Supporting XML Security Models Using Relational Databases: A Vision

As the secure distribution and sharing of information over the World Wide Web becomes increasingly important, the needs for flexible and efficient support of access control systems naturally arise. Since the eXtensible Markup Language (XML) is emerging as the format of the Internet era for storing and exchanging information, there have been, recently, many proposals to extend the XML model to incorporate security aspects. To the lesser or greater extent, however, such proposals neglect the fact that the data for XML documents will most likely reside in relational databases, and consequently do not utilize various security models proposed for and implemented in relational databases.

[1]  Mong-Li Lee,et al.  Access Control of XML Documents in Relational Database Systems , 2001, International Conference on Internet Computing.

[2]  Fang Chen,et al.  The multilevel relational (MLR) data model , 1998, TSEC.

[3]  Xin Zhang,et al.  Integrating XML Data with Relational Databases , 2000, ICDCS Workshop of Knowledge Discovery and Data Mining in the World-Wide Web.

[4]  Elisa Bertino,et al.  A unified framework for enforcing multiple access control policies , 1997, SIGMOD '97.

[5]  W. Glas Xml and Databases , 2002 .

[6]  Veda C. Storey,et al.  Conceptual Modeling — ER 2000 , 2003, Lecture Notes in Computer Science.

[7]  Toshiyuki Amagasa,et al.  XRel: a path-based approach to storage and retrieval of XML documents using relational databases , 2001, ACM Trans. Internet Techn..

[8]  Paolo Atzeni,et al.  XML AND DATABASES , 2004 .

[9]  Marianne Winslett,et al.  Formal query languages for secure relational databases , 1994, TODS.

[10]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[11]  Sabrina De Capitani di Vimercati,et al.  A fine-grained access control system for XML documents , 2002, TSEC.

[12]  Elisa Bertino,et al.  An Authorization Model for a Distributed Hypertext System , 1996, IEEE Trans. Knowl. Data Eng..

[13]  Alin Deutsch,et al.  Storing semistructured data with STORED , 1999, SIGMOD '99.

[14]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[15]  Sushil Jajodia,et al.  Toward a multilevel secure relational data model , 1991, SIGMOD '91.

[16]  Ahmad Ashari,et al.  Storing And Querying XML Data Using RDBMS , 2004, iiWAS.

[17]  Ehud Gudes,et al.  A Model for Evaluation and Administration of Security in Object-Oriented Databases , 1994, IEEE Trans. Knowl. Data Eng..

[18]  Vishu Krishnamurthy,et al.  Oracle8i-the XML enabled data management system , 2000, Proceedings of 16th International Conference on Data Engineering (Cat. No.00CB37073).

[19]  Bradford W. Wade,et al.  An authorization mechanism for a relational database system , 1976, TODS.

[20]  Ernesto Damiani,et al.  Design and implementation of an access control processor for XML documents , 2000, Comput. Networks.

[21]  Dongwon Lee,et al.  Constraints-Preserving Transformation from XML Document Type Definition to Relational Schema , 2000, ER.

[22]  Josephine M. Cheng,et al.  XML and DB2 , 2000, Proceedings of 16th International Conference on Data Engineering (Cat. No.00CB37073).

[23]  Elisa Bertino,et al.  A model of authorization for next-generation database systems , 1991, TODS.

[24]  C. M. Sperberg-McQueen,et al.  Extensible Markup Language (XML) , 1997, World Wide Web J..

[25]  David J. DeWitt,et al.  Relational Databases for Querying XML Documents: Limitations and Opportunities , 1999, VLDB.

[26]  Elisa Bertino,et al.  Secure and selective dissemination of XML documents , 2002, TSEC.

[27]  Laks V. S. Lakshmanan,et al.  Compressed Accessibility Map: Efficient Access Control for XML , 2002, VLDB.

[28]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .