating them into a form of decision-diagram to answer queries. It also provides semantic differencing information between versions of policies. We have implemented these techniques and applied them to policies from a working software application.

System and methods for constructing personalized context-sensitive portal pages or views by analyzing patterns of users' information access activities

Abstract: The present invention relates to a system and methodology to assist users with data access activities and that includes such activities as routine web browsing and/or data access applications. A coalesced display or montage of aggregated information is provided that is focused from a plurality of sources to achieve substantially one-button access to user's desired web or data source information/destinations in order to mitigate efforts in retrieving and viewing such information. Past web or other type data access patterns can be mined to predict future browsing sites or desired access locations. A system is provided that builds personalized web portals for associated users based on models mined from past data access patterns. The portals can provide links to web resources as well as embed content from distal (remote) pages or sites producing a montage of web or other type data content. Automated topic classification is employed to create multiple topic-centric views that can be invoked by a user.

System and method for managing data in a distributed computer system

Abstract: Methods are provided for managing, (202) sharing and providing access to data, especially among systems that are used to conduct a distributed (200) application. Such methods may be beneficial, for example, in distributed networks having occasionally-connected (200) devices. Methods are provided for linking and (211) synchronizing data in a distributed network. In one example system, loosely-coupled systems may be used to implement such a (200) network. Further, an abstraction layer may be used to abstract data elements (e.g., files, database elements) from those used by an (200) application.

Satellite based data transfer and delivery system

Abstract: A high speed data transfer system includes a WAU ( 201 ) which is utilized to provide high speed data access to satellite transferred data. The system is configured such that a plurality of data utilization devices ( 205 ) may access the high speed data via wireless links to the WAU ( 201 ). Advantageously, high speed data services may be provided to users without the users requiring individual satellite antennas.

Involving Teachers in Data-Driven Decision Making: Using Computer Data Systems to Support Teacher Inquiry and Reflection

Abstract: Accountability mandates such as No Child Left Behind (NCLB) have drawn attention to the practical use of student data for school improvement. Nevertheless, schools may struggle with these mandates because student data are often stored in forms that are difficult to access, manipulate, and interpret. Such access barriers additionally preclude the use of data at the classroom level to inform and impact instruction. Fortunately, there are newly available computer technologies that allow efficient organization and access to student data. In addition to allowing easier accountability reporting, these tools allow user-friendly data access at all educational levels, meaning that teachers can use these tools to engage in the informed reflection necessary to improve classroom practice. In this article, I discuss teacher use of these systems, providing insight into the function of these tools and discussing conditions that make these tools of the most service to teachers.

Method and system for determining the location of an unlicensed mobile access subscriber

Abstract: A method and system for locating an unlicensed mobile access (UMA) subscriber. The method enables a user of a mobile station comprising a hand-set or the like that supports voice and data access via both licensed and unlicensed radio spectrums to be located. Accordingly, services requiring location information, such as 911 services, may be accessed when operating the mobile station under both UMA and licensed wireless network (e.g., cellular) sessions.

Context-sensitive program analysis as database queries

Abstract: Program analysis has been increasingly used in software engineering tasks such as auditing programs for security vulnerabilities and finding errors in general. Such tools often require analyses much more sophisticated than those traditionally used in compiler optimizations. In particular, context-sensitive pointer alias information is a prerequisite for any sound and precise analysis that reasons about uses of heap objects in a program. Context-sensitive analysis is challenging because there are over 1014 contexts in a typical large program, even after recursive cycles are collapsed. Moreover, pointers cannot be resolved in general without analyzing the entire program.This paper presents a new framework, based on the concept of deductive databases, for context-sensitive program analysis. In this framework, all program information is stored as relations; data access and analyses are written as Datalog queries. To handle the large number of contexts in a program, the database represents relations with binary decision diagrams (BDDs). The system we have developed, called bddbddb, automatically translates database queries into highly optimized BDD programs.Our preliminary experiences suggest that a large class of analyses involving heap objects can be described succinctly in Datalog and implemented efficiently with BDDs. To make developing application-specific analyses easy for programmers, we have also created a language called PQL that makes a subset of Datalog queries more intuitive to define. We have used the language to find many security holes in Web applications.

Performance‐improving techniques in web‐based GIS

Abstract: WebGIS (also known as web‐based GIS and Internet GIS) denotes a type of Geographic Information System (GIS), whose client is implemented in a Web browser. WebGISs have been developed and used extensively in real‐world applications. However, when such a complex web‐based system involves the dissemination of large volumes of data and/or massive user interactions, its performance can become an issue. In this paper, we first identify several major potential performance problems with WebGIS. Then, we discuss several possible techniques to improve the performance. These techniques include the use of pyramids and hash indices on the server side to handle large images. To resolve server‐side conflicts originating from concurrent massive access and user interactions, we suggest clustering and multithreading techniques. Multithreading is also used to break down the long sequential, layer‐based data access to concurrent data access on the client side. Caching is suggested as a means to enhance concurrent data access...

