Navegación

Búsqueda

Búsqueda avanzada

El autor Edelmira Pasarella ha publicado 8 artículo(s):

1 - Reasoning about policy behavior in logic-based trust management systems: Some complexity results and an operational framework

In this paper we show that the logical framework proposed by Becker et al. [1] to reason about security policy behavior in a trust management context can be captured by an operational framework that is based on the language proposed by Miller in 1989 to deal with scoping and/or modules in logic programming. The framework of Becker et al. uses propositional Horn clauses to represent both policies and credentials, implications in clauses are interpreted in counterfactual logic, a Hilbertstyle proof system is defined and a system based on SAT is used to prove whether properties about credentials, permissions and policies are valid, i.e. true under all possible policies. Our contributions in this paper are three. First, we show that this kind of validation can rely on an operational semantics (derivability relation) of a language very similar to Miller’s language, which is very close to derivability in logic programs. Second, we are able to establish that, as in propositional logic, validity of formulas is a co-NP-complete problem. And third, we present a provably correct implementation of a goal-oriented algorithm for validity.

Autores: Edelmira Pasarella / Jorge Lobo / 
Palabras Clave:

2 - An operational framework to reason about policy behavior in trust management systems (High-level Work)

In this paper we show that the logical framework proposed by Becker et al. to reason about security policy behavior in a trust management context can be captured by an operational framework that is based on the language proposed by Miller to deal with scoping and/or modules in logic programming in 1989. The framework of Becker et al. uses propositional Horn clauses to represent both policies and credentials, implications in clauses are interpreted in counterfactual logic, a Hilbert-style proof is defined and a system based on SAT is used to proof whether properties about credentials, permissions and policies are valid in trust management systems, i.e. formulas that are true for all possible policies. Our contribution is to show that instead of using a SAT system, this kind of validation can rely on the operational semantics (derivability relation) of Miller’s language, which is very close to derivability in logic programs, opening up the possibility to extend Becker et al.’s framework to the more practical first order case since Miller’s language is first order.

Autores: Edelmira Pasarella / Jorge Lobo / 
Palabras Clave:

3 - Semantics of structured normal logic programs

In this paper we provide semantics for normal logic programs enriched with structuring mechanisms and scoping rules. Specifically, we consider constructive negation and expressions of the form QG in goals, where Q is a program unit, G is a goal and stands for the so-called embedded implication. Allowing the use of these expressions can be seen as adding block structuring to logic programs. In this context, we consider static and dynamic rules for visibility in blocks. In particular, we provide new semantic definitions for the class of normal logic programs with both visibility rules. For the dynamic case we follow a standard approach. We first propose an operational semantics. Then, we define a model-theoretic semantics in terms of ordered structures which are a kind of intuitionistic Beth structures. Finally, an (effective) fixpoint semantics is provided and we prove the equivalence of these three definitions. In order to deal with the static case, we first define an operational semantics and then we present an alternative semantics in terms of a transformation of the given structured programs into flat ones. We finish by showing that this transformation preserves the computed answers of the given static program.

Autores: Edelmira Pasarella / Fernando Orejas / Elvira Pino / Marisa Navarro / 
Palabras Clave: embedded implication - intuitionistic structures - normal logic programs - Semantics - structuring mechanism - visibility rules

4 - Comparing MapReduce and Pipeline implementations for Counting Triangles

A common method to define a parallel solution for a computational problem consists in finding a way to use the Divide & Conquer paradigm in order to have processors acting on its own data and scheduled in a parallel fashion. MapReduce is a programming model that follows this paradigm,
and allows for the definition of efficient solutions by both decomposing a problem into steps on subsets of the input data and combining the results of each step to produce final results. Albeit used for the implementation of a wide variety of computational problems, MapReduce performance
can be negatively affected whenever the replication factor grows or the size of the input is larger than the resources available at each processor. In this paper we show an alternative approach to implement the Divide & Conquer paradigm, named dynamic pipeline. The main features of pipeline
are illustrated on a parallel implementation of the well-known problem of counting triangles in a graph. This problem is especially interesting either when the input graph does not fit in memory or is dynamically generated. To evaluate the properties of pipeline, a dynamic pipeline of processes and
an ad-hoc version of MapReduce are implemented in the language Go, exploiting its ability to deal with channels and spawned processes. An empirical evaluation is conducted on graphs of different topologies, sizes, and densities. Observed results suggest that pipeline allows for the implementation of an efficient solution of the problem of counting triangles in a graph, particularly, in dense and large graphs, drastically reducing the execution time with respect to the MapReduce implementation.

