Research in Laboratory for Foundations of Computer Science · science, founded in 1986. I People: I 23 academic staﬀ, I 20 researchers, I 35 PhD students, I also support staﬀ,

Research inLaboratory for Foundations of Computer Science

David Aspinall, Deputy Director

[ For: Julian Bradfield, Director ]

http://www.lfcs.inf.ed.ac.uk

http://www.lfcs.inf.ed.ac.uk

Contents

Introduction

Logic and Semantics

Algorithms and Complexity

Concurrency and model checking

Languages

Mobility and Security

Engineering: software, hardware, proof

Performance Evaluation Process Algebra (PEPA)

Databases

Summary

LFCS profile

I A community of researchers in theoretical computerscience, founded in 1986.

I People:I 23 academic staff,I 20 researchers,I 35 PhD students,I also support staff, visitors, associates.

I A variety of research areas, ranging from long term basicresearch to experimental and applied theory.

I Researchers work individually, with PhD students and RAs,and within groups.

LFCS profile





LFCS profile





Areas of expertise and research

I Logic and proof theory

I Category theory

I Formal language semantics

I Algorithms and complexity

I Concurrency theory

I Model checking

I Database theory

I Programming languages

I Program logics

I Specification languages

I Theorem proving andhardware verification

I Software engineering

I Performance modelling andprocess algebra

I Security

I Systems biology



I Category theory




I Model checking

I Database theory


I Program logics





I Security

I Systems biology



I Category theory




I Model checking

I Database theory


I Program logics





I Security

I Systems biology



I Category theory




I Model checking

I Database theory


I Program logics





I Security

I Systems biology



I Category theory




I Model checking

I Database theory


I Program logics





I Security

I Systems biology



I Category theory




I Model checking

I Database theory


I Program logics





I Security

I Systems biology



I Category theory




I Model checking

I Database theory


I Program logics





I Security

I Systems biology



I Category theory




I Model checking

I Database theory


I Program logics





I Security

I Systems biology



I Category theory




I Model checking

I Database theory


I Program logics





I Security

I Systems biology



I Category theory




I Model checking

I Database theory


I Program logics





I Security

I Systems biology



I Category theory




I Model checking

I Database theory


I Program logics





I Security

I Systems biology



I Category theory




I Model checking

I Database theory


I Program logics





I Security

I Systems biology



I Category theory




I Model checking

I Database theory


I Program logics





I Security

I Systems biology



I Category theory




I Model checking

I Database theory


I Program logics





I Security

I Systems biology



I Category theory




I Model checking

I Database theory


I Program logics





I Security

I Systems biology

Research goups I

I Logic and SemanticsPlotkin, Fourman, Power, Simpson, Longley, Klin, Schroder

I Algorithms and Complexity GroupJerrum, Cryan, Kalorkoti

I Concurrency and Model CheckingStirling, Bradfield, Etessami, Jackson, Quickert

I Database GroupBuneman, Fan, Libkin, Viglas, Cheney, Bose, Cong,Fountoulaki, Geerts, Kementsietsidis, Ma

Research groups II

I PEPA (Performance Evaluation Process Algebra)

Hillston, Gilmore, Tribastone

I Links (Programming Languages for the Web)

Wadler, Lindley

I Mobility and Security GroupSannella, Stark, Aspinall, Pollack, MacKenzie, Momigliano,Maier, Atkey

I Software EngineeringAnderson, Stevens, Felici

Contents

Introduction

Logic and Semantics



Languages




Databases

Summary

Topological Models of Computation

[Alex Simpson, Matthias Schroder, Ingo Battenfeld]

I We can compute with infinite objects, e.g. real numbers

π = 3.1415926535897932384626433832795028841971693 . . .

presented (for example) as streams of data.

I Using this idea (but a different representation!), real numberarithmetic can be implemented so that the result isguaranteed correct to within any desired accuracy.

I The above is just one example of computing with infinitedata. The idea extends also to other types of datacorresponding to elements of other mathematical spaces.

I Infinite data carries a natural topology and all computableoperations are continuous.

I This leads to a fruitful interaction between programminglanguage datatype constructions (function types, recursive andpolymorphic types, monadic types, . . . ) and correspondingtopological constructions.