The Earth System Grid: Supporting the Next Generation of Climate Modeling Research

Abstract: Understanding the Earth's climate system and how it might be changing is a preeminent scientific challenge. Global climate models are used to simulate past, present, and future climates, and experiments are executed continuously on an array of distributed supercomputers. The resulting data archive, spread over several sites, currently contains upwards of 100 TB of simulation data and is growing rapidly. Looking toward mid-decade and beyond, we must anticipate and prepare for distributed climate research data holdings of many petabytes. The Earth System Grid (ESG) is a collaborative interdisciplinary project aimed at addressing the challenge of enabling management, discovery, access, and analysis of these critically important datasets in a distributed and heterogeneous computational environment. The problem is fundamentally a Grid problem. Building upon the Globus toolkit and a variety of other technologies, ESG is developing an environment that addresses authentication, authorization for data access, large-scale data transport and management, services and abstractions for high-performance remote data access, mechanisms for scalable data replication, cataloging with rich semantic and syntactic information, data discovery, distributed monitoring, and Web-based portals for using the system.

Data security system

Abstract: A data security system comprises a host processor, and a plurality of remote computers. Each remote computer provides biometric authentication of a user prior to responding to the user request for data access. The remote computers are handheld when in operational mode. A sensor in the handheld computer captures a biometric image while the remote computer is being used. The biometric sensor is positioned in such a way that the sensor enables the capture of the biometric image continually during computer usage with each request for access to secure data. The biometric authentication occurs in a seamless manner and is incidental to the data request enabling user identity authentication with each request to access secure data.

Storage resource managers: Middleware components for gridstorage

Abstract: The amount of scientific data generated by simulations orcollected from large scale experiments have reached levels that cannot bestored in the researcher's workstation or even in his/her local computercenter. Such data are vital to large scientific collaborations dispersedover wide-area networks. In the past, the concept of a Gridinfrastructure [1]mainly emphasized the computational aspect ofsupporting large distributed computational tasks, and optimizing the useof the network by using bandwidth reservation techniques. In this paperwe discuss the concept of Storage Resource Managers (SRMs) as componentsthat complement this with the support for the storage management of largedistributed datasets. The access to data is becoming the main bottleneckin such "data intensive" applications because the data cannot bereplicated in all sites. SRMs can be used to dynamically optimize the useof storage resource to help unclog this bottleneck.

Dynamic replication algorithms for the multi-tier Data Grid

Abstract: Data replication is a common method used to improve the performance of data access in distributed systems. In this paper, two dynamic replication algorithms, Simple Bottom-Up (SBU) and Aggregate Bottom-Up (ABU), are proposed for the multi-tier Data Grid. A multi-tier Data Grid simulator called DRepSim is developed for studying the performances of the dynamic replication algorithms. The simulation results show that both algorithms can reduce the average response time of data access greatly compared to the static replication method. ABU can achieve great performance improvements for all access patterns even if the available storage size of the replication server is very small. Comparing the two algorithms to Fast Spread dynamic replication strategy, ABU proves to be superior. As for SBU, although the average response time of Fast Spread is better in most cases, Fast Spread's replication frequency is too high to be applicable in the real world.

Dynamic data driven applications systems: new capabilities for application simulations and measurements

Abstract: The Dynamic Data Driven Application Systems (DDDAS) concept entails the ability to incorporate dynamically data into an executing application simulation, and in reverse, the ability of applications to dynamically steer measurement processes Such dynamic data inputs can be acquired in real-time on-line or they can be archival data DDDAS offers the promise of improving modeling methods, augmenting the analysis and prediction capabilities of application simulations, improving the efficiency of simulations and the effectiveness of measurement systems In the recent years grid computing technologies provide advanced computational capabilities for applications and application simulations At the same time measurement infrastructures, from instruments to sensor systems, to data storage technologies and remote data access have also matured The DDDAS concept dynamically integrates computational and measurement aspects of an application, and in that respect the “platform” supporting the application becomes a unified computational and measurement infrastructure Enabling the synergistic feedback and control-loop between application simulations and measurements requires novel application modeling approaches and interfaces to measurement systems, mathematical and statistical algorithms tolerant to perturbations from dynamic data inputs, and systems software to support the dynamic resource requirements of such applications This and the rest of the papers in the proceedings of this workshop provide examples of ongoing research developing DDDAS technologies, both in terms of new capabilities in applications, measurement methods and in related systems software technologies

Multi-media remote data access terminals and system

Abstract: In a public internet access terminal, the combination comprising an access station, and computer apparatus at the station and including a user keyboard and data display means, and a user credit card reader at the station, and the computer apparatus including circuit means operatively connected to the card reader to be responsive to reading of user credit card data to enable user access to the internet via the computer apparatus at the access station.

