Copyright (c) 2009 University of Pennsylvania All rights reserved. http://repository.upenn.edu/cis_reports Recent documents in Technical Reports (CIS) en-us Wed, 18 Nov 2009 23:28:47 PST 3600 http://repository.upenn.edu/cis_reports/910 http://repository.upenn.edu/cis_reports/910 Tue, 17 Nov 2009 13:26:13 PST In recent years, data management has begun to consider situations in which data access is closely tied to network routing and distributed acquisition: sensor networks, in which reachability and contiguous regions are of interest; declarative networking, in which shortest paths and reachability are key; distributed and peer-to-peer stream systems, in which we may monitor for associations among data at the distributed sources (e.g., transitive relationships). In each case, the fundamental operation is to maintain a view over dynamic network state; the view is frequently distributed, recursive and may contain aggregation, e.g., describing transitive connectivity, shortest paths, least costly paths, or region membership. Surprisingly, solutions to this problem are often domain-specific, expensive to compute, and incomplete. In this paper, we recast the problem as one of incremental recursive view maintenance in the presence of distributed streams of updates to tuples: new stream data becomes insert operations and tuple expirations become deletions. We develop a set of techniques that maintain information about tuple derivability--a compact form of data provenance. We complement this with techniques to reduce communication: aggregate selections to prune irrelevant aggregation tuples, provenance-aware operators that can determine when tuples are no longer derivable and remove them from their state, and shipping operators that greatly reduce the tuple and provenance information being propagated while still maintaining correct answers. We validate our work in a distributed setting with sensor and network router queries, showing significant gains in bandwidth consumption without sacrificing performance. Mengmeng Liu http://repository.upenn.edu/cis_reports/909 http://repository.upenn.edu/cis_reports/909 Mon, 17 Aug 2009 08:36:28 PDT Access control and privacy policy relations tend to focus on decision outcomes and are very sensitive to defined terms and state. Small changes or updates to a policy language or vocabulary may make two similar policies incomparable. To address this we develop two flexible policy relations derived from bisimulation in process calculi. Strong licensing compares the outcome of two policies strictly, similar to strong bisimulation. Weak licensing compares the outcome of policies more flexibly by ignoring irrelevant (non-conflicting) differences between outcomes, similar to weak bisimulation. We illustrate the relations using examples from P3P and EPAL. Michael J. May http://repository.upenn.edu/cis_reports/908 http://repository.upenn.edu/cis_reports/908 Tue, 07 Jul 2009 07:21:37 PDT The Internet today runs on a complex routing protocol called the Border Gateway Protocol (BGP). BGP is a policy-based protocol, in which autonomous Internet Service Providers (ISPs) impose their local policies on the propagation of routing information. Over the past few years, there has been a growing consensus on the complexity and fragility of BGP routing. To address these challenges, we present the DRIVER system for designing, analyzing and implementing policy-based routing protocols. Our system utilizes a declarative network verifier (DNV) which leverages declarative networking's connection to logic programming by automatically compiling high-level declarativen networking program into formal specifications, which can be directly used in a theorem prover for verification. In addition to verifying declarative networking programs using a theorem prover, the DRIVER system enables a similar transformation of verified formal specifications limited to fragment of second order logic to declarative networking programs for execution. As our main use case, we demonstrate the verification of a component-based specification of BGP protocol where DRIVER enables the analysis of convergence properties of Internet routing protocols with customizable policy configuration components. We show that the properties verified with DRIVER are indeed preserved in the synthesized implementation by performing experimental evaluation in a local cluster, where the equivalent declarative networking programs derived from the verified specifications displayed consistent behavior with regard to DRIVER verification. Anduo Wang http://repository.upenn.edu/cis_reports/907 http://repository.upenn.edu/cis_reports/907 Tue, 23 Jun 2009 14:24:46 PDT A study by Federal Communication Commission shows that most of the spectrum in current wireless networks is unused most of the time, while some spectrum is heavily used. Recently dynamic spectrum access (DSA) has been proposed to solve this spectrum inefficiency problem, by allowing users to opportunistically access to unused spectrum. One important question in DSA is how to efficiently share spectrum among users so that spectrum utilization can be increased and wireless interference can be reduced. Spectrum sharing can be formalized as a graph coloring problem. In this report we focus on surveying spectrum sharing techniques in DSA networks and present four representative techniques in different taxonomy domains, including centralized, distributed with/without common control channel, and a real case study of DSA networks --- DARPA neXt Gen- eration (XG) radios. Their strengths and limitations are evaluated and compared in detail. Finally, we discuss the challenges in current spectrum sharing research and possible future directions. Changbin Liu http://repository.upenn.edu/cis_reports/906 http://repository.upenn.edu/cis_reports/906 Mon, 22 Jun 2009 10:39:04 PDT We study conjunctive queries with unequalities (x ≠ y) and we identify cases when query containment can still be characterized by the existence of homomorphisms. We also identify a class of GLAV-like database schema mappings with unequalities, for which the chase theorem holds, and thus data exchange has the same complexity as for GLAV mappings. Finally, we define a notion of consistency and provide an algorithm to check whether a set of mappings is consistent. Grigoris