Abstract
This work is a proposal for an efficient yet secure XML access control enforcement which has been specifically designed to support fine-grained security policy. Based on metadata in the DTD, we propose the SQ-Filter which is a pre-processing method that checks on necessary access control rules, and rewrites a user’s query by extending/eliminating query tree nodes, and by injecting operators that combine a set of nodes from the user’s query point of view. The scheme has several advantages over other suggested schemes. These include small execution time overhead, and safe and correct query modification. The experimental results clearly demonstrate the efficiency of the approach.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Bray, T., Paoli, J., Sperberg-McQueen, C.M., Maler, E., Yergeau, F.: Extensible Markup Language (XML) 1.0, World Wide Web Consortium (W3C) (2004), http://www.w3.org/TR/REC-xml
Berglund, A., Boag, S., Chamberlin, D., Fernández, M.F., Kay, M., Robie, J., Siméon, J.: XPath 2.0, World Wide Web Consortium (W3C) (2005), http://www.w3.org/TR/xpath20/
Damiani, E., Vimercati, S., Paraboachk, S., Samarati, P.: A Fine-grained Access Control System for XML Documents. ACM Trans. Information and System Sec. 5(2) (2002)
Bertino, E., Castano, S., Ferrari, E., Mesiti, M.: Specifying and Enforcing Access Control Policies for XML Document Sources. WWW Journal 3(3) (2000)
Bertino, E., Castano, S., Ferrai, E.: Securing XML documents with Author-x. IEEE Internet Computing, 21–31 (May-June 2001)
Gabillon, A., Bruno, E.: Regulating Access to XML Documents. In: Proc. IFIP WG11.3 Working Conference on Database Security (2001)
Grust, T.: Accelerating XPath Location Steps. In: Proc. of the 21st Int’l ACM SIGMOD Conf. on Management of Data, Madison, Wisconsin, USA, pp. 109–120 (June 2002)
Grust, T., van Keulen, M., Teubner, J.: Staircase Join: Teach a Relational DBMS to Watch its Axis Steps. In: Proc. of the 29th VLDB Conference, Berlin, Germany (September 2003)
Murata, M., Tozawa, A., Kudo, M.: XML Access Control using Static Analysis. In: ACM CCS, Washington D.C. (2003)
Luo, B., Lee, D.W., Lee, W.C., Liu, P.: Qfilter: Fine-grained Run-Time XML Access Control via NFA-based Query Rewriting. In: Proc. of the Thirteenth ACM Conference on Information and Knowledge Management 2004 (CIKM 2004), Washington, USA, November 8 (2004)
Mohan, S., Sengupta, A., Wu, Y., Klinginsmith, J.: Access Control for XML- A Dynamic Query Rewriting Approach. In: Proc. of the 31st VLDB Conference, Trondheim, Norway (2005)
Schmidt, A.R., Waas, F., Kersten, M.L., Florescu, D., Manolescu, I., Carey, M.J., Busse, R.: The XML Benchmark Project. Technical Report INS-R0103, CWI (April 2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Byun, C., Park, S. (2006). An Efficient Yet Secure XML Access Control Enforcement by Safe and Correct Query Modification. In: Bressan, S., Küng, J., Wagner, R. (eds) Database and Expert Systems Applications. DEXA 2006. Lecture Notes in Computer Science, vol 4080. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11827405_27
Download citation
DOI: https://doi.org/10.1007/11827405_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-37871-6
Online ISBN: 978-3-540-37872-3
eBook Packages: Computer ScienceComputer Science (R0)