Systems and methods for providing distributed cache coherence

Abstract: A plurality of access nodes sharing access to data on a storage network implement a directory based cache ownership scheme. One node, designated as a global coordinator, maintains a directory (e.g., table or other data structure) storing information about I/O operations by the access nodes. The other nodes send requests to the global coordinator when an I/O operation is to be performed on identified data. Ownership of that data in the directory is given to the first requesting node. Ownership may transfer to another node if the directory entry is unused or quiescent. The distributed directory-based cache coherency allows for reducing bandwidth requirements between geographically separated access nodes by allowing localized (cached) access to remote data.

Data access responding system, storage system, client apparatus, cache apparatus, and method for accessing data access responding system

Abstract: A control apparatus provides a transfer instruction to one of storage apparatus and a cache apparatus, in which relevant data is stored, when receiving an access request from a client apparatus for the data for which the storage location is managed; and the one of the storage apparatus and the cache apparatus receiving the transfer instruction directly returns a reply message, to the client apparatus, having information of the storage location of the data added thereto, which data the access request requests.

Efficient data access for parallel BLAST

Abstract: Searching biological sequence databases is one of the most routine tasks in computational biology. This task is significantly hampered by the exponential growth in sequence database sizes. Recent advances in parallelization of biological sequence search applications have enabled bioinformatics researchers to utilize high-performance computing platforms and, as a result, greatly reduce the execution time of their sequence database searches. However, existing parallel sequence search tools have been focusing mostly on parallelizing the sequence alignment engine. While the computation-intensive alignment tasks become cheaper with larger machines, data-intensive initial preparation and result merging tasks become more expensive. Inefficient handling of input and output data can easily create performance bottlenecks even on supercomputers. It also causes a considerable data management overhead. In this paper, we present a set of techniques for efficient and flexible data handling in parallel sequence search applications. We demonstrate our optimizations through improving mpiBLAST, an open-source parallel BLAST tool rapidly gaining popularity. These optimization techniques aim at enabling flexible database partitioning, reducing I/O by caching small auxiliary files and results, enabling parallel I/O on shared files, and performing scalable result processing protocols. As a result, we reduce mpiBLAST users' operational overhead by removing the requirement of pre-partitioning databases. Meanwhile, our experiments show that these techniques can bring by an order of magnitude improvement to both the overall performance and scalability of mpiBLAST.

Methods and apparatus for synchronizing data access to a local memory in a multi-processor system

Abstract: Methods and apparatus provide for receiving a request from an initiating device to initiate a data transfer into a local memory for execution of one or more programs therein, the local memory being operatively coupled to a first of a plurality of parallel processors capable of operative communication with a shared memory; facilitating the data transfer into the local memory; and producing a synchronization signal indicating that the data transfer into the local memory has been completed.

System and methods for enabling applications of who-is-speaking (WIS) signals

Abstract: A system for enabling controlled application of derived who-is-speaking indications related to activity of participants to a live multiparty communications conference or recorded outputs. The system includes a first node hosting a conference bridging switch, software or a combination thereof, having multiple conference input channels; a second node having data access to at least an output signal port of the conference bridging switch, software, or a combination thereof, and a software application distributed wholly to the first or second node, or in parts to the first and second node. The application is used to apply the who is speaking indications to output communications, data files, or data streams, forwarded to one of, a select potion of, or combination of, the conference participants, non-participant third parties, and one or more storage facilities.

The essence of data access in Cω: the power is in the dot!

Abstract: In this paper we describe the data access features of Cω, an experimental programming language based on C# currently under development at Microsoft Research. Cω targets distributed, data-intensive applications and accordingly extends C#'s support of both data and control. In the data dimension it provides a type-theoretic integration of the three prevalent data models, namely the object, relational, and semi-structured models of data. In the control dimension Cω provides elegant primitives for asynchronous communication. In this paper we concentrate on the data dimension. Our aim is to describe the essence of these extensions; by which we mean we identify, exemplify and formalize their essential features. Our tool is a small core language, FCω, which is a valid subset of the full Cω language. Using this core language we are able to formalize both the type system and the operational semantics of the data access fragment of Cω.

Method and/or system to authorize access to stored data

Abstract: Embodiments of methods and/or systems to authorize access to stored data are disclosed herein. When a data access request is detected by an agent executing on a first device, the agent determines whether the data access request is authorized based on at least one rule associated with a security policy on the first device. If the agent determines that the data access request is authorized, then the data access request is transmitted to a second device. Subsequently, an application executing on the second device, then determines whether the presence of an agent on the first device is required to forward the data access request to a data storage system. This determination is based on statistical information associated with data access of the data storage system. If it is determined that the presence of the agent is required, the second device then determines whether the agent is present and forwards the data to the agent if the agent is present.