π = 3.1415926535897932384626433832795028841971693 . . .

presented (for example) as streams of data.I Using this idea (but a different representation!), real number

arithmetic can be implemented so that the result isguaranteed correct to within any desired accuracy.







π = 3.1415926535897932384626433832795028841971693 . . .









π = 3.1415926535897932384626433832795028841971693 . . .









π = 3.1415926535897932384626433832795028841971693 . . .






I Contribution: establishing the notion of quotient ofcountably-based (qcb) space, encompassing exactly thetopological spaces that are of computational interest.

I Contribution: finding unexpected interactions betweentopology and computation. In computation on real numbers,the datatype:

((R → R)→ R)→ R

includes examples of functional integration. It is not known ifthe two competing approaches to exact real-numbercomputation have the same notion of computability at theabove type. But this can be reduced to a question in puremathematical topology:

Open Question

Is the topology on the space of continuous functionals(N → N)→ N zero-dimensional?



((R → R)→ R)→ R


Open Question




((R → R)→ R)→ R


Open Question


Games Semantics for Object-Oriented Languages

[John Longley, Nicholas Wolverson]

I Idea: model “externally observable” behaviour of an object bya strategy specifying its interaction with the environment.

Object adder = new Object ( ) {p r i v a t e i n t t o t a l = 0 ;pub l i c i n t add ( i n t i ) {t o t a l += i ; re tu rn t o t a l }

}

3 4 5

7 8 9

3 4 5

3 4 5 Opponent

Player

Opponent

Player

}}}}

...

... ......

...

... ...

I A strategy hides the internal representation (data abstraction).I Goals: use rich structure of game models to:

I obtain non-trivial reasoning principles for OO languagesI inspire design of new languages, which are mathematically

cleaner and perhaps more powerful than existing ones.

I A game semantics is also naturally executable — we caninteractively play games against a given strategy: so we get aprototype animation of our languages “for free”.





}

3 4 5

7 8 9

3 4 5

3 4 5 Opponent

Player

Opponent

Player

}}}}

...

... ......

...

... ...









}

3 4 5

7 8 9

3 4 5

3 4 5 Opponent

Player

Opponent

Player

}}}}

...

... ......

...

... ...









}

3 4 5

7 8 9

3 4 5

3 4 5 Opponent

Player

Opponent

Player

}}}}

...

... ......

...

... ...

I A strategy hides the internal representation (data abstraction).

I Goals: use rich structure of game models to:








}

3 4 5

7 8 9

3 4 5

3 4 5 Opponent

Player

Opponent

Player

}}}}

...

... ......

...

... ...









}

3 4 5

7 8 9

3 4 5

3 4 5 Opponent

Player

Opponent

Player

}}}}

...

... ......

...

... ...


I obtain non-trivial reasoning principles for OO languages

I inspire design of new languages, which are mathematicallycleaner and perhaps more powerful than existing ones.






}

3 4 5

7 8 9

3 4 5

3 4 5 Opponent

Player

Opponent

Player

}}}}

...

... ......

...

... ...









}

3 4 5

7 8 9

3 4 5

3 4 5 Opponent

Player

Opponent

Player

}}}}

...

... ......

...

... ...





Logic and Semantics: other work

I Semantics of computational effects[Gordon Plotkin, John Power]

I Mathematical structural operational semantics[Gordon Plotkin, Bartek Klin]

I Reasoning with inductive definitions[Alex Simpson, James Brotherston]









Contents

Introduction

Logic and Semantics



Languages




Databases

Summary

An algorithmic task: sampling matchings

[Mark Jerrum]

A graph is an collection of vertices connected by edges.

A matching is a set of edges (in red) that don’t collide.

Problem

Efficiently sample a matching in the graph; all matchings are to beequally likely.

An algorithmic task: sampling matchings

[Mark Jerrum]

A graph is an collection of vertices connected by edges.

A matching is a set of edges (in red) that don’t collide.

Problem

Efficiently sample a matching in the graph; all matchings are to beequally likely.

Monte Carlo (Dart throwing)

All subsets of E

Matchings

Throw darts into a “nice” set (e.g., all subsets of edges) and seehow often you hit a matching.

Observation

Correct, but very inefficient.

Monte Carlo (Dart throwing)

All subsets of E

Matchings

Throw darts into a “nice” set (e.g., all subsets of edges) and seehow often you hit a matching.

Observation

Correct, but very inefficient.

Markov chain Monte Carlo

Simulate a random walk on matchings, starting from an arbitrarymatching. After sufficiently many steps, stop and return thecurrent matching.

Question

How many is “sufficiently many”?

Markov chain Monte Carlo

Simulate a random walk on matchings, starting from an arbitrarymatching. After sufficiently many steps, stop and return thecurrent matching.

Question

How many is “sufficiently many”?

Algorithms and Complexity Group

This is the sort of thorny interdisciplinary question that keeps usoff the streets.The members are:

I Paidı Creed (research student)

I Mary Cryan

I Mark Jerrum

I Kyriakos Kalorkoti

I James Matthews (research student)

Keywords

Combinatorics, Computer algebra, Computational complexity,Probability theory, Statistical physics.

Algorithms and Complexity Group

This is the sort of thorny interdisciplinary question that keeps usoff the streets.The members are:

I Paidı Creed (research student)

I Mary Cryan

I Mark Jerrum

I Kyriakos Kalorkoti

I James Matthews (research student)

Keywords

Combinatorics, Computer algebra, Computational complexity,Probability theory, Statistical physics.

Contents

Introduction

Logic and Semantics



Languages




Databases

Summary

Formal verification of digital hardware systems

[Paul Jackson, Daniel Sheridan]

I Focus on improving bounded model checking (BMC).BMC checks linear-temporal-logic (LTL) properties of infinitesequences of system states. Uses rapidly evolving SAT solvers.

I Formal verification is gaining acceptance with commercialBMC tools. LTL extensions are key in new simulation-basedverification methodologies. Research goals are:

I Performance. SAT encodings with faster solution times.I Rigour. Using denotational semantics approach to present

fixpoint-based encodings.

I Results so far:

I Sheridan’s PhD thesis presents encoding that is more compactthan best in public domain and has at least equal performance.

I Semantics approach enables unifying presentation of severalexisting encodings and highlights errors in published papers.

I Related interests: Verifying software using SAT solversextended to handle decidable theories, e.g. linear arithmeticand arrays.






fixpoint-based encodings.I Results so far:








I Performance. SAT encodings with faster solution times.

I Rigour. Using denotational semantics approach to presentfixpoint-based encodings.

I Results so far:









fixpoint-based encodings.

I Results so far:








































Concurrency and model checking: some other work

I Modal Logic with Fixpoints[Stirling, Bradfield]

I exact complexity of model checking (in NP ∩ co-NP)I independence-friendly modal logic with fixpoints

I Decision procedures for infinite-state systems[Stirling, Etessami]

I Decidability of bisimulation equiv over classes of infinite graphsI Algorithmic analysis of infinite-state probabilistic systems

I The GAMES network[Bradfield, Etessami, Stirling, Stevens, Jan Obdrzalek]

Foundations for specification and validation methodologiesthat are based on games and automata.

Contents

Introduction

Logic and Semantics



Languages




Databases

Summary

Links: Web programming without tiers

[Philip Wadler, Samuel Lindley, Ezra Cooper, Jeremy Yallop]

Today

BrowserJavaScript

?

XMLHttpRequest6callback

ServerPHP

6query string

?result set

DatabaseSQL

Tomorrow

BrowserLinks

?call

6return

ServerLinks

6call

?

return

DatabaseLinks

Links: Web programming without tiers

[Philip Wadler, Samuel Lindley, Ezra Cooper, Jeremy Yallop]

Today

BrowserJavaScript

?

XMLHttpRequest6callback

ServerPHP

6query string

?result set

DatabaseSQL

Tomorrow

BrowserLinks

?call

6return

ServerLinks

6call

?

return

DatabaseLinks

Links builds on successes of functional programming

I Databases Kleisli, LINQCompile Links into SQL, XQuery

I XML Xduce, XQueryXML support with regular expression types

I Continuations PLT Scheme, Yahoo storesContinuations for web dialogue

I Distribution Erlang, JoCamlReliablity as in Erlang/OTP

I Javascript AJAXCompile Links into Javascript

























Contents

Introduction

Logic and Semantics



Languages




Databases

Summary

Why code signing isn’t enough

I Current model for mobile/downloaded code: trust accordingto cryptographic entity/origin authentication. I trust updatesto IE only if signed by Microsoft.

