We propose a new automatic image segmentation method. Color edges in an image are first obtained automatically by combining an improved isotropic edge detector and a fast entropic thresholding technique. After the obtained color edges have provided the major geometric structures in an image, the centroids between these adjacent edge regions are taken as the initial seeds for seeded region growing (SRG). These seeds are then replaced by the centroids of the generated homogeneous image regions by incorporating the required additional pixels step by step. Moreover, the results of color-edge extraction and SRG are integrated to provide homogeneous image regions with accurate and closed boundaries. We also discuss the application of our image segmentation method to automatic face detection. Furthermore, semantic human objects are generated by a seeded region aggregation procedure which takes the detected faces as object seeds.

Sensor devices are becoming ubiquitous, especially in measurement and monitoring applications. Because of the real-time, append-only and semi-infinite natures of the generated sensor data streams, an online incremental approach is a necessity for mining stream data types. In this paper, we propose STAGGER: a one-pass, online and incremental algorithm for mining periodic patterns in data streams. STAGGER does not require that the user pre-specify the periodicity rate of the data. Instead, STAGGER discovers the potential periodicity rates. STAGGER maintains multiple expanding sliding windows staggered over the stream, where computations are shared among the multiple overlapping windows. Small-length sliding windows are imperative for early and real-time output, yet are limited to discover short periodicity rates. As streamed data arrives continuously, the sliding windows expand in length in order to cover the whole stream. Larger-length sliding windows are able to discover longer periodicity rates. STAGGER incrementally maintains a tree-like data structure for the frequent periodic patterns of each discovered potential periodicity rate. In contrast to the Fourier/Wavelet-based approaches used for discovering periodicity rates, STAGGER not only discovers a wider, more accurate set of periodicities, but also discovers the periodic patterns themselves. In fact, experimental results with real and synthetic data sets show that STAGGER outperforms Fourier/Wavelet-based approaches by an order of magnitude in terms of the accuracy of the discovered periodicity rates. Moreover, realdata experiments demonstrate the practicality of the discovered periodic patterns.

A digital government can be viewed as an amalgam of heterogeneous information systems that exchange high-volume information among government agencies and public and private sectors engaged in government business. This gives rise to several daunting multidomain security challenges as well as concern for citizen privacy. The success of a digital government infrastructure depends on how well it meets these challenges and its preparedness against numerous potential threats ranging from simple act of hacking to cyber-terrorism. In this chapter, we outline these crucial security and privacy issues and present various solutions that are available and need to be further investigated.

Dealing with sensitive data has been the focus of much of recent research. On one hand data disclosure may incur some risk due to security breaches, but on the other hand data sharing has many advantages. For example, revealing customer transactions at a grocery store may be beneficial when studying purchasing patterns and market demand. However, a potential misuse of the revealed information may be harmful due to privacy violations. In this paper we study the tradeoff between data disclosure and data retention. Specifically, we address the problem of minimizing the risk of data disclosure while maintaining its utility above a certain acceptable threshold. We formulate the problem as a discrete optimization problem and leverage the special monotonicity characteristics for both risk and utility to construct an efficient algorithm to solve it. Such an algorithm determines the optimal transformations that need to be performed on the microdata before it gets released. These optimal transformations take into account both the risk associated with data disclosure and the benefit of it (referred to as utility). Through extensive experimental studies we compare the performance of our proposed algorithm with other date disclosure algorithms in the literature in terms of risk, utility, and time. We show that our proposed framework outperforms other techniques for sensitive data disclosure.

Many access control policy languages, e.g., XACML, allow a policy to ontain multiple sub-policies, and the result of the policy on a request is determined by combining the results of the sub-policies according to some policy combining algorithms (PCAs). Existing access control policy languages, however, do not provide a formal language for specifying PCAs. As a result, it is difficult to extend them with new PCAs. The lacking of a formal approach also makes the design of combining algorithms in XACML plagued with issues and subtleties that can be confusing and surprising for policy authors. Motivated by the need to provide a flexible and user-friendly mechanism for specifying PCAs, we propose a policy combining language PCL, which can succinctly and precisely express a variety of PCAs. We show that our approach avoids the pitfalls of XACML and that it is expressive enough to express both PCAs in XACML and other natural PCAs. A policy evaluation engine only needs to understand PCL to evaluate any PCA specified in it. In particular, we model the evaluation of PCAs using finite state automata. Using techniques from automata theory, we also develop systematic policy evaluation optimization techniques that improve evaluation efficiency.

XACML is the OASIS standard language for the specification of authorization and entitlement policies. However, while XACML well addresses security requirements of a single enterprise (even if large and composed by multiple departments), it does not address the requirements of virtual enterprises built through collaboration of several autonomous subjects sharing their resources. In this paper we highlight such limitations and we propose an XACML extension, the policy integration algorithm, to address them. In the paper we also discuss in which respect the process of comparing two XACML policies differs from the process used to compare other business rules.

Protection and secure exchange of Web documents is becoming a crucial need for many Internet-based applications. Securing Web documents entail addressing two main issues: confidentiality and integrity. Ensuring document confidentiality means that document contents can only be disclosed to subjects authorized according to specified security policies, whereas by document integrity we mean that the document contents are correct with respect to a given application domain and that the document contents are modified only by authorized subjects. While the problem of document confidentiality has been widely investigated in the literature, the problem of how to ensure that a document, when moving among different parties, is modified only according to the stated policies still lacks comprehensive solutions. In this paper we present a solution to this problem by proposing a model for specifying update policies, and an infrastructure supporting the specification and enforcement of these policies in a distributed and cooperative environment, in which subjects in different organizational roles can modify possibly different portions of the same document. The key aspect of our proposal is that, by using a combination of hash functions and digital signature techniques, we create a distributed environment that enables subjects, in most cases, to verify, upon receiving a document, whether the update operations performed on the document up to that point are correct with respect to the update policies, without interacting with the document server. Our approach is particularly suited for environments, such as mobile systems, pervasive systems, decentralized workflows, and peer-to-peer systems.

EXtensible Markup Language (XML) security has become a relevant research topic due to the widespread use of XML as the language for information interchange and document definition over the Web. In this context, developing an access control mechanism in terms of XML is an important step for Web information security. In this paper, we present the protection and administration facilities of Author-Image , a Java-based system for discretionary access control to XML documents. Relevant features of Author-Image are both a set-oriented and a document-oriented credential-based document protection, a differentiated protection of document/document type contents through the support of multi-granularity protection objects and positive/negative authorizations, and the support for different access control strategies. In this paper, we focus on the strategies we have developed for enforcing access control. Additionally, we provide a description of the environment we have developed to help the Security Officer in performing administrative activities related to both security policy and subject credential management.

Online partnerships depend on federations of not only user identities but also of user entitlements across organizational boundaries.

Spatial join is a fundamental operation for many spatial queries in Geographical Information Systems (GIS). Therefore, the query optimizer of a GIS needs to evaluate the selectivity of spatial joins, in order to find the best execution plan for a given query. This situation has made it necessary to find good and efficient estimators for spatial join selectivity. In particular, spatial join estimation with respect to sets of rectangles is necessary. Indeed, in GIS sets of rectangles are generated in order to produce a synthetic representation of real geometric values through the Minimum Bounding Rectangles (MBR).

Several methods for this estimation have been proposed in literature. One of the best methods is based on precalculated histograms, that describe the distribution of rectangles in the reference space using grid based data structures. The size of an histogram for a given dataset can be comparable to the size of the R-tree built on the same dataset [4].

In this paper we present a new technique for estimating spatial join selectivity considering sets of rectangles as datasets. In particular, we propose a technique that is independent of the distribution of the rectangles in the reference space and produces an auxiliary structure which is an order of magnitude smaller than the corresponding histogram. Indeed, the proposed technique is based on very few statistical parameters and on a unique grid shared by all datasets.

This paper defines a collection of metrics on manuscript reviewing and presents historical data for ACM Transactions on Database Systems and The VLDB Journal.