Autores: Edelmira Pasarella / Maria-Esther Vidal / Cristina Zoltan / 
Palabras Clave:

5 - A Datalog Framework for Modeling Relationship-based Access Control Policies (Trabajo ya publicado)

Relationships like friendship to limit access to resources have been part of social network applications since their beginnings. Describing access control policies in terms of relationships is not particular to social networks and it arises naturally in many situations. Hence, we have recently seen several proposals formalizing different Relationship-based Access Control (ReBAC) models. In this paper, we introduce a class of Datalog programs suitable for modeling ReBAC and argue that this class of programs, that we called ReBAC Datalog policies, provides a very general framework to specify and implement ReBAC policies. To support our claim, we first formalize the merging of two recent proposals for modeling ReBAC, one based on hybrid logic and the other one based on path regular expressions. We present extensions to handle negative authorizations and temporal policies. We describe mechanism for policy analysis, and then discuss the feasibility of using Datalog-based systems as implementations.

Autores: Edelmira Pasarella / Jorge Lobo / 
Palabras Clave: Datalog - Relationship-based Access Control - Security and privacy policies

6 -

7 - The Dynamic Pipeline Paradigm

Nowadays, in the era of Big Data and Internet of Things, large volumes of data in motion are produced in heterogeneous formats, frequencies, densities, and quantities. In general, data is continuously produced by diverse devices and most of them must be processed at real-time. Indeed, this change of paradigm in the way in which data are produced forces us to rethink the way in which they should be processed even in the presence of parallel approaches. To process continuous data, data-driven frameworks are demanded; they are required to dynamically adapt execution schedulers, reconfigure computational structures, and adjust the use of resources according to the characteristics of the input data stream. In previous work, we introduced the Dynamic Pipeline as one of these computational structures and we experimentally showed its efficiency when it is used to solve the problem of counting triangle in a graph. In this work, our aim is to define the main components of the Dynamic Pipeline which is suitable to specify solutions to problems whose incoming data is heterogeneous data in motion. To be concrete, we define the Dynamic Pipeline Paradigm and, additionally, we show the suitability of our framework to specify the solution to different well-known problems.

Autores: Cristina Zoltan / Edelmira Pasarella / Julian Araoz / Maria-Esther Vidal / 
Palabras Clave: Data-driven algorithms - Dynamic Pipeline - Paradigms for structured parallelism

8 - Towards a Dynamic Pipeline Framework implemented in (parallel) Haskell

Data streaming processing has given rise to new computation paradigms to provide effective and efficient data stream processing. The most important features of these new paradigms are the exploitation of parallelism, the capacity to adapt execution schedulers, reconfigure computational structures, adjust the use of resources according to the characteristics of the input stream and produce incremental results. The Dynamic Pipeline Paradigm (DPP) is a naturally functional approach to deal with stream processing. This fact encourages us to use a purely functional programming language for DPP. In this work, we tackle the problem of assessing the suitability of using (parallel) Haskell to implement a Dynamic Pipeline Framework (DPF). The justification of this choice is twofold. First, from a formal point of view, Haskell has solid theoretical foundations providing the possibility of manipulating computations as primary entities. From a practical perspective, it has a robust set of tools for writing multithreading and parallel computations with optimal performance. As a result, we present a dynamic pipeline to compute the weakly connected components of a graph (WCC) in Haskell (a.k.a. DP-Haskell). The behavior of DP-Haskell is empirically evaluated and compared with a solution provided by a Haskell library. The evaluation is assessed in three networks of different sizes and topology. Performance is measured in terms of the time of the first result, continuous generation of results, total time, and consumed memory. The results suggest that DP-Haskell, even naive, is competitive with the existing solution provided in the Haskell library. DP-Haskell exhibits a higher continuous behavior and can produce the first result faster. The observed results are encouraging and provide evidence of the benefits that Haskell’s abstractions bring in implementing WCC and DPP. Built on them, we will develop a general and parametric DPF.

Autores: Juan Pablo Royo Sales / Edelmira Pasarella / Cristina Zoltan / Maria Esther Vidal / 
Palabras Clave: Concurrency - Dynamic Pipeline - Haskell - Parallelism