I Better than trusting unauthenticated code. But fallible:

1. Microsoft’s signing scheme may be compromised.This actually happened, by a infamous social engineeringattack on Verisign in 2001.

2. More seriously, code may be insecure anyway, if vendor fails toprogram well, or virus/corruption occurs before signing.Sony “rootkit” in 2005, Visual Studio .NET DVDsshrinkwrapped complete with Nimda virus in Korea, 2002.

I Problem: we delegate trust rather than examining codeourselves. Ideally we would examine code to prove that it issecure for us. But is this really feasible?




1. Microsoft’s signing scheme may be compromised.

This actually happened, by a infamous social engineeringattack on Verisign in 2001.













2. More seriously, code may be insecure anyway, if vendor fails toprogram well, or virus/corruption occurs before signing.

Sony “rootkit” in 2005, Visual Studio .NET DVDsshrinkwrapped complete with Nimda virus in Korea, 2002.














Proof-carrying code (PCC)

I The idea: equip a program with evidence that it satisfies asecurity policy. The evidence may be hard to produce, butshould be easy to check.

CertifyingCompiler

Source Code Program

SecurityManager

Published Security Policy

VirtualMachine

Is certificate valid for program and policy?

Run Error

Proof Certificate

Object Code

I The PCC notion and security viewpoint is due to Necula butthe underlying idea and techniques owe much to LFCS workof 80s/90s.



CertifyingCompiler

Source Code Program

SecurityManager


VirtualMachine


Run Error

Proof Certificate

Object Code




CertifyingCompiler

Source Code Program

SecurityManager


VirtualMachine


Run Error

Proof Certificate

Object Code


Implementing Proof-Carrying Code

I Implementing a PCC framework poses challenges. . .

I Design: size and location of trusted computing baseI Expressivity: specification/proof of desired security propertiesI Provability: finding proofs of security propertiesI Tradeoff: size of evidence vs time to check

I Our approach:

I Use type systems and static analysis to construct proofs;I Proofs are in a low-level program logic which is has a formal

correctness proof w.r.t. a machine model;I Transmit custom tactic proofs as evidence.

I Edinburgh’s PCC projects:Mobile Resource Guarantees (with Munich, ended 2005),Resource Quantification for e-Science,Mobius (Mobility and Security) (with several Eu sites).

I The Mobility and Security (M+S) group are:Don Sannella, Stephen Gilmore, Ian Stark, David Aspinall,Kenneth MacKenzie, Randy Pollack, Alberto Momigliano,Patrick Maier, Robert Atkey, Brian Campbell, Jaroslav Sevcık

http://www.lfcs.inf.ed.ac.uk/m+s


I Implementing a PCC framework poses challenges. . .I Design: size and location of trusted computing base

I Expressivity: specification/proof of desired security propertiesI Provability: finding proofs of security propertiesI Tradeoff: size of evidence vs time to check

I Our approach:







I Implementing a PCC framework poses challenges. . .I Design: size and location of trusted computing baseI Expressivity: specification/proof of desired security properties

I Provability: finding proofs of security propertiesI Tradeoff: size of evidence vs time to check

I Our approach:







I Implementing a PCC framework poses challenges. . .I Design: size and location of trusted computing baseI Expressivity: specification/proof of desired security propertiesI Provability: finding proofs of security properties

I Tradeoff: size of evidence vs time to checkI Our approach:







I Implementing a PCC framework poses challenges. . .I Design: size and location of trusted computing baseI Expressivity: specification/proof of desired security propertiesI Provability: finding proofs of security propertiesI Tradeoff: size of evidence vs time to check

I Our approach:








I Our approach:








I Our approach:I Use type systems and static analysis to construct proofs;

I Proofs are in a low-level program logic which is has a formalcorrectness proof w.r.t. a machine model;

I Transmit custom tactic proofs as evidence.






I Our approach:I Use type systems and static analysis to construct proofs;I Proofs are in a low-level program logic which is has a formal

correctness proof w.r.t. a machine model;

I Transmit custom tactic proofs as evidence.

