XROOTD/TXNetFile: a highly scalable architecture for data access in the ROOT environment

Abstract: When dealing with the concurrent access from a multitude of clients to petabyte-scale data repositories, high performance, fault tolerance, robustness, and scalability are four very important issues. This paper describes the choices and the work done to address the high demand data access needs of modern physics experiments, such as the BaBar experiment at SLAC, and of any other field in which a reliable data access is a primary issue. For this purpose a highly scalable architecture has been designed and deployed which allows thousands of batch jobs and interactive sessions to effectively access the data repositories with as few fails as possible.

FreeLoader: Scavenging Desktop Storage Resources for Scientific Data

Abstract: High-end computing is suffering a data deluge from experiments, simulations, and apparatus that creates overwhelming application dataset sizes. End-user workstations-despite more processing power than ever before-are ill-equipped to cope with such data demands due to insufficient secondary storage space and I/O rates. Meanwhile, a large portion of desktop storage is unused. We present the FreeLoader framework, which aggregates unused desktop storage space and I/O bandwidth into a shared cache/scratch space, for hosting large, immutable datasets and exploiting data access locality. Our experiments show that FreeLoader is an appealing low-cost solution to storing massive datasets, by delivering higher data access rates than traditional storage facilities. In particular, we present novel data striping techniques that allow FreeLoader to efficiently aggregate a workstation’s network communication bandwidth and local I/O bandwidth. In addition, the performance impact on the native workload of donor machines is small and can be effectively controlled.

COOP - A cooperative caching service in MANETs

Abstract: Data access applications in mobile ad hoc networks (MANETs) suffer from intermittent network connections and restricted power supplies. While most of the researches focus on media access control (MAC) and routing layer solutions, we explore the possibility of application cooperation. In this paper, we propose COOP, a novel cooperative caching service for data access applications in MANETs. The objective is to improve data availability and access efficiency by collaborating local resources of mobile devices. COOP addresses two basic problems of cooperative caching: cache resolution and cache management, i.e. how to find the requested data efficiently and how to manage local cache to improve the capacity of cooperated caches. The simulation results show that the service significantly reduces response delay and improves data availability for data access applications in MANETs

Data Access Architecture

Abstract: Methods and apparatuses for remotely accessing data through a wireless device are disclosed. Preferably, the wireless device includes an ability to link data between software components operating on the wireless device. Additionally, the wireless device preferably includes an ability to reduce remote data access by identifying a first data type and a second data type used by a software component, retrieving data corresponding to the first data type from a service provider, retrieving data corresponding to the second data type from the portable device, and displaying on the portable device a return content result including both the first data type and the second data type.

Controlling computer applications' access to data

Abstract: Systems and methods are described that control attempts made by an application to access data. In one embodiment, the application is associated with a security token that includes an application ID. In operation, the system receives a request, initiated by the application, for access to the data. The system is configured to evaluate the request for access based in part on comparison of the security token and a listing of approved application IDs associated with the data.

Towards a third generation data capture architecture for honeynets

Abstract: Honeynets have become an important tool for researchers and network operators. However, their effectiveness has been impeded by a lack of a standard unified honeynet data model which results from having multiple unrelated data sources, each with its own access method and format. In this paper we propose a new data collection architecture that addresses the need for both rapid comprehension and detailed analysis by providing two data access methods: a relational model based fast path, and a canonical slow path. We also present a set of tools based on this architecture.

The complexity of static data replication in data grids

Abstract: Data replication is a well-known technique used in distributed computing to improve access to data and/or system fault-tolerance. Recently, studies of its applications to grid computing have also been initiated. In this article we describe data replication on data grids as a static optimization problem. We show that this problem is NP-hard and non-approximable. We discuss two approaches to solving it, i.e. integer programming and simplifications.

Enabling object oriented capabilities in automation systems

Abstract: The invention relates to systems and methods that support object oriented access to information at multiple levels in a control architecture, for example. Such data access can be facilitated as a layer adjacent to or part of an MES system or as a white box cooperating to encapsulate data such as in the controller or the MES layer, for example. In addition, such object oriented data access can be built into a controller as a standard behavior of controller data types and tags of those data types. In this manner, data can be encapsulated as a data object to expose properties and/or methods related to the data utilizing a common interface with each data consumer. Thus, the data consumer can employ object oriented concepts, such as properties, methods, scope qualifiers, access qualifiers (private, protected, public enterprise), polymorphism, inheritance and the like directly with their automation system components.