Journal of KIISE:Databases (한국정보과학회논문지:데이타베이스)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지

Hippocratic XML Databases: A Model and Access Control Mechanism

히포크라테스 XML 데이터베이스: 모델 및 액세스 통제 방법

  • 이재길 (한국과학기술원 전산학과/첨단정보기술연구센터) ;
  • 한욱신 (경북대학교 컴퓨터공학과) ;
  • 황규영 (한국과학기술원 전산학과)
  • Published : 2004.12.01
Download PDF
⟨ Previous Next ⟩

Abstract

The Hippocratic database model recently proposed by Agrawal et al. incorporates privacy protection capabilities into relational databases. Since the Hippocratic database is based on the relational database, it needs extensions to be adapted for XML databases. In this paper, we propose the Hippocratic XML database model, an extension of the Hippocratic database model for XML databases and present an efficient access control mechanism under this model. In contrast to relational data, XML data have tree-like hierarchies. Thus, in order to manage these hierarchies of XML data, we extend and formally define such concepts presented in the Hippocratic database model as privacy preferences, privacy policies, privacy authorizations, and usage purposes of data records. Next, we present a new mechanism, which we call the authorization index, that is used in the access control mechanism. This authorization index, which is Implemented using a multi-dimensional index, allows us to efficiently search authorizations implied by the authorization granted on the nearest ancestor using the nearest neighbor search technique. Using synthetic and real data, we have performed extensive experiments comparing query processing time with those of existing access control mechanisms. The results show that the proposed access control mechanism improves the wall clock time by up to 13.6 times over the top-down access control strategy and by up to 20.3 times over the bottom-up access control strategy The major contributions of our paper are 1) extending the Hippocratic database model into the Hippocratic XML database model and 2) proposing an efficient across control mechanism that uses the authorization index and nearest neighbor search technique under this model.

최근에 Agrawal 등이 제안한 히포크라테스 데이타베이스(Hippocratic database)는 관계형 데이타베이스에 프라이버시 보호 기능을 추가한 데이타베이스 모델이다 히포크라테스 데이타베이스는 관계형 데이타베이스에 기반한 모델이므로 최근에 널리 사용되는 XML 데이타베이스에 적용하기 위해서는 확장이 필요하다. 본 논문에서는 히포크라테스 데이타베이스 모델을 XML 데이타베이스에 적용할 수 있도록 확장한 히포크라데스 XML 데이타베이스(Hippocratic XML database) 모델과 이 모델에서의 효과적인 액세스 통제 방법을 제안한다. XML 데이타는 관계형 모델과 달리 트리 형태의 계층 구조를 가진다. 따라서, 히포크라테스 데이타베이스의 모델에서 제시한 개념들인 프라이버시 선호 및 정책, 프라이버시 권한, 데이타 레코드의 사용목적을 트리 형태의 계층 구조에 맞게 확장하며, 확장된 개념들을 정형적으로 정의한다. 다음으로, 본 모델의 액세스 통제 방법에 사용되는 새로운 방법인 다차원 인덱스를 사용한 권한 인덱스(authorization index)를 제안한다. 이 권한 인덱스는 최근접 질의(nearest neighbor search) 기법을 활용하여 가장 가까운 조상 엘리먼트에 부여된 권한에 의해 내포되는 권한을 효율적으로 찾을 수 있게 해준다. 합성 데이타와 실제 데이타를 사용하여 기존의 액세스 통제 방법과 질의 처리 시간을 비교하는 다양한 실험을 수행한 결과, 본 논문에서 제안한 액세스 통제 방법은 하향식(top-down) 액세스 통제 방법에 비하여 최대 13.6배, 상향식(bottom-up) 액세스 통제 방법에 비하여 최대 20.3배 성능을 향상시킴을 보였다. 본 논문의 주요 공헌은 1) 히포크라테스 데이타베이스 모델을 히포크라테스 XML 데이타베이스 모델로 확장하고 2) 제안한 모델 상에서 권한 인덱스와 최근접 질의 기법을 사용하는 효과적인 액세스 통제방법을 제안한 것이다.