Contents

Introduction

Logic and Semantics



Languages




Databases

Summary

Engineering Electronic Proof

[David Aspinall, Hua Yang]

I Large electronic proofs have several application areas:

I software and hardware verification (100ks VCs for Pentium)I domain specific logics and meta-theory (POPLmark, JVM)I deep proofs of mathematical results (Flyspeck)

I Present interactive theorem proving tools are not good formanaging large developments. Comparable to programminglanguage tools of 20-30 years ago.

I We need foundations and tools for Proof Engineering.I We are working toward this in the Proof General project:

I Generic front end for theorem proving using Eclipse IDE.I XML-based protocol for conducting interactive proof, PGIP.I A Proof Broker component for managing proof development.I Plans: a generic tactic language with hiproof semantics and

correct refactoring transformations; mechanisms for managingand manipulating views of proofs.



I Large electronic proofs have several application areas:I software and hardware verification (100ks VCs for Pentium)

I domain specific logics and meta-theory (POPLmark, JVM)I deep proofs of mathematical results (Flyspeck)







I Large electronic proofs have several application areas:I software and hardware verification (100ks VCs for Pentium)I domain specific logics and meta-theory (POPLmark, JVM)

I deep proofs of mathematical results (Flyspeck)







I Large electronic proofs have several application areas:I software and hardware verification (100ks VCs for Pentium)I domain specific logics and meta-theory (POPLmark, JVM)I deep proofs of mathematical results (Flyspeck)
















I We need foundations and tools for Proof Engineering.

I We are working toward this in the Proof General project:















I Generic front end for theorem proving using Eclipse IDE.

I XML-based protocol for conducting interactive proof, PGIP.I A Proof Broker component for managing proof development.I Plans: a generic tactic language with hiproof semantics and







I Generic front end for theorem proving using Eclipse IDE.I XML-based protocol for conducting interactive proof, PGIP.

I A Proof Broker component for managing proof development.I Plans: a generic tactic language with hiproof semantics and







I Generic front end for theorem proving using Eclipse IDE.I XML-based protocol for conducting interactive proof, PGIP.I A Proof Broker component for managing proof development.

I Plans: a generic tactic language with hiproof semantics andcorrect refactoring transformations; mechanisms for managingand manipulating views of proofs.








Engineering: other topics

I Theoretical underpinnings of software design tools[Perdita Stevens]

I Application of formal games to the development of UMLmodels

I Bidirectional transformations (Harmony, Pierce) applied tomodel driven development

I Software Engineering for Service-Oriented Overlay Computers[Stephen Gilmore, Perdita Stevens]

I Use process algebras to analyse service architectures (e.g. webservices).

























Contents

Introduction

Logic and Semantics



Languages




Databases

Summary

Performance Evaluation Process Algebra (PEPA)Background on the PEPA project

I The PEPA project started in Edinburgh in 1991.

I It was motivated by problems encountered when carrying outperformance analysis of large computer and communicationsystems, based on numerical analysis of Markov processes.

I Process algebras offered a compositional description techniquesupported by apparatus for formal reasoning.

I Performance Evaluation Process Algebra (PEPA) sought toaddress these problems by the introduction of a suitableprocess algebra.

I We have sought to investigate and exploit the interplaybetween the process algebra and the continuous time Markovchain (CTMC).

























PEPA Workbench(Gilmore, Clark, Hunter, Haenel, Benoit, Birse, Tribastone, Li, . . . ; LFCS)

Application of the PEPA Workbench: Grid scheduling(Benoit, Cole, Gilmore, Hillston, Yaikhom; Enhance project — ICSA and LFCS)

I The PEPA Workbench has been used to make schedulingdecisions for structured parallel programs running oncomputational grids.

I Objective is to predict the best mapping of processes toprocessors (leading to the shortest run-time).

I Processor usage is measured so analysis must be efficient inorder to compute the mapping while the measurement data isstill relevant.

I Prediction is for a real program (C and MPI) running on realhardware (Beowulf cluster).






















A simple example: processors and resourcesBattling the state-space explosion problem to analyse scalability

Proc0def= (task1,>).Proc1

Proc1def= (task2, r2).Proc0

Res0def= (task1, r1).Res1

Res1def= (reset, s).Res0

Proc0[P] BC{task1}

Res0[R]






Proc0[P] BC{task1}

Res0[R]

Markovian interpretationProcessors (P) Resources (R) States (2P+R )1 1 42 1 82 2 163 2 323 3 644 3 1284 4 2565 4 5125 5 10246 5 20486 6 40967 6 81927 7 163848 7 327688 8 655369 8 1310729 9 26214410 9 52428810 10 1048576






Proc0[P] BC{task1}

Res0[R]

ODE interpretationdProc0

dt = −r1 min(Proc0,Res0)

+r2 Proc1dProc1

dt = r1 min(Proc0,Res0)

−r2 Proc1dRes0

dt = −r1 min(Proc0,Res0)

+s Res1dRes1

dt = r1 min(Proc0,Res0)

−s Res1

Internet worm infection model (N = 250 network channels)(Hillston, Gilmore, LFCS; Bradley, Imperial College)

0

200

400

600

800

1000

0 5 10 15 20 25 30 35 40

Num

ber

Time, t

Worm infection dynamics for N=250

Infected machinesNetwork connections

Susceptible machines


0

200

400

600

800

1000

0 10 20 30 40 50

Num

ber

Time, t





0

200

400

600

800

1000

0 10 20 30 40 50

Num

ber

Time, t





0

200

400

600

800

1000

0 10 20 30 40 50

Num

ber

Time, t




Choreographer Design Platform(Valentin Haenel and Adam Duguid; Edinburgh)

Application of Choreographer in Systems Biology(Calder, Duguid, Gilmore and Hillston; SIGNAL project)

0

2000

4000

6000

8000

10000

12000

14000

16000

18000

0 2 4 6 8 10

Mol

ecul

es p

er C

ell

Time (min)

Ras-GTP

Original Schoeberl et al. Matlab modelPEPA derived Tau-leap simulation

Schoeberl et al. model - smaller steps

Performance Evaluation Process Algebra (PEPA)Membership of the PEPA group: staff, researchers, students and collaborators

At Edinburgh

I Adam Duguid

I Nil Geisweiller

I Stephen Gilmore

I Jane Hillston

I Marco Stenico

I Michael Smith

I Mirco Tribastone

Outside Edinburgh

I Ashok Argent-Katwala

I Jeremy Bradley

I Muffy Calder

I Peter Harrison

I Leıla Kloul

I Marina Ribaudo

I Nigel Thomas

Contents

Introduction

Logic and Semantics



Languages




Databases

Summary

Databases and Digital Curation

I LFCS database research supports the Digital Curation Centre

I What is digitital curation?Most scientific, scholarly and reference information nowresides in databases.

I Digital curation is about the maintenance, publishing andpreservation of these databases.

I Curated databases are:

I increasing in number ( > 800 in molecular biology alone)I expensive (> 100 biologists curating one major database)I now a standard vehicle for publication of data.I copied (they re-organise and annotate data in other databases)

Dissemination and preservation used to be done by libraries

A change for the better!


A change for the better!

Or is it?


I Storage:Redundant, Persistent,Distributed, Readable bypeople.

I Clear standards for citationI Historical recordI Well understood

ownership/IP


I Storage:Redundant, Persistent,Distributed, Readable bypeople.

I Clear standards for citationI Historical recordI Well understood

ownership/IP

I Storage: Single-source,Volatile, Centralised,Internal DBMS format.

I No standards for citation

I No historical record

I Mind-boggling legal issues

Some topics in Digital Curation

I Data publishing: how do you export data in an agreedformat?

I Data integration: how do you bring together data fromvarious sources?

I Archiving: how do you archive a database? (It keepschanging!)

I Provenance: how do you know where your data has comefrom?

I Annotation: how do you annotate a database?

I Citation: how do you cite data in a database?

I Efficiency: how do you do all of the above in a way thatscales?

And there are many more problems when we consider databases inspecific domains (biology, astronomy, geography, linguistics, . . . )

Data publishing, transformation and integration

I Schema-directed XML publishing: a single relational DB →XML, guaranteeing conformance to a predefined DTD

I Schema-directed XML integration: multiple distributedrelational DBs → XML, satisfying both DTD and constraints

I Composible XML integration: multiple distributedheterogeneous sources → XML, satisfying schema

I Incremental publishing: efficient propagation of updates fromsources to the target

I Information preserving XML integration: multiple XMLsources → XML target, automatically generated, guaranteeingtype safety and information preservation

I Working system: PRATA, supporting publishing andincremental maintenance. Similar approaches later adopted byMicrosoft SQL 2005, IBM DB2 XML Extender, Oracle XMLDB.

