Relevancy-based access control and its evaluation on versioned XML documents

Integration of version and access control of XML documents has the benefit of regulating access to rapidly growing archives of XML documents. Versioned XML documents provide us with valuable information on dependencies between document nodes, but, at the same time, presenting the risk of undesirable data disclosure. In this article, we introduce the notion of relevancy-based access control, which realizes protection of versioned XML documents by various types of relevancy, such as version dependencies, schema similarities, and temporal proximity. We define a new path query language XVerPath over XML document versions, which can be utilized for specifying relevancy-based access-control policies. We also introduce the notion of relevancy class, for collectively and compactly specifying relevancy-based policies. Regarding efficient processing of access requests, we propose the packed version model, which realizes space-efficient difference-based archives of versioned XML documents and, at the same time, providing efficient evaluation of XVerPath queries. Experimental results show reasonable performance superiority over conventional methods, which do not utilize version differences.

[1]  Chutiporn Anutariya,et al.  A Rule-Based XML Access Control Model , 2003, RuleML.

[2]  Csilla Farkas,et al.  RDF metadata for XML access control , 2003, XMLSEC '03.

[3]  Chutiporn Anutariya,et al.  Towards Integration of XML Document Access and Version Control , 2004, DEXA.

[4]  Elisa Bertino,et al.  Specifying and enforcing access control policies for XML document sources , 2004, World Wide Web.

[5]  Patrick E. O'Neil,et al.  ORDPATHs: insert-friendly XML node labels , 2004, SIGMOD '04.

[6]  Steven J. DeRose,et al.  XML Path Language (XPath) Version 1.0 , 1999 .

[7]  Chun Zhang,et al.  Storing and querying ordered XML using a relational database system , 2002, SIGMOD '02.

[8]  Amélie Marian,et al.  Change-Centric Management of Versions in an XML Warehouse , 2001, VLDB.

[9]  Carlo Zaniolo,et al.  Efficient Management of Multiversion Documents by Object Referencing , 2001, VLDB.

[10]  Sabrina De Capitani di Vimercati,et al.  A fine-grained access control system for XML documents , 2002, TSEC.

[11]  Ravi Sandhu,et al.  ACM Transactions on Information and System Security: Editorial , 2005 .

[12]  Raymond K. Wong,et al.  Managing and querying multi-version XML data with update logging , 2002, DocEng '02.

[13]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[14]  Michiharu Kudo,et al.  XML document security based on provisional authorization , 2000, CCS.

[15]  Luc Bouganim,et al.  Client-Based Access Control Management for XML documents , 2004, VLDB.

[16]  Chutiporn Anutariya,et al.  Relevancy based access control of versioned XML documents , 2005, SACMAT '05.

[17]  Elisa Bertino,et al.  A Temporal Access Control Mechanism for Database Systems , 1996, IEEE Trans. Knowl. Data Eng..