Abstract
Access control represented by XPath expressions allows for access restrictions on elements, attributes, and text nodes according to their locations and values in an XML document. Many XML database applications call for such node-level access control on concerned nodes at any depth. To perform such node-level access control, current approaches create heavy loads on XML database applications since these approaches incur massive costs either at runtime or for data optimization. In order to solve these problems, we introduce an access condition table (ACT), a table equivalent to an access control policy, where Boolean access conditions for accessibility checks are stored. The ACT is generated as a means of shifting the extra runtime computations to a pre-processing step. Experimental results show that the proposed ACT can handle accesses to arbitrary paths at a nearly constant speed.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Altinel, M., Franklin, M.: Efficient filtering of XML documents for selective dissemination of information. In: VLDB, pp. 53–64 (2000)
Bertino, E., Castano, S., Ferrari, E., Mesiti, M.: Controlled access and dissemination of XML documents. In: ACM WIDM, pp. 22–27 (1999)
Bertino, E., Ferrari, E.: Secure and selective dissemination of XML documents. In: ACM TISSEC, pp. 290–331 (2002)
Bertino, E., Samarati, P., Jajodia, S.: An extended authorization model for relational database. IEEE trans. on Knowledge and Data Engineering (1997)
Boag, S., Chamberlin, D., Fernandez, M.F., Florescu, D., Robie, J., Simeon, J.: XQuery 1.0: An XML query language, W3C Working Draft (November 12, 2003), Available at http://www.w3.org/TR/xquery/
Bray, T., Paoli, J., Sperberg-McQueen, C.M.: Extensible Markup Language (XML) 1.0. W3C Recommendation (February 1998), Available at http://www.w3g.org/TR/RECxml
Cecchet, E., Marguerite, J., Zwaenepoel, W.: Performance and scalability of EJB applications. In: OOPSLA, pp. 246–261 (2002)
C.: -Y. Chan, P. Felber, M. Garofalakis, and R. Rastogi: Efficient filtering of XML documents with XPath expressions. In: ICDE, pp. 235–244 (2002)
Cho, S., Amer-Yahia, S., Lakshmanan, L.V.S., Srivastava, D.: Optimizing the secure evaluation of twig queries. In: VLDB, pp. 490–501 (2000)
Clarkand, J., DeRose, S.: XML Path Language (XPath) version 1.0. W3C Recommendation (1999), Available at http://www.w3g.org/TR/xpath
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: Design and Implementation of an Access Control Processor for XML documents. WWW9 (2000)
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A Fine- Grained Access Control System for XML Documents. In: ACM TISSEC, pp. 169–202 (2002)
Deutsch, A., Tannen, V.: Containment of regular path expressions under integrity constraints. KRDB (2001)
Diao, Y., Fischer, P., Franklin, M., To, R.: YFilter: Efficient and scalable filtering of XML documents. Demo at ICDE, p. 341 (2002)
Fan, W., Libkin, L.: On XML integrity constraints in the presence of DTDs. In: Symposium on Principles of Database Systems, pp. 114–125 (2001)
Fernandez, M.F., Suciu, D.: Optimizing regular path expressions using graph schemas. In: ICDE, pp. 14–23 (1998)
Gabillon, A., Bruno, E.: Regulating Access to XML Documents. In: Working Conference on Database and Application Security, pp. 219–314 (2001)
Hors, L., Hegaret, P.L., Wood, L., Nicol, G., Robie, J., Champion, M., Byrne, S.: Document Object Model (DOM) Level 3 Core Specification (2004), Available at http://www.w3.org/TR/2004/PR-DOM-Level-3-Core-20040205
Kaushik, R., Bohannon, P., Naughton, J.F., Korth, H.F.: Covering indexes for branching path queries. ACM SIGMOD, 133–144 (2002)
Kha, D.D., Yoshikawa, M., Uemura, S.: An XML Indexing Structure with Relative Region Coordinate. In: ICDE, pp. 313–320 (2001)
Kudo, M., Hada, S.: XML Document Security based on Provisional Authorization. In: ACM CCS, pp. 87–96 (2000)
Li, Q., Moon, B.: Indexing and Querying XML Data for Regular Path Expressions. In: VLDB, pp. 361–370 (2001)
Miklau, G., Suciu, D.: Containment and equivalence for an XPath fragment. In: ACM PODS, pp. 65–76 (2002)
Murata, M., Tozawa, A., Kudo, M., Hada, S.: XML Access Control Using Static Analysis. In: ACM CCS, pp. 73–84 (2003)
Neven, F., Schwentick, T.: XPath containment in the presence of disjunction, DTDs, and variables. In: ICDT, pp. 315–329 (2003)
Papakonstantinou, Y., Vassalos, V.: Query rewriting for semistructured data. ACM SIGMOD, 455–466 (1999)
Wood, P.T.: Containment for XPath fragments under DTD constraints. In: ICDT, pp. 300–314 (2003)
Yu, T., Srivastava, D., Lakshmanan, L.V.S., Jagadish, H.V.: Compressed Accessibility Map: Efficient Access Control for XML. In: VLDB, pp. 478–489 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
(Naishin Seki), N.Q., Kudo, M. (2004). Access-Condition-Table-Driven Access Control for XML Databases. In: Samarati, P., Ryan, P., Gollmann, D., Molva, R. (eds) Computer Security – ESORICS 2004. ESORICS 2004. Lecture Notes in Computer Science, vol 3193. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30108-0_2
Download citation
DOI: https://doi.org/10.1007/978-3-540-30108-0_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22987-2
Online ISBN: 978-3-540-30108-0
eBook Packages: Springer Book Archive