Schema-directed XML publishing

DB1 DB2

XML XML

DTD Web

Q: XML view

I Data exchange: members of a community/industry fix a DTDand then exchange data w.r.t. that DTD.

I Schema-directed XML publishing: Attribute TransformationGrammar (ATG)

I mapping relational data to XMLI conforming to the predefined DTD

Schema-directed integration

DB

DB

DB

Integration

XML View

DTD

Constraintsmultiple distributed sources

I Attribute Integration GrammarI Distributed, multiple source databases

I multi-source queriesI scheduling of query evaluation

I Schema-directed: XML view conforming to a schema (D,Σ)I D: a DTDI Σ: a set of XML integrity constraints (e.g., keys, foreign keys)

XML data management

I Integrity constraints: specification languages, reasoningsystems, static analysis

I XML query languages: structural properties, satisfiabilityanalysis

I Query processing: query translation from XML to SQL,optimization techniques

I XML security: access control, querying rewriting for securityviews

I Data dissemination: content-based XML dissemination,distributed Boolean query processing based on partialevaluation

I Advanced architectures: on-the-fly compression,multi-threaded asynchronous I/O, distributed storage andquerying; native storage models for XML.

I Working system: SMOQE for XML security

Secure XML querying

I Data in XML formatI Business information: confidentialI Health-care data: the Patient Privacy Act, . . .

I Access-controlI multiple groups simultaneously query the same XML databaseI each user group has a different access privilege (access policy)

I Enforcement:

inaccessible

accessibleXML Query Engine

User group 1

User group 1

A security model for XML

I Security administrator: specifies an access policy for eachgroup by annotating the document DTD with XPath qualifiers

I Derivation module: automatically derives a security-viewdefinition from a specification: view DTD and mapping viaXPath

I Query translation module: rewrite and optimize queries overviews to equivalent queries over the underlying document

specification 1

specification k

specification n

derivation module

Security view 1(view DTD, xpath())

Security view k(view DTD, xpath())

Security view n(view DTD, xpath())

rewriter

optimizer query translation module

XML document

query query query

XML Query evaluation

I Processing XML streams or in-memory representations is allfine, but at the end of the day you still have to go to disk inunpredictable ways and over multiple gigabytes of data

I So what is the most efficient way of natively storing andquerying XML?

I VectorisationI Separate document structure from dataI Instead of keeping the structure in main memory, serialise it in

a query-friendly wayI Provide fast access methods (indexes) on top of the serialised

structureI Build a query evaluation framework on top of the new

representation

Database Group at Edinburgh

I History: established in 2002, now probably the top databasegroup in Europe.

I Research: leading in the areas ofI scientific data archiving, publishing, preservation, . . .I data exchange, integration, information-preserving migration,

cleaningI XML data management: integrity constraints, query

processing, update management, securityI Web databases, . . .

I People: Peter Buneman, Wenfei Fan, Leonid Libkin,Stratis Viglas, James Cheney, Rajendra Bose, Gao Cong,Eirini Fountoulaki, Floris Geerts, Anastasios Kementsietsidis,Shuai Ma, Robert Hutchison, Savvas Makalias, JosephSpadavecchia, Vasileios Vasaitis.

Contents

Introduction

Logic and Semantics



Languages




Databases

Summary

Other LFCS Activities

I The LFCS Lab Lunch weekly on Tuesdays.Informal talks given over lunch, theoretical or not. You’rewelcome to join us on Tuesdays at 1pm in JCMB 2510.

I The Theory Postgraduate CourseAimed primarily at 1st-year LFCS PhDs, but open to all.Graduate level lecture courses in basic LFCS research areasand recent topics.13 courses offered in 2005/6.

I The LFCS Barbecue.Traditionally to celebrate the end of the TPG course,organised by >2nd year PhD students.

I Organising the annual Milner Lecture.please send 2007 nominations to me...
















Acknowledgement

Thanks to everyone in LFCS who helped me by providing slidesand explaining about their research for this talk.Apologies to those whose work I didn’t mention.

Documents

Research in Laboratory for Foundations of Computer Science · science, founded in 1986. I People: I 23 academic staﬀ, I 20 researchers, I 35 PhD students, I also support staﬀ,