The increased awareness of the importance of data protection has made access control a relevant component of current data management systems. Moreover, emerging applications and data models call for flexible and expressive access control models. This has led to an extensive research activity that has resulted in the definition of a variety of access control models that differ greatly with respect to the access control policies they support. Thus, the need arises for developing tools for reasoning about the characteristics of these models. These tools should support users in the tasks of model specification, analysis of model properties, and authorization management. For example, they must be able to identify inconsistencies in the model specification and must support the administrator in comparing the expressive power of different models. In this paper, we make a first step in this direction by proposing a formal framework for reasoning about access control models. The framework we propose is based on a logical formalism and is general enough to model discretionary, mandatory, and role-based access control models. Each instance of the proposed framework corresponds to a C-Datalog program, interpreted according to a stable model semantics. In the paper, besides giving the syntax and the formal semantics of our framework, we show some examples of its application. Additionally, we present a number of dimensions along which access control models can be analyzed and compared. For each dimension, we show decidability results and we present some examples of its application.

Various forms of programmed graph replacement systems as extensions of contextsensitive graph replacement systems have been proposed until today. They differ considerably with respect to their underlying graph models, the supported forms of graph replacement rules, and offered rule regulation mechanisms. Some of them have additional constructs for the definition of graph schemata, derived graph properties, and so forth. It is rather difficult to develop precise and compact descriptions of programmed graph replacement systems, a necessary prerequisite for any attempt to compare their properties in detail. Programmed Logic-based Structure Replacement (PLSR) systems are a kind of intermediate definition language for this purpose. They treat specific graph classes as sets of predicate logic formulas with certain properties, so-called structures. Their rules preserve the consistency of manipulated structures and use nonmonotonic reasoning for checking needed preand postconditions. So-called Basic Control Flow (BCF) expressions together with an underlying fixpoint theory provide needed means for programming with rules. This chapter introduces first the basic framework of PLSR systems and studies afterwards the essential properties of context-sensitive graph replacement approaches themselves as well as popular rule regulation mechanisms.

Graphs are a popular data structure, and graph-manipulation programs are common. Graph manipulations can be cleanly, compactly, and explicitly described using graph-rewriting notation. However, when a software developer is persuaded to try graph rewriting, several problems commonly arise. Primarily, it is difficult for a newcomer to develop a feel for how computations are expressed via graph rewriting. Also, graph-rewriting is not convenient for solving all aspects of a problem: better mechanisms are needed for interfacing graph rewriting with other styles of computation.

The aim of the paper is to introduce the notion of a transformation unit together with its interleaving semantics and to study it as a means of constructing large graph transformation systems from small ones in a structured and systematic way. A transformation unit comprises a set of rules, descriptions of initial and terminal graphs, and a control condition. Moreover, it may import other transformation units for structuring purposes. Its semantics is a binary relation between initial and terminal graphs which is given by interleaving sequences. As a generalization of ordinary derivations, an interleaving sequence consists of direct derivation steps interleaved with calls of imported transformation units. It must obey the control condition and may be seen as a kind of structured derivation. The introduced framework is independent of a particular graph transformation approach and, therefore, it may enhance the usefulness of graph transformations in many contexts.

Abstract not found

this paper we concentrate on structuring and refinement concepts for graph transformation systems. Conceptually, we distinguish between two kinds of structuring. We speak of horizontal structuring if a large specification is obtained by combining and modifying smaller ones, possibly sharing some common parts. Instead, if we consider the relationship between a more abstract and a more concrete version of the same specification, or between a specification and its implementation, we speak of vertical structuring.

and Demo) Michael Himsolt Universitat Passau, 94032 Passau, GERMANY himsolt@fmi.uni-passau.de Abstract. GraphEd is an extensible graph editor. Its powerful object oriented user interface supports all operations that are necessary for the convenient construction and manipulation of graphs. Graph grammars can be used as a macro system to create structured graphs. GraphEd's modular structure and the application interface support the easy integration of algorithm modules which are written in C, or can run external programs. The user may construct graphs interactively, select algorithms from a menu, and view the results of an algorithm directly on screen. Several graph layout algorithms assist the user to tidy graph drawings, and help the programmer to visualize results or debug complex algorithms. Actual applications range from standard graph algorithms over graph drawing algorithms, algorithm animation and combinatorial algorithms to front ends for circuit design systems. 1 Introduction...

My PhD thesis [7] claims that the principles behind object-oriented software evolution are independent of a particular domain or phase in the software lifecycle. To validate this claim, a formalism based on graphs and graph rewriting was developed and applied to a particular aspect of software evolution, namely the problem of software upgrading and software merging. When the same piece of software is modified in parallel by different software developers, unexpected inconsistencies can arise. Formal support can be provided to detect and resolve these inconsistencies in a general way.

The significance of graphs and rules in many areas of computer science is evident: On the one hand, graphs constitute appropriate means for the description of complex relationships between objects. Trees, Petri nets, circuit diagrams, data flow graphs, state charts, and entity-relationship diagrams are some typical examples. On the other hand, rules are used to describe "permitted" actions on objects as, for example, in the areas of functional and logic programming, formal languages, algebraic specification, theorem proving, and rule-based systems. The intention of bringing graphs and rules together -- motivated by several application areas -- has led to the theory of graph grammars and graph transformation (see volume I of the Handbook and [1--7] for a survey). A wide spectrum of approaches exists within this theory and some of them are implemented (see, for example, Progres [8, 9], Graph Ed [10], Dactl [11], and Agg...

The multi-paradigm language PROGRES is the first rule-oriented visual language which has a well-defined type concept and supports programming with graph rewriting systems. To some extent, it has the flavor of a visual database programming language with powerful pattern matching and replacing facilities as well as backtracking capabilities. Until now, it was mainly used for specifying and rapid prototyping of abstract data types in software engineering environments. An integrated set of language-specific tools supports intertwined editing, analyzing, browsing, and debugging of specifications as well as generating prototypes in C (Modula-2) with