Compressed Accessibility Map: Efficient Access Control for XML

XML is widely regarded as a promising means for data representation integration, and exchange. As companies transact business over the Internet, the sensitive nature of the information mandates that access must be provided selectively, using sophisticated access control specifications. Using the specification directly to determine if a user has access to a specific XML data item can hence be extremely inefficient. The alternative of fully materializing, for each data item, the users authorized to access it can be space-inefficient. In this paper, we propose a space- and time-efficient solution to the access control problem for XML data. Our solution is based on a novel notion of a compressed accessibility map (CAM), which compactly identifies the XML data items to which a user has access, by exploiting structural locality of accessibility in tree-structured data. We present a CAM lookup algorithm for determining if a user has access to a data item; it takes time proportional to the product of the depth of the item in the XML data and logarithm of the CAM size.

[1]  Elisa Bertino,et al.  A unified framework for enforcing multiple access control policies , 1997, SIGMOD '97.

[2]  Bradford W. Wade,et al.  An authorization mechanism for a relational database system , 1976, TODS.

[3]  Sabrina De Capitani di Vimercati,et al.  Minimal data upgrading to prevent inference and association attacks , 1999, PODS '99.

[4]  Elisa Bertino,et al.  An Extended Authorization Model for Relational Databases , 1997, IEEE Trans. Knowl. Data Eng..

[5]  Ernesto Damiani,et al.  Securing XML Documents , 2000, EDBT.

[6]  Sushil Jajodia,et al.  Toward a multilevel secure relational data model , 1991, SIGMOD '91.

[7]  Elisa Bertino,et al.  A model of authorization for next-generation database systems , 1991, TODS.

[8]  Marianne Winslett,et al.  Formal query languages for secure relational databases , 1994, TODS.

[9]  Ernesto Damiani,et al.  Design and implementation of an access control processor for XML documents , 2000, Comput. Networks.

[10]  Ronald Fagin,et al.  On an authorization mechanism , 1978, TODS.

[11]  Ehud Gudes,et al.  A Model of Methods Access Authorization in Object-oriented Databases , 1993, VLDB.

[12]  Sushil Jajodia,et al.  Secure mediated databases , 1996, Proceedings of the Twelfth International Conference on Data Engineering.

[13]  Elisa Bertino,et al.  Controlled access and dissemination of XML documents , 1999, WIDM '99.

[14]  Roberto Grossi,et al.  The string B-tree: a new data structure for string search in external memory and its applications , 1999, JACM.