Updated tables

macro.tex

@@ -64,8 +64,8 @@
 \newcommand{\pipelineTemplate}{Pipeline Template\xspace}
 \newcommand{\pipelineInstance}{Pipeline Instance\xspace}
 
-\newcommand{\pone}{$\langle service\_owner=dataset\_owner\rangle$}
-\newcommand{\ptwo}{$\langle service\_owner=partner(dataset\_owner) \rangle$}
+\newcommand{\pone}{$(service\_owner=dataset\_owner)$}
+\newcommand{\ptwo}{$(service\_owner=partner(dataset\_owner))$}
 \newcommand{\pthree}{$\langle service\_owner \neq dataset\_owner AND owner \neq partner(dataset\_owner)$}
 % \newcommand{\function}{$\instanceChartAnnotation{}$}
 % \newcommand{\function}{$\templateChartAnnotation$}

pipeline_instance_example.tex

@@ -6,9 +6,9 @@
 
   As presented in Table~\ref{tab:exisnt}(a), each vertex is labeled with policies (column \emph{candidate--$>$policy}) and then associated with different candidate services (column \emph{candidate}) and corresponding profile (column \emph{profile}). The filtering algorithm matches each candidate service profile with the policies in Table~\ref{tab:anonymization} annotating the corresponding vertex. It returns the set of services whose profile matches a policy (column \emph{filtering}):
   \begin{enumerate*}[label=\textit{\roman*})]
-    \item vertex \vi{4}, the filtering algorithm produces the set $S'_1=\{s_{51},s_{52}\}$. Assuming that the dataset owner is ``CT'', the service profile of \s{61} matches \p{1} and the one of \s{62} matches \p{2}. For \s{63}, there is no policy match and, thus, it is discarded;
-    \item vertex \vi{5}, the filtering algorithm returns the set $S'_2=\{s_{62},s_{63}\}$. Assuming that the dataset region is ``CT'', the service profile of \s{72} matches \p{5} and the one of \s{73} matches \p{6}. For \s{71}, there is no policy match and, thus, it is discarded;
-    \item vertex \vi{6}, the filtering algorithm returns the set $S'_3=\{s_{71},s_{72},s_{73}\}$. Since policy \p{7} matches with any subject, the filtering algorithm keeps all services.
+    \item vertex \vi{5}, the filtering algorithm produces the set $S'_1=\{s_{51},s_{52}\}$. Assuming that the dataset owner is ``CT'', the service profile of \s{51} matches \p{1} and the one of \s{52} matches \p{2}. For \s{53}, there is no policy match and, thus, it is discarded;
+    \item vertex \vi{6}, the filtering algorithm returns the set $S'_2=\{s_{62},s_{63}\}$. Assuming that the dataset region is ``CT'', the service profile of \s{62} matches \p{5} and the one of \s{63} matches \p{6}. For \s{61}, there is no policy match and, thus, it is discarded;
+    \item vertex \vi{7}, the filtering algorithm returns the set $S'_3=\{s_{71},s_{72}\}$. Since policy \p{7} matches with any subject, the filtering algorithm keeps all services.
   \end{enumerate*}
 
   For each vertex \vii{i}, we select the matching service \sii{j} from $S'_i$ and incorporate it into a valid instance. For instance, we select \s{61} for \vi{6}; \s{72} for \vi{7}, and \s{81} for \vi{8}

pipeline_template.tex

@@ -102,18 +102,18 @@ \subsection{Pipeline Template Definition}\label{sec:templatedefinition}
         A {\it policy p}$\in$\P{} is 5-uple $<$\textit{subj}, \textit{obj}, \textit{act}, \textit{env}, \textit{\TP}$>$ that specifies who (\emph{subject}) can access what (\emph{object}) with action (\emph{action}), in a specific context (\emph{environment}) and under specific obligations (\emph{data transformation}).
       \end{definition}
 
-      More in detail, \textit{subject subj} specifies a service $s_i$ issuing an access request to perform an action on an object. It is a set \{$pc_i$\} of \emph{Policy Conditions} as defined in Definition \ref{def:policy_cond}. For instance, $<$\{(classifier $=$ "SVM")\}$>$ specifies a service providing a SVM classifier. We note that \textit{subj} can also specify conditions on the service owner ($<$\{(owner\_location $=$ "EU")\}$>$) and the service user ($<$\emph{service},\{(service\_user\_role $=$ "DOC Director")\}$>$).
+      More in detail, \textit{subject subj} specifies a service $s_i$ issuing an access request to perform an action on an object. It is a set \{$pc_i$\} of \emph{Policy Conditions} as defined in Definition \ref{def:policy_cond}. For instance, (classifier $=$ "SVM") specifies a service providing a SVM classifier. We note that \textit{subj} can also specify conditions on the service owner (\textit{e.g.}, owner\_location $=$ "EU") and the service user (\textit{e.g.}, service\_user\_role $=$ "DOC Director").
 
       %\item
       \textit{Object obj} defines those data whose access is governed by the policy. It is a set \{$pc_i$\} of \emph{Policy Conditions} as defined in Definition \ref{def:policy_cond}.
       %It can specify the \emph{type} of object, such as a file (e.g., a video, text file, image, etc.), a SQL or noSQL database, a table, a column, a row, or a cell of a table, or any other characteristics of the data.
-      For instance, $<$\{(type $=$ "dataset")\}, \{(region $=$ CT)\}$>$ refers to an object of type dataset and whose region is Connecticut.
+      For instance, \{(type $=$ "dataset"), (region $=$ CT)\} refers to an object of type dataset and whose region is Connecticut.
 
       %\item
       \textit{Action act} defines those operations that can be performed within a big data environment, from traditional atomic operations on databases (e.g., CRUD operations) to coarser operations, such as an Apache Spark Direct Acyclic Graph (DAG), Hadoop MapReduce, an analytics function call, and an analytics pipeline.
 
       %\item
-      \textit{Environment env} defines a set of conditions on contextual attributes, such as time of the day, location, IP address, risk level, weather condition, holiday/workday, emergency. It is a set \{$pc_i$\} of \emph{Policy Conditions} as defined in Definition \ref{def:policy_cond}. For instance, $<$\{(time $=$ "night")\}$>$ refers to a policy that is applicable only at night.
+      \textit{Environment env} defines a set of conditions on contextual attributes, such as time of the day, location, IP address, risk level, weather condition, holiday/workday, emergency. It is a set \{$pc_i$\} of \emph{Policy Conditions} as defined in Definition \ref{def:policy_cond}. For instance, (\textit{e.g.}, time $=$ "night") refers to a policy that is applicable only at night.
 
       %\item
       \textit{Data Transformation \TP} defines a set of security and privacy-aware transformations on \textit{obj} that must be enforced before any access to data is given. Transformations focus on data protection, as well as on compliance to regulations and standards, in addition to simple format conversions. For instance, let us define three transformations that can be applied to the dataset in \cref{tab:dataset}:

pipeline_template_example.tex

@@ -10,11 +10,11 @@
       \begin{tabular}[t]{c|c|l}
         \textbf{Vertex}      & \textbf{Policy} & \policy{subject}{object}{action}{environment}{transformation}                           \\ \hline
         \vi{1},\vi{2},\vi{3} & $\p{0}$         & \policy{ANY}{dataset}{READ}{ANY}{\tp{0}}                                                \\
-        \vi{4},\vi{5}        & $\p{1}$         & \policy{\pone}{dataset}{READ}{ANY}{\tp{0}}                                              \\
-        \vi{4},\vi{5}        & $\p{2}$         & \policy{\ptwo}{dataset}{READ}{ANY}{\tp{1}}                                              \\
+        \vi{4},\vi{5}        & $\p{1}$         & \policy{\{\pone\}}{dataset}{READ}{ANY}{\tp{0}}                                              \\
+        \vi{4},\vi{5}        & $\p{2}$         & \policy{\{\ptwo\}}{dataset}{READ}{ANY}{\tp{1}}                                              \\
         %\vi{4},\vi{6}        & $\p{3}$         & \policy{\pthree}{dataset}{READ}{ANY}{\tp{2}}                                                    \\
-        \vi{6}               & $\p{3}$         & \policy{$\langle service\_region= dataset\_origin\rangle$}{dataset}{WRITE}{ANY}{\tp{0}} \\
-        \vi{6}               & $\p{4}$         & \policy{$\langle service\_region=``\{NY,NH\}"\rangle$}{dataset}{WRITE}{ANY}{\tp{1}}     \\
+        \vi{6}               & $\p{3}$         & \policy{\{$(service\_region= dataset\_origin)$\}}{dataset}{WRITE}{ANY}{\tp{0}} \\
+        \vi{6}               & $\p{4}$         & \policy{\{$(service\_region=\{NY,NH\})$\}}{dataset}{WRITE}{ANY}{\tp{1}}     \\
         \vi{7}               & $\p{5}$         & \policy{ANY}{dataset} {READ}{\langle$environment = risky$\rangle}{\tp{3}}                             \\
         \vi{7}               & $\p{6}$         & \policy{ANY}{dataset} {READ}{\langle$environment = not\_risky$\rangle}{\tp{4}}                        \\
       \end{tabular}