%@preamble{ "\newcommand{\noopsort}[1]{} " # "\newcommand{\printfirst}[2]{#1} " # "\newcommand{\singleletter}[1]{#1} " # "\newcommand{\switchargs}[2]{#2#1} " } The KEY field is here to override the KEY field in the journal being cross referenced (so is the NOTE field, in addition to its imparting information). @MastersThesis{Oshani:Thesis:2009, author = {Oshani Wasana Seneviratne}, title = {{Framework for Policy Aware Reuse of Content on the WWW}}, school = {Massachusetts Institute of Technology}, address = {Cambridge, MA}, year = {2009}, month = {June}, howpublished = "\url{http://dig.csail.mit.edu/2009/oshani-thesis/main.pdf}", } @misc{fyzz, title ="fyzz is a sparkling Python parser for the Sparql query language", author ="Adrien Di Mascio and Nicolas Chauvat and Sylvain Thenault", key ="fyzz", mont ="July", year ="2009", howpublished ="\url{http://www.logilab.org/project/fyzz}", } @misc{swot, title ="Semantic Web, and Other Technologies to Watch", author ="Steve Bratt ", key ="swot slides", year ="2007", howpublished ="\url{http://www.w3.org/2007/Talks/0130-sb-W3CTechSemWeb/}", } @misc{air-t, title ="AIR Policy Tutorial", author ="Lalana Kagal", key ="air tutorial", year ="2009", howpublished ="\url{http://tw.rpi.edu/proj/tami/AIR_Policy_Tutorial}", } @misc{s0, title ="Scenario 0: MIT Prox Card Policy Violation", author ="Lalana Kagal", key ="scenario 0", year ="2007", howpublished ="\url{http://dig.csail.mit.edu/TAMI/2007/s0/}", } @misc{cwm-cwmrete, title ="cwm", author ="Tim Berners-Lee", key ="cwm and cwmrete", year ="2008", howpublished ="\url{http://www.w3.org/2000/10/swap/doc/cwm.html}", } @misc{swap, title ="Semantic Web Application Platform - SWAP", author ="Tim Berners-Lee", key ="swap", year ="2005", howpublished ="\url{http://www.w3.org/2000/10/swap/}", } @misc{uris, title ="Naming and Addressing: URIs, URLs, ...", author ="Tim Berners-Lee and Dan Connolly", key ="uris", year ="1997", howpublished ="\url{http://www.w3.org/Addressing/}", } @article{sciam, title ="The Semantic Web", author ="Tim Berners-Lee and James Hendler and Ora Lassila", key ="scientific american article", journal ="Scientific American", year ="2001", month ="May", howpublished ="\url{http://www.scientificamerican.com/article.cfm?id=the-semantic-web}", } @unpublished{prop-iarpa, title ="End-to-End Semantic Accountability: Policy Assurance for Private Information Retrieval", author ="Lalana Kagal", key ="project proposal", year ="2008", month ="December", howpublished ="Draft", } @article{iarpa-wired, title ="Introducing Iarpa: It's Like Darpa, But for Spies", author ="Sharon Weinberger", key ="wired magazine", journal ="Wired", year ="2008", month ="March", howpublished ="\url{http://www.wired.com/politics/security/magazine/16-04/st_alphageek}", } @misc{iarpa-pir-slides, title ="Policy Assurance for PIR Queries", author ="Lalana Kagal", key ="slides", year ="2009", howpublished ="\url{http://dig.csail.mit.edu/2009/Talks/0226-IARPA-PI/policy-assurance.pdf}", } @misc{dawg-test, title ="DAWG Testcases", author ="Lee Feigenbaum", key ="DAWG", year ="2004", howpublished ="\url{http://www.w3.org/2001/sw/DataAccess/tests/r2}", } @article{rete, title ="Rete: A Fast Algorithm for the Many Pattern/Many Object Pattern Match Problem", author ="Charles Forgy", journal ="Artificial Intelligence", month ="", pages ="17–37", year ="1982", volume ="19", } @misc{swobjects, title ="SWObjects Source Code Directory", author ="Eric Prud'hommeaux", key ="swobjects", year ="2008", howpublished ="\url{http://www.w3.org/2008/04/SPARQLfed/}", } @article{amord, title ="AMORD: A Deductive Procedure System", author ="Gerald Jay Sussman and Guy L Steele Jr. and Charles Rich and Jon Doyle and Johan de Kleer", journal ="MIT Artificial Intelligence Laboratory", year ="1977-08", } @misc{swa, title ="W3C Semantic Web Activity", author =" Harry Halpin and Sandro Hawke and Ivan Herman and Eric Prud’hommeaux and Dave Raggett and Ralph Swick", key ="Semantic Web", year ="2009", howpublished ="\url{http://www.w3.org/2001/sw/}", } @misc{rdf, title ="Resource Description Framework (RDF)", author ="Ivan Herman and Ralph Swick and Dan Brickley", key ="RDF", year ="2004", howpublished ="\url{http://www.w3.org/RDF/}", } @misc{rdf-syntax, title ="RDF/XML Syntax Specification", author ="Dave Beckett and Brian McBride", key ="RDF Syntax", year ="2004", howpublished ="\url{http://www.w3.org/TR/rdf-syntax-grammar/}", } @misc{owl, title ="OWL Web Ontology Language Overview", author ="Deborah L. McGuinness and Frank van Harmelen", key ="OWL", year ="2004", howpublished ="\url{http://www.w3.org/TR/owl-features/}", } @unpublished{stunes-search, author ="Mike Stunes", title ="Addressing Privacy Leakage from Search Engine Logs", note ="Internal DIG Report", month ="August", year ="2008" } @article{n3logic, author ="Tim Berners-Lee and Dan Connolly and Lalana Kagal and Yosi Scharf and Jim Hendler", title ="N3Logic: A Logical Framework For the World Wide Web", journal ="Journal of Theory and Practice of Logic Programming", year ="2007" } @article{info-account, author ="Daniel J. Weitzner and Harold Abelson and Tim Berners-Lee and Joan Feigenbaum and James Hendler and Gerald Jay Sussman", title ="Information Accountability", journal ="Communications of the ACM", year ="2008", month ="June" } @article{air, author ="Lalana Kagal and Chris Hanson and Daniel Weitzner", title ="Using Dependency Tracking to Provide Explanations for Policy Management", journal ="IEEE Policy 2008", year ="2008", URL ="http://dig.csail.mit.edu/2008/Papers/IEEE Policy/air-overview.pdf" } @inproceedings{rein, author ="Lalana Kagal and Tim Berners-Lee and Dan Connolly and Daniel Weitzner", title ="Using Semantinc Web Technologies for Policy Management on the Web", booktitle="21st National Conference on Artificial Intelligence (AAAI)", year ="2006", month ="July", URL ="http://dig.csail.mit.edu/2006/Papers/AAAI/" } @inproceedings{datafly, author ="Latanya Sweeney", title ="Guaranteeing Anonymity when Sharing Medical Data: the Datafly System", booktitle="AMIA Annual Fall Symposium", year ="1997", URL ="http://www.amia.org/pubs/symposia/D004462.pdf" } @article{kanon, author ="Latanya Sweeney", title ="k-Anonymity: A Model for Protecting Privacy", journal ="International Journal on Uncertainty, Fuzziness, and Knowledge-Based Systems", year ="2002", pages ="555-570", volume ="10 (5)" } @article{kanon2, author ="Latanya Sweeney", title ="Achieving k-Anonymity Privacy Protection Using Generalization and Suppression", journal ="International Journal on Uncertainty, Fuzziness, and Knowledge-Based Systems", year ="2002", pages ="571-588", volume ="10 (5)" } @article{idangel, author ="Latanya Sweeney", title ="Protecting Job Seekers from Identity Theft", journal ="IEEE Internet Computing", year ="2006", month ="March-April", pages ="74-79" } @inproceedings{rbac, author ="David F. Ferraiolo and D. Richard Kuhn", title ="Role-Based Access Controls", booktitle ="15th National Computer Security Conference", year ="1992", month ="October", pages ="554-563" } @inproceedings{rulebased, author ="Huiying Li and Xiang Zhang and Honghan Wu and Yuzhong Qu", title ="Design and Application of Rule Based Access Control Policies", booktitle ="ISWC Workshop on Semantic Web and Policy", year ="2005", pages ="34-41", URL ="http://iws.seu.edu.cn/publications/lzwq05" } @inproceedings{creative-commons, author ="Oshani Seneviratne and Lalana Kagal and Daniel Weitzner and Hal Abelson and Tim Berners-Lee and Nigel Shadbolt", title ="Detecting Creative Commons License Violations on Images on the World Wide Web", booktitle ="WWW2009", year ="2009", month ="April" } @misc{sparql, key ="W3C", title ="SPARQL Query Language for RDF", author ="Eric Prud'hommeaux and Andy Seaborne", booktitle ="W3C Recommendation", month ="January", year ="2008", howpublished ="\url{http://www.w3.org/TR/rdf-sparql-query/}", URL ="http://www.w3.org/TR/rdf-sparql-query/" } @misc{triple-store, key ="triplestore", title ="Rhetorical Device: Triple Store", author ="Jack Rusher", year ="2001", howpublished ="\url{http://www.w3.org/2001/sw/Europe/events/20031113-storage/positions/rusher.html}", URL ="http://www.w3.org/2001/sw/Europe/events/20031113-storage/positions/rusher.html" } @misc{tabulator, key ="tabulator", title ="Tabulator: Generic data browser", author ="Tim Berners-Lee", year ="2005", howpublished ="\url{http://www.w3.org/2005/ajar/tab}", URL ="http://www.w3.org/2005/ajar/tab" } @misc{adobe-xmp, key ="adobe-xmp", title ="Adobe XMP partners", author ="Adobe", year ="2009", howpublished ="\url{http://www.adobe.com/products/xmp/partners.html}", URL ="http://www.adobe.com/products/xmp/partners.html" } @misc{cc-ns, key ="cc-ns", title ="Describing Copyright in RDF", author ="Creative Commons", year ="2009", howpublished ="\url{http://creativecommons.org/ns}", URL ="http://creativecommons.org/ns" } @Article{ Kamra, title = "Detecting Anomalous Access Patterns in Relational Databases", author = "Ashish Kamra and Evimaria Terzi and Elisa Bertino", journal = "VLDB Journal: The International Journal on Very Large Data Bases", publisher = "Springer Berlin / Heidelberg", year = "2007", abstract = "A considerable effort has been recently devoted to the development of Database Management Systems (DBMS) which guarantee high assurance and security. An important component of any strong security solution is represented by Intrusion Detection (ID) techniques, able to detect anomalous behavior of applications and users. To date, however, there have been few ID mechanisms proposed which are specifically tailored to function within the DBMS. In this paper, we propose such a mechanism. Our approach is based on mining SQL queries stored in database audit log files. The result of the mining process is used to form profiles that can model normal database access behavior and identify intruders. We consider two different scenarios while addressing the problem. In the first case, we assume that the database has a Role Based Access Control (RBAC) model in place. Under a RBAC system permissions are associated with roles, grouping several users, rather than with single users. Our ID system is able to determine role intruders, that is, individuals while holding a specific role, behave differently than expected. An important advantage of providing an ID technique specifically tailored to RBAC databases is that it can help in protecting against insider threats. Furthermore, the existence of roles makes our approach usable even for databases with large user population. In the second scenario, we assume that there are no roles associated with users of the database. In this case, we look directly at the behavior of the users. We employ clustering algorithms to form concise profiles representing normal user behavior. For detection, we either use these clustered profiles as the roles or employ outlier detection techniques to identify behavior that deviates from the profiles. Our preliminary experimental evaluation on both real and synthetic database traces shows that our methods work well in practical situations.", issn = "1066-8888", url = "http://www.springerlink.com/content/n001w7182583465m/", } @INPROCEEDINGS{Cathey03misusedetection, author = {Rebecca Cathey and Ling Ma and Nazli Goharian and David Grossman}, title = {Misuse Detection for Information Retrieval Systems}, booktitle = {ACM 12th Conference on Information and Knowledge Management}, year = {2003} } @INPROCEEDINGS{demids, author = {Christina Yip Chung and Michael Gertz and Karl Levitt}, title = {DEMIDS: A misuse detection system for database systems}, booktitle = {In Third International IFIP TC-11 WG11.5 Working Conference on Integrity and Internal Control in Information Systems}, year = {1999}, pages = {159--178}, publisher = {Kluwer Academic Publishers} } @INPROCEEDINGS{Deutsch05privacyin, author = {Alin Deutsch and Yannis Papakonstantinou}, title = {Privacy in database publishing}, booktitle = {In ICDT}, year = {2005} } @INPROCEEDINGS{Qiu85trustedcomputer, author = {Lili Qiu and Yin Zhang and Feng Wang and Mi Kyung and Han Ratul Mahajan}, title = {Trusted Computer System Evaluation Criteria}, booktitle = {National Computer Security Center}, year = {1985}, url ="http://nsi.org/Library/Compsec/orangebo.txt", } @misc{mysql, title ="MySQL 6.0 Reference Manual", author ="{MySQL A.B.} and {Sun Microsystems}", key ="MySQL", year ="2009", howpublished ="\url{http://dev.mysql.com/doc/refman/6.0/en/index.html}", } @misc{acl-oracle, title ="Access Control Features in Oracle", author ="Ji-Won Byun", year ="2005", month ="April", howpublished ="\url{http://www.cs.purdue.edu/homes/ninghui/courses/Spring05/lectures/Oracle.pdf}" } @misc{oracle, title ="Oracle Database Security Guide, 10g Release 1", author ="Laurel P Hale and Jeffrey Levinger", year ="2003", month ="December", howpublished ="\url{http://www.stanford.edu/dept/itss/docs/oracle/10g/network.101/b10773/title.htm}", } @inproceedings{dac-db, author ="Roshan K. Thomas and Ravi S. Sandhu", title ="Discretionary Access Control in Object-Oriented Databases: Issues and Research Directions", booktitle ="National Computer Security Conference", year ="1993", month ="September", pages ="63-74", url ="https://eprints.kfupm.edu.sa/35285/", } @INPROCEEDINGS{rbac-commercial, author = {Ramouli Ramaswamy and Ravi S}, title = {Role-based access control features in commercial database management systems}, booktitle = {In Proceedings of 21st NIST-NCSC National Information Systems Security Conference}, year = {1998}, pages = {503--511} } @misc{spasql, title ="SPASQL: SPARQL Support In MySQL", author ="Eric Prud'hommeaux", year ="2007", month ="June", howpublished ="\url{http://www.w3.org/2005/05/22-SPARQL-MySQL/XTech}", }