Keywords

References

  1. Information and Privacy Commissioner of Ontario, 'Intelligent Software Agents: Turning a Privacy Threat into a Privacy Protector,' Apr. 1999
  2. Information and Privacy Commissioner of Ontario, 'An Internet Privacy Primer: Assume Nothing,' Aug. 2001
  3. Agrawal, R., Kiernan, J., Srikant, R., and Xu, Y., 'Hippocratic Databases,' In Proc. 28th Int'l Conf. on Very Large Data Bases, Hong Kong, China, Aug. 2002
  4. Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, M., and Reagle, J., The Platform for Privacy Preferences 1.0 (P3P1.0) Specification, W3C Recommendation, Apr. 2002
  5. Bertino, E., Castano, S., Ferrari, E., and Mesiti, M., 'Specifying and Enforcing Access Control Policies for XML Document Sources,' World Wide Web Journal, Vol. 3, No. 3, pp. 139-151, 2000 https://doi.org/10.1023/A:1019289831564
  6. Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., and Samarati, P., 'A Fine-Grained Access Control System for XML Documents,' ACM Trans. On Information and System Security, Vol. 5, No. 2, pp. 169-202, May 2002 https://doi.org/10.1145/505586.505590
  7. Gabillon, A. and Bruno, E., 'Regulating Access to XML Documents,' In Proc. 15th Annual Working Conference on Database and Application Security, Niagara on the Lake, Ontario, Canada, pp. 299-314, July 2001
  8. Yu, T., Srivastava, D., Lakshmanan, V. S., and Jagadish, H. V., 'Compressed Accessibility Map: Efficient Access Control for XML,' In Proc. 28th Int'l Conf. on Very Large Data Bases, Hong Kong, China, Aug. 2002
  9. Cho, S., Amer-Yahia, S., Lakshmanan, V. S., and Srivastava, D., 'Optimizing the Secure Evaluation of Twig Queries,' In Proc. 28th Int'l Conf. on Very Large Data Bases, Hong Kong, China, Aug. 2002
  10. Hjaltason, G. R. and Samet, H., 'Distance Browsing in Spatial Databases,' ACM Trans. on Database Systems, Vol. 24, No. 2, pp. 265-318, June 1999 https://doi.org/10.1145/320248.320255
  11. Roussopoulos, N., Kelley, S., and Vincent, F., 'Nearest Neighbor Queries,' In Proc. 1995 ACM SIGMOD Int'l Conf. on Management of Data, ACM SIGMOD, San Jose, California, pp. 71-79, June 1995
  12. Berglund, A., Boag, S., Chamberlin, D., Fernandez, M. F., Kay, M., Robie, J., and Simeon, J., XML Path Language (XPath) Version 2.0, W3C Working Draft, Nov. 2003
  13. Rabitti, F., Bertino, E., Kim, W., and Woelk, D., 'A Model of Authorization for Next-Generation Database Systems,' ACM Trans. on Database Systems, Vol. 16, No. 1, pp. 88-131, Mar. 1991 https://doi.org/10.1145/103140.103144
  14. Li, Q. and Moon, B., 'Indexing and Querying XML Data for Regular Path Expressions,' In Proc. 27th Int'l Conf. on Very Large Data Bases, Italy, pp. 361-370, Sept. 2001
  15. Al-Khalifa, S., Jagadish, H. V., Koudas, N., Patel, J. M., Srivastava, D., and Wu, Y., 'Structural Joins: A Primitive for Efficient XML Query Pattern Matching,' In Proc. 18th Int'l Conf. on Data Engineering, San Jose, California, Feb. 2002
  16. Chien, S.-Y., Vagena, Z., Zhang, D., Tsotras, V. J., and Zaniolo, C., 'Efficient Structural Joins on Indexed XML Documents,' In Proc. 28th Int'l Conf. on Very Large Data Bases, Hong Kong, China, Aug. 2002
  17. V. Gaede, O. Gunther, 'Multidimensional Access Methods,' ACM Computing Surveys, 30(2), pp.170-231, 1998 https://doi.org/10.1145/280277.280279
  18. Torsten Grust, 'Accelerating XPath Location Steps', SIGMOD 2002 https://doi.org/10.1145/564691.564705
  19. Schmidt, A. R., Waas, F., Kersten, M. L., Carey, M. J., Manolescu, I., and Busse, R., 'XMark: A Benchmark for XML Data Management,' In Proc. 28th Int'l Conf. on Very Large Data Bases, Hong Kong, China, pp. 974-985, Aug. 2002
  20. Marcus, M. P., Marcinkiewicz, M. A., and Santorini, B., 'Building a Large Annotated Corpus of English: The Penn Treebank,' Computational Linguistics, Vol. 19, No.2, June 1993
  21. Whang, K.-Y. and Krishnamurthy, R., Multilevel Grid Files, IBM Research Report RC11516, IBM Thomas J. Watson Research Center, Yorktown Heights, New York, Nov. 1985
  22. Whang, K.-Y. and Krishnamurthy, R., 'The Multilevel Grid File - A Dynamic Hierarchical Multidimensional File Structure,' In Proc. Int'l Conf. on Database Systems for Advanced Applications, pp. 449-459, Tokyo, Apr. 1991
  23. A. Guttman, 'R-Trees: A Dynamic Index Structure for Spatial Searching,' In Proceedings of ACM SIGMOD International Conference on Management of Data, pp.47-57, Jun., 1984 https://doi.org/10.1145/602259.602266
  24. Seeger, B. and Kriegel, H.-P., 'The Buddy-Tree: An Efficient and Robust Access Method for Spatial Data Base Systems,' In Proc. 16th Int'l Conf. on Very Large Data Bases, Queensland, Australia, pp. 590-601, Aug. 1990
  25. H. Samet, 'The Quadtree and Related Hierarchical Data Structure,' ACM Computing Surveys, 16(2), pp.187-260, 1984 https://doi.org/10.1145/356924.356930