XML Access Control with Policy Matching Tree

XML documents are frequently used in applications such as business transactions and medical records involving sensitive information. Access control on the basis of data location or value in an XML document is therefore essential. However, current approaches to efficient access control over XML documents have suffered from scalability problems because they tend to work on individual documents. To resolve this problem, we proposed a table-based approach in [28] . However, [28] also imposed limitations on the expressiveness, and real-time access control updates were not supported. In this paper, we propose a novel approach to XML access control through a policy matching tree (PMT) which performs accessibility checks with an efficient matching algorithm, and is shared by all documents of the same document type. The expressiveness can be expanded and real-time updates are supported because of the PTM's flexible structure. Using synthetic and real data, we evaluate the performance and scalability to show it is efficient for checking accessibility for XML databases.

[1]  Michael J. Franklin,et al.  Efficient Filtering of XML Documents for Selective Dissemination of Information , 2000, VLDB.

[2]  Wenfei Fan,et al.  On XML integrity constraints in the presence of DTDs , 2001, JACM.

[3]  Jeffrey F. Naughton,et al.  Covering indexes for branching path queries , 2002, SIGMOD '02.

[4]  Thomas Schwentick,et al.  XPath Containment in the Presence of Disjunction, DTDs, and Variables , 2003, ICDT.

[5]  Laks V. S. Lakshmanan,et al.  Compressed Accessibility Map: Efficient Access Control for XML , 2002, VLDB.

[6]  Yanlei Diao,et al.  YFilter: efficient and scalable filtering of XML documents , 2002, Proceedings 18th International Conference on Data Engineering.

[7]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[8]  Rajeev Rastogi,et al.  Efficient filtering of XML documents with XPath expressions , 2002, The VLDB Journal.

[9]  Elisa Bertino,et al.  Secure and selective dissemination of XML documents , 2002, TSEC.

[10]  Alban Gabillon,et al.  Regulating Access to XML documents , 2001, DBSec.

[11]  Masatoshi Yoshikawa,et al.  An XML indexing structure with relative region coordinate , 2001, Proceedings 17th International Conference on Data Engineering.

[12]  Elisa Bertino,et al.  Controlled access and dissemination of XML documents , 1999, WIDM '99.

[13]  Li Gong,et al.  A secure identity-based capability system , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[14]  Richard J. Lipton,et al.  A Linear time algorithm for deciding security , 1976, 17th Annual Symposium on Foundations of Computer Science (sfcs 1976).

[15]  Lawrence Snyder,et al.  The transfer of information and authority in a protection system , 1979, SOSP '79.

[16]  Elisa Bertino,et al.  Specifying and enforcing access control policies for XML document sources , 2004, World Wide Web.

[17]  Michiharu Kudo,et al.  XML document security based on provisional authorization , 2000, CCS.

[18]  Laks V. S. Lakshmanan,et al.  Optimizing the Secure Evaluation of Twig Queries , 2002, VLDB.

[19]  Makoto Murata,et al.  XML access control using static analysis , 2006, TSEC.

[20]  Dan Suciu,et al.  Optimizing regular path expressions using graph schemas , 1998, Proceedings 14th International Conference on Data Engineering.

[21]  C. M. Sperberg-McQueen,et al.  Extensible markup language , 1997 .

[22]  Sabrina De Capitani di Vimercati,et al.  A fine-grained access control system for XML documents , 2002, TSEC.

[23]  Quanzhong Li,et al.  Indexing and Querying XML Data for Regular Path Expressions , 2001, VLDB.

[24]  Ernesto Damiani,et al.  Design and implementation of an access control processor for XML documents , 2000, Comput. Networks.

[25]  Michiharu Kudo,et al.  Access-Condition-Table-Driven Access Control for XML Databases , 2004, ESORICS.

[26]  Scott Boag,et al.  XQuery 1.0 : An XML Query Language , 2007 .

[27]  Ernesto Damiani,et al.  Securing XML Documents , 2000, EDBT.