Article

A function-based access control model for XML databases

Authors:

Michiharu Kudo,

Jussi Myllymaki,

Hamid PiraheshAuthors Info & Claims

CIKM '05: Proceedings of the 14th ACM international conference on Information and knowledge management

Pages 115 - 122

https://doi.org/10.1145/1099554.1099577

Published: 31 October 2005 Publication History

Abstract

XML documents are frequently used in applications such as business transactions and medical records involving sensitive information. Typically, parts of documents should be visible to users depending on their roles. For instance, an insurance agent may see the billing information part of a medical document but not the details of the patient's medical history. Access control on the basis of data location or value in an XML document is therefore essential. In practice, the number of access control rules is on the order of millions, which is a product of the number of document types (in 1000's) and the number of user roles (in 100's). Therefore, the solution requires high scalability and performance. Current approaches to access control over XML documents have suffered from scalability problems because they tend to work on individual documents. In this paper, we propose a novel approach to XML access control through rule functions that are managed separately from the documents. A rule function is an executable code fragment that encapsulates the access rules (paths and predicates), and is shared by all documents of the same document type. At runtime, the rule functions corresponding to the access request are executed to determine the accessibility of document fragments. Using synthetic and real data, we show the scalability of the scheme by comparing the accessibility evaluation cost of two rule function models. We show that the rule functions generated on user basis is more efficient for XML databases.

References

[1]

M. Altinel and M. Franklin: Efficient filtering of XML documents forselective dissemination of information. VLDB (2000) pp.53--64.

Digital Library

[2]

E. Bertino, S. Castano, E. Ferrari, and M. Mesiti: Controlled access and dissemination of XML documents. ACM WIDM (1999) pp.22--27.

Digital Library

[3]

E. Bertino, S. Castano, E. Ferrari, and M. Mesiti: Specifying and Enforcing Access Control Policies for XML document Sources. World Wide Web Journal (2000), Vol. 3, No. 3, pp. 139--151.

Digital Library

[4]

E. Bertino and E. Ferrari: Secure and selective dissemination of XML documents. ACM TISSEC (2002) pp.290--331.

Digital Library

[5]

M. Bishop, and L. Snyder. The transfer of information and authority in a protection system. Proc. 17th ACM Symposium on Operating Systems Principles, 1979.

Digital Library

[6]

S. Boag, D. Chamberlin, M. F. Fernandez, D. Florescu, J. Robie, and J. Simeon: XQuery 1.0: An XML query language, W3C Working Draft 12 November 2003. http://www.w3.org/TR/xquery/.

[7]

T. Bray, J. Paoli, and C. M. Sperberg-McQueen: Extensible Markup Language (XML) 1.0. W3C Recommendation. http://www.w3g.org/TR/REC-xml (Feb. 1998).

[8]

C.-Y. Chan, P. Felber, M. Garofalakis, and R. Rastogi: Efficient filtering of XML documents with XPath expressions. ICDE (2002) pp.235--244.

Digital Library

[9]

S. Cho, S. Amer-Yahia, L.V.S. Lakshmanan, and D. Srivastava: Optimizing the secure evaluation of twig queries. VLDB (2000) pp.490--501.

Digital Library

[10]

J. Clark and S. DeRose: XML Path Language (XPath) version 1.0. W3C Recommendation. Available at http://www.w3g.org/TR/xpath, 1999.

[11]

E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, and P. Samarati: Design and Implementation of an Access Control Processor for XML documents. WWW 9 (2000).

Digital Library

[12]

E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, and P. Samarati: A Fine-Grained Access Control System for XML Documents. ACM TISSEC (2002) pp.169--202.

Digital Library

[13]

A. Deutsch and V. Tannen: Containment of regular path expressions under integrity constraints. KRDB (2001).

[14]

Y. Diao, P. Fischer, M. Franklin, and R. To.: YFilter: Efficient and scalable filtering of XML documents. Demo at ICDE (2002) pp.341.

Digital Library

[15]

W. Fan and L. Libkin: On XML integrity constraints in the presence of DTDs. Symposium on Principles of Database Systems (2001) pp.114--125.

Digital Library

[16]

M.F. Fernandez and D. Suciu: Optimizing regular path expressions using graph schemas. ICDE (1998) pp.14--23.

Digital Library

[17]

A. Gabillon and E. Bruno: Regulating Access to XML Documents. Working Conference on Database and Application Security (2001) pp.219--314.

Digital Library

[18]

L. Gong: A Secure Identity-Based Capability System. Proc. IEEE Symposium on Security and Privacy, pp.56--65, 1989.

[19]

A.L. Hors, P.L. Hegaret, L. Wood, G. Nicol, J. Robie, M. Champion, and S. Byrne: Document Object Model (DOM) Level 3 Core Specification. http://www.w3.org/TR/2004/PR-DOM-Level-3-Core-20040205 (2004)

[20]

A.K. Jones, R.J. Lipton, and L. Snyder. A Linear Time Algorithm for Deciding Security. Proc. 17th Symposium on Foundations of Computer Science, Houston, Texas, pp. 33--41, 1976.

Digital Library

[21]

R. Kaushik, P. Bohannon, J.F. Naughton, and H.F. Korth: Covering indexes for branching path queries. ACM SIGMOD (2002) pp.133--144.

Digital Library

[22]

D.D. Kha, M. Yoshikawa, and S. Uemura: An XML Indexing Structure with Relative Region Coordinate. ICDE (2001) pp.313--320.

Digital Library

[23]

M. Kudo and S. Hada: XML Document Security based on Provisional Authorization. ACM CCS (2000) pp.87--96.

Digital Library

[24]

Q. Li and B. Moon: Indexing and Querying XML Data for Regular Path Expressions. VLDB (2001) pp.361--370.

Digital Library

[25]

M. Murata, A. Tozawa, M. Kudo and H. Satoshi: XML Access Control Using Static Analysis. ACM CCS, 2003.

Digital Library

[26]

OASIS. OASIS Extensible Access Control Markup Language (XACML), Feb. 2003. http://www.oasis-open.org/committees/xacml/docs.

[27]

F. Neven and T. Schwentick: XPath containment in the presence of disjunction, DTDs, and variables. ICDT (2003) pp.315--329.

Digital Library

[28]

N. Qi and M. Kudo: Access-condition-table-driven access control for XML databases. ESORICS (2004).

[29]

R.S. Sandhu, E. J. Coyne, H.L. Feinstein, and C.E. Youman. Role-Based Access Control Models. IEEE Computer, Volume 29, No 2, pp.38--47, February 1996.

Digital Library

[30]

T. Yu, D. Srivastava, L.V.S. Lakshmanan, and H.V. Jagadish: Compressed Accessibility Map: Efficient Access Control for XML. VLDB (2002) pp.478--489.

Digital Library

Cited By

(2018)Extensible markup language keywords search based on security access controlInternational Journal of Grid and Utility Computing10.1504/IJGUC.2018.0902279:1(43-50)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.1504/IJGUC.2018.090227
Thimma MFang Liu Jingqiang Lin Bo Luo (2015)HyXAC: Hybrid XML Access Control Integrating View-Based and Query-Rewriting ApproachesIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2015.240736627:8(2190-2202)Online publication date: 1-Aug-2015
https://dl.acm.org/doi/10.1109/TKDE.2015.2407366
Thimma MTsui TLuo BConti MVaidya JSchaad A(2013)HyXACProceedings of the 18th ACM symposium on Access control models and technologies10.1145/2462410.2462424(113-124)Online publication date: 12-Jun-2013
https://dl.acm.org/doi/10.1145/2462410.2462424
Show More Cited By

Index Terms

A function-based access control model for XML databases
1. Information systems
  1. Information retrieval
    1. Evaluation of retrieval results
    2. Retrieval tasks and goals
      1. Document filtering
      2. Information extraction

Recommendations

Function-Based Access Control (FBAC): From Access Control Matrix to Access Control Tensor
MIST '16: Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats

The misuse of legitimate access to data is a serious information security concern for both organizations and individuals. From a security engineering viewpoint, this might be due to the failure of access control. Inspired by Functional Encryption, we ...
Access control system to XML databases: a framework
IMSA '07: Proceedings of the Eleventh IASTED International Conference on Internet and Multimedia Systems and Applications

The simple structure of XML document makes it very popular as a medium of data transfer and as a data storage. With the popularity of using XML documents, the need of access control system is also increasing. Unlike ordinary documents, an XML document ...
ClientBased access control evaluator for XML databases
CIT'09: Proceedings of the 3rd International Conference on Communications and information technology

The prevalent use of XML highlights the need for a generic, flexible access-control mechanism for XML documents that supports efficient and secure query access, without revealing sensitive information to unauthorized users. The focus of access control ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CIKM '05: Proceedings of the 14th ACM international conference on Information and knowledge management

October 2005

854 pages

ISBN:1595931406

DOI:10.1145/1099554

General Chair:
Otthein Herzog
University of Bremen, Germany
,
Program Chairs:
Hans-Jörg Schek
University for Health Sciences, Medical Informatics and Technology, Austria
,
Norbert Fuhr
University of Duisburg-Essen, Germany
,
Abdur Chowdhury
America Online, USA
,
Wilfried Teiken
IBM T.J. Watson Research Center, USA

Copyright © 2005 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 31 October 2005

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CIKM05

Sponsor:

CIKM05: Conference on Information and Knowledge Management

October 31 - November 5, 2005

Bremen, Germany

Acceptance Rates

CIKM '05 Paper Acceptance Rate 77 of 425 submissions, 18%;

Overall Acceptance Rate 1,861 of 8,427 submissions, 22%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

19
Total Citations
View Citations
840
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 10 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

(2018)Extensible markup language keywords search based on security access controlInternational Journal of Grid and Utility Computing10.1504/IJGUC.2018.0902279:1(43-50)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.1504/IJGUC.2018.090227
Thimma MFang Liu Jingqiang Lin Bo Luo (2015)HyXAC: Hybrid XML Access Control Integrating View-Based and Query-Rewriting ApproachesIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2015.240736627:8(2190-2202)Online publication date: 1-Aug-2015
https://dl.acm.org/doi/10.1109/TKDE.2015.2407366
Thimma MTsui TLuo BConti MVaidya JSchaad A(2013)HyXACProceedings of the 18th ACM symposium on Access control models and technologies10.1145/2462410.2462424(113-124)Online publication date: 12-Jun-2013
https://dl.acm.org/doi/10.1145/2462410.2462424
Sladić GMilosavljević BSurla DKonjović Z(2012)Flexible access control framework for MARC recordsThe Electronic Library10.1108/0264047121127568430:5(623-652)Online publication date: 28-Sep-2012
https://doi.org/10.1108/02640471211275684
Chebotko AChang SLu SFotouhi F(2012)Secure XML querying based on authorization graphsInformation Systems Frontiers10.1007/s10796-010-9289-214:3(617-632)Online publication date: 1-Jul-2012
https://dl.acm.org/doi/10.1007/s10796-010-9289-2
Luo BLee DLee WLiu P(2011)QFilterThe VLDB Journal — The International Journal on Very Large Data Bases10.1007/s00778-010-0202-x20:3(397-415)Online publication date: 1-Jun-2011
https://dl.acm.org/doi/10.1007/s00778-010-0202-x
Myint A(2010)High performance and scalable client-based access control model for XML databases2010 The 2nd International Conference on Computer and Automation Engineering (ICCAE)10.1109/ICCAE.2010.5451395(369-372)Online publication date: Feb-2010
https://doi.org/10.1109/ICCAE.2010.5451395
Nakano KHu ZTakeichi M(2009)Consistent Web site updating based on bidirectional transformationInternational Journal on Software Tools for Technology Transfer (STTT)10.5555/3220911.322118211:6(453-468)Online publication date: 1-Dec-2009
https://dl.acm.org/doi/10.5555/3220911.3221182
Myint A(2009)ClientBased access control evaluator for XML databasesProceedings of the 3rd International Conference on Communications and information technology10.5555/1736135.1736169(186-188)Online publication date: 29-Dec-2009
https://dl.acm.org/doi/10.5555/1736135.1736169
Molla MMadiraju PMalladi SAhamed S(2009)An XML based access control architecture for pervasive computingProceedings of the 2009 IEEE International Conference on Pervasive Computing and Communications10.1109/PERCOM.2009.4912894(1-6)Online publication date: 9-Mar-2009
https://dl.acm.org/doi/10.1109/PERCOM.2009.4912894
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents