A compressed accessibility map for XML

XML is the undisputed standard for data representation and exchange. As companies transact business over the Internet, letting authorized customers directly access, and even modify, XML data offers many advantages in terms of cost, accuracy, and timeliness. Given the complex business relationships between companies, and the sensitive nature of information, access must be provided selectively, using sophisticated access control specifications. Using the specification directly to determine if a user has access to an XML data item can be extremely inefficient. The alternative of fully materializing, for each data item, the users authorized to access it can be space-inefficient. In this article, we introduce a compressed accessibility map (CAM) as a space- and time-efficient solution to the access control problem for XML data. A CAM compactly identifies the XML data items to which a user has access, by exploiting structural locality of accessibility in tree-structured data. We present a CAM lookup algorithm for determining if a user has access to a data item that takes time proportional to the product of the depth of the item in the XML data and logarithm of the CAM size. We develop an algorithm for building an optimal size CAM that takes time linear in the size of the XML data set. While optimality cannot be preserved incrementally under data item updates, we provide an algorithm for incrementally maintaining near-optimality. Finally, we experimentally demonstrate the effectiveness of the CAM for multiple users on a variety of real and synthetic data sets.

[1]  Athena Vakali,et al.  Security Model for XML Data , 2001, International Conference on Internet Computing.

[2]  Hosagrahar V. Jagadish,et al.  On effective multi-dimensional indexing for strings , 2000, SIGMOD 2000.

[3]  Elisa Bertino,et al.  Controlled access and dissemination of XML documents , 1999, WIDM '99.

[4]  Elisa Bertino,et al.  An Extended Authorization Model for Relational Databases , 1997, IEEE Trans. Knowl. Data Eng..

[5]  Ernesto Damiani,et al.  Securing XML Documents , 2000, EDBT.

[6]  Dorothy E. Denning,et al.  The SeaView security model , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[7]  Michiharu Kudo,et al.  XML document security based on provisional authorization , 2000, CCS.

[8]  Charles A. Shoniregun,et al.  Securing XML Documents , 2004, Australas. J. Inf. Syst..

[9]  Elisa Bertino,et al.  Author-X: A Java-Based System for XML Data Protection , 2000, DBSec.

[10]  Ehud Gudes,et al.  A Model of Methods Access Authorization in Object-oriented Databases , 1993, VLDB.

[11]  Sushil Jajodia,et al.  Secure mediated databases , 1996, Proceedings of the Twelfth International Conference on Data Engineering.

[12]  Dorothy E. Denning,et al.  The SeaView Security Model , 1990, IEEE Trans. Software Eng..

[13]  Kiho Lee,et al.  The cost model for XML documents in relational database systems , 2001, Proceedings ACS/IEEE International Conference on Computer Systems and Applications.

[14]  Gerhard Weikum,et al.  ACM Transactions on Database Systems , 2005 .

[15]  Elisa Bertino,et al.  A model of authorization for next-generation database systems , 1991, TODS.

[16]  Ernesto Damiani,et al.  Design and implementation of an access control processor for XML documents , 2000, Comput. Networks.

[17]  Bradford W. Wade,et al.  An authorization mechanism for a relational database system , 1976, TODS.

[18]  Elisa Bertino,et al.  A unified framework for enforcing multiple access control policies , 1997, SIGMOD '97.

[19]  Marianne Winslett,et al.  Formal query languages for secure relational databases , 1994, TODS.

[20]  Mong-Li Lee,et al.  Access Control of XML Documents in Relational Database Systems , 2001, International Conference on Internet Computing.

[21]  Ravi S. Sandhu,et al.  Configuring role-based access control to enforce mandatory and discretionary access control policies , 2000, TSEC.

[22]  Sushil Jajodia,et al.  Toward a multilevel secure relational data model , 1991, SIGMOD '91.

[23]  Elisa Bertino,et al.  Securing XML Documents with Author-X , 2001, IEEE Internet Comput..

[24]  Laks V. S. Lakshmanan,et al.  Optimizing the Secure Evaluation of Twig Queries , 2002, VLDB.

[25]  Laks V. S. Lakshmanan,et al.  Compressed Accessibility Map: Efficient Access Control for XML , 2002, VLDB.

[26]  Roberto Grossi,et al.  The string B-tree: a new data structure for string search in external memory and its applications , 1999, JACM.

[27]  Ravi S. Sandhu,et al.  Lattice-based access control models , 1993, Computer.

[28]  Ronald Fagin,et al.  On an authorization mechanism , 1978, TODS.

[29]  Elisa Bertino,et al.  Specifying and enforcing access control policies for XML document sources , 2004, World Wide Web.

[30]  Divesh Srivastava,et al.  On effective multi-dimensional indexing for strings , 2000, SIGMOD '00.

[31]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.