In the context of Network management, Chomicki, Lobo and Naqvi have defined the specification language Policy Description Language (PDL) and later extended it by in-  troducing monitors: constraints on the actions that the net-  work manager can execute simultaneously. This article pro-  poses PPDL, an extension of PDL with Preferences, that allows the specification of user-defined preferences on how to apply monitors. The new language adopts Brewka

In this poster, we will illustrate an integrated approach to Web filtering, whose main features are flexible filtering policies taking into account both users

In this paper, we present P-Hera, a peer-to-peer (P2P)  infrastructure for scalable and secure content hosting. P-  Hera allows the users and content owners to dynamically establish trust using fine-grained access control. In P-Hera,  resource owners can specify fine-grained restrictions on who can access their resources and which user can access which part of data. We differentiate our work with tradi-  tional works of fine-grained access control on Web services,  as our system in addition to handling access constrains of the service provider (which is the case in Web services),  it also handles security constrains regarding actions per-  formed on data: replication and modification. We believe this is of immense significance for wide-range of applica-  tions such as data Grids, Information Grids and Web Con-  tent Delivery Networks. In addition to presenting the over-  all system architecture, we also study the problem of eval-  uating these fine-grained access policies in depth and pro-  pose a novel means of organizing these policies that can re-  sult in faster evaluation. We demonstrate the effectiveness of our approach using prototype implementation.

s are used. Privacy Preserving Data Mining (PPDM) algorithms have been recently introduced with the aim of mod-  ifying the database in such a way to prevent the discovery of sensible information. Due to the large amount of possible techniques that can be used to achieve this goal, it is necessary to provide some standard evalu-  ation metrics to determine the best algorithms for a specific application or context. Currently, however, there is no common set of parameters that can be used for this purpose. This paper explores the problem of PPDM algorithm evaluation, starting from the key goal of preserving of data quality. To achieve such goal, we propose a formal definition of data quality specifically tailored for use in the context of PPDM algorithms, a set of evaluation parameters and an evaluation algorithm. The resulting evaluation core process is then presented as a part of a more general three step evaluation framework, taking also into account other aspects of the algorithm evaluation such as efficiency, scalability and level of privacy.

Web-based third-party architectures for data publishing are today receiving growing attention, due to their scalability and the abil-  ity to efficiently manage large numbers of users and great amounts of data. A third-party architecture relies on a distinction between the Owner and the Publisher of information. The Owner is the producer of information, whereas Publisher provides data manage-  ment services and query processing functions for (a portion of) the Owner

To support privacy-preserving video sharing, we have pro-  posed a novel framework that is able to protect the video content privacy at the individual video clip level and pre-  vent statistical inferences from video collections. To protect the video content privacy at the individual video clip level,  we have developed an effective algorithm to automatically detect privacy-sensitive video ob jects and video events. To prevent the statistical inferences from video collections, we have developed a distributed framework for privacy-preserving classifier training, which is able to significantly reduce the costs of data transmission and reliably limit the privacy breaches by determining the optimal size of blurred test samples for classifier validation. Our experiments on a spe-  cific domain of patient training and counseling videos show convincing results

The internet and related technologies have made multido-  main collaborations a reality. Collaboration enables do-  mains to effectively share resources; however it introduces several security and privacy challenges. Managing security in the absence of a central mediator is even more challenging.  In this paper, we propose a distributed secure interoperabil-  ity framework for mediator-free collaboration environments.  We introduce the idea of secure access paths which enables domains to make localized access control decisions without having global view of the collaboration. We also present a path authentication technique for proving path authenticity.  Furthermore, we present both a proactive and on-demand path discovery algorithms that enable domains to securely discover paths in the collaboration environment.

Ensuring secure and authorized access to remote services and information resources in a dynamic collaborative environment is a challenging task. Two major issues that need to be addressed in this regard are: specification of access control requirements and trust management. Specification of access control requirements for dynamic collaboration is challenging mainly because of the limited or lack of knowledge about remote users

Privacy and security considerations can prevent sharing of data, derailing data mining projects. Distributed knowledge discovery can alleviate this problem. We present a technique that uses EM mixture modeling to perform clustering on distributed data. This method controls data sharing, preventing disclosure of individual data items or any results that can be traced to an individual site.

Advances in the media and entertainment industries, including streaming audio and digital TV, present new challenges for managing and accessing large audio-visual collections. Current content management systems support retrieval using low-level features, such as motion, color, and texture. However, low-level features often have little meaning for naive users, who much prefer to identify content using high-level semantics or concepts. This creates a gap between systems and their users that must be bridged for these systems to be used effectively. To this end, in this paper, we first present a knowledge-based video indexing and content management framework for domain specific videos (using basketball video as an example). We will provide a solution to explore video knowledge by mining associations from video data. The explicit definitions and evaluation measures (e.g., temporal support and confidence) for video associations are proposed by integrating the distinct feature of video data. Our approach uses video processing techniques to find visual and audio cues (e.g., court field, camera motion activities, and applause), introduces multilevel sequential association mining to explore associations among the audio and visual cues, classifies the associations by assigning each of them with a class label, and uses their appearances in the video to construct video indices. Our experimental results demonstrate the performance of the proposed approach.

Trust management is a form of distributed access control that allows one principal to delegate some access decisions to other principals. While this makes trust management more flexible than the access matrix model, it makes safety and security analysis more important. We show that in contrast to the undecidability of classical HRU safety properties, our primary security properties are decidable. In particular, most safety properties we study are decidable in polynomial time.  The computational complexity of containment analysis, the most complicated security property we study, forms a complexity hierarchy based on the expressive power of the trust management language.

We propose a new cryptographic primitive called oblivious signature-  based envelope (OSBE). Informally, an OSBE scheme enables a sender to send an envelope (encrypted message) to a receiver, and has the following two properties: (1) The receiver can open the envelope if and only if it has a third party

uppose Alice and Bob are two entities (e.g. agents, organi-  zations, etc.) that wish to negotiate a contract. A contract consists of several clauses, and each party has certain constraints on the acceptabil-  ity and desirability (i.e., a private

This paper presents computationally