Karvounarakis http://repository.upenn.edu/cis_reports/905 http://repository.upenn.edu/cis_reports/905 Mon, 22 Jun 2009 10:39:00 PDT Two of the main ways to protect security-sensitive resources in computer systems are to enforce access-control policies and information-flow policies. In this paper, we show how to enforce information-flow policies in AURA, which is a programming language for access control. When augmented with this mechanism for enforcing information-flow polices, AURA can further improve the security of reference monitors that implement access control. We show how to encode security types and lattices of security labels using AURA's existing constructs for authorization logic. We prove a noninterference theorem for this encoding. We also investigate how to use expressive access control policies specified in authorization logic as the policies for information declassification. Limin Jia http://repository.upenn.edu/cis_reports/904 http://repository.upenn.edu/cis_reports/904 Wed, 20 May 2009 12:49:23 PDT AAAI was pleased to present the AAAI-08 Workshop Program, held Sunday and Monday, July 13-14, in Chicago, Illinois, USA. The program included the following 15 workshops: Advancements in POMDP Solvers; AI Education Workshop Colloquium; Coordination, Organizations, Institutions, and Norms in Agent Systems, Enhanced Messaging; Human Implications of Human-Robot Interaction; Intelligent Techniques for Web Personalization and Recommender Systems; Metareasoning: Thinking about Thinking; Multidisciplinary Workshop on Advances in Preference Handling; Search in Artificial Intelligence and Robotics; Spatial and Temporal Reasoning; Trading Agent Design and Analysis; Transfer Learning for Complex Tasks; What Went Wrong and Why: Lessons from AI Research and Applications; and Wikipedia and Artificial Intelligence: An Evolving Synergy. Mark Dredze http://repository.upenn.edu/cis_reports/903 http://repository.upenn.edu/cis_reports/903 Mon, 18 May 2009 10:33:41 PDT Traditional coherence protocols present a set of difficult tradeoffs: the reliance of snoopy protocols on broadcast and ordered interconnects limits their scalability, while directory protocols incur a performance penalty on sharing misses due to indirection. This work introduces PATCH (Predictive/Adaptive Token Counting Hybrid), a coherence protocol that provides the scalability of directory protocols while opportunistically sending direct requests to reduce sharing latency. PATCH extends a standard directory protocol to track tokens and use token counting rules for enforcing coherence permissions. Token counting allows PATCH to support direct requests on an unordered interconnect, while a mechanism called token tenure uses local processor timeouts and the directorypsilas per-block point of ordering at the home node to guarantee forward progress without relying on broadcast. PATCH makes three main contributions. First, PATCH introduces token tenure, which provides broadcast-free forward progress for token counting protocols. Second, PATCH deprioritizes best-effort direct requests to match or exceed the performance of directory protocols without restricting scalability. Finally, PATCH provides greater scalability than directory protocols when using inexact encodings of sharers because only processors holding tokens need to acknowledge requests. Overall, PATCH is a ldquoone-size-fits-allrdquo coherence protocol that dynamically adapts to work well for small systems, large systems, and anywhere in between. A Raghavan http://repository.upenn.edu/cis_reports/902 http://repository.upenn.edu/cis_reports/902 Fri, 24 Apr 2009 07:17:07 PDT In many image and video collections, we have access only to partially labeled data. For example, personal photo collections often contain several faces per image and a caption that only specifies who is in the picture, but not which name matches which face. Similarly, movie screenplays can tell us who is in the scene, but not when and where they are on the screen. We formulate the learning problem in this setting as partially-supervised multiclass classification where each instance is labeled ambiguously with more than one label. We show theoretically that effective learning is possible under reasonable assumptions even when all the data is weakly labeled. Motivated by the analysis, we propose a general convex learning formulation based on minimization of a surrogate loss appropriate for the ambiguous label setting. We apply our framework to identifying faces culled from web news sources and to naming characters in TV series and movies. We experiment on a very large dataset consisting of 100 hours of video, and in particular achieve 6% error for character naming on 16 episodes of LOST. Timothee Cour http://repository.upenn.edu/cis_reports/901 http://repository.upenn.edu/cis_reports/901 Thu, 12 Mar 2009 08:29:14 PDT Binding is a fundamental part of language specification, yet it is both difficult and tedious to get right. In previous work, we argued that an approach based on locally nameless representation and a particular style for defining inductive relations can provide a portable, transparent, lightweight methodology to define the semantics of binding. Although the binding infrastructure required by this approach is straightforward to develop, it leads to duplicated effort and code as the number of binding forms in a language increases. In this paper, we critically compare a spectrum of approaches that attempt to ameliorate this tedium by unifying the treatment of variables and binding. In particular, we compare our original methodology with two alternative ideas: First, we define variable binding in the object language via variable binding in a reusable library. Second, we present a novel approach that collapses the syntactic categories of the object language together, permitting variables to be shared between them. Our main contribution is a careful characterization of the benefits and drawbacks of each approach. In particular, we use multiple solutions to the POPLMARK challenge in the Coq proof assistant to point out specic consequences with respect to the size of the binding infrastructure, transparency of the definitions, impact to the metatheory of the object language, and adequacy of the object language encoding. Brian Aydemir