Journal of KIISE:Databases (한국정보과학회논문지:데이타베이스)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지

Dynamic Predicate: An Efficient Access Control Mechanism for Hippocratic XML Databases

동적 프레디킷 : 허포크라테스 XML 데이타베이스를 위한 효율적인 액세스 통제 방법

  • 이재길 (한국과학기술원 전산학과/첨단정보기술연구센터) ;
  • 한욱신 (경북대학교 컴퓨터공학과) ;
  • 황규영 (한국과학기술원 전산학과/첨단정보기술연구센터)
  • Published : 2005.10.01
Download PDF
⟨ Previous Next ⟩

Abstract

The Hippocratic database model recently proposed by Agrawal et at. incorporates privacy protection capabilities into relational databases. The authors have subsequenty proposed the Hippocratic XML daかabase model[4], an extension of the Hippocratic database model for XML databases. In this paper, we propose a new concept that we cail the dynamic predicate(DP) for effective access control in the Hippocratic XML database model. A DP is a novel concept that represents a dynamically constructed rendition that tan be adapted for determining the accessibility of elements during query execution. DPs allow us to effectively integrate authorization checking into the query plan so that unauthorized elements are excluded in the process of query execution. Using synthetic and real data, we have performed extensive experiments comparing query processing time with those of existing access control mechanisms. The results show that the proposed access control mechanism improves the wall clock time by up to 219 times over the top-down access control strategy and by up to 499 times over the bottom-up access control strategy. The major contribution of our, paper is enabling effective integration of access control mechanisms with the query plan using the DP under the Hippocratic XML database model.

최근에 Agrawal 등이 제안한 히포크라테스 데이타베이스는 관계형 데이타베이스에 프라이버시 보호 기능을 추가한 데이타베이스 모델이다. 본 논문의 저자들은 히포크라테스 데이타베이스 모델을 XML 데이타베이스에 적용할 수 있도록 확장한 히포크라테스 XML 데이타베이스 모델[4]을 제안하였다. 본 논문에서는 동적 프레디킷(dynamic predicate)이라는 새로운 개념을 제안하고, 히포크라테스 XML 데이타베이스 모델에서의 액세스 통제에 이 개념을 적용한다. 동적 프레디킷은 권한에 의해 액세스가 허용되는지를 결정하는데 적용될 수 있는 질의 처리 도중에 동적으로 생성되는 조건을 나타낸다. 동적 프레디킷은 권한 검사를 질의 계획에 효과적으로 통합하여 액세스가 허용되지 않은 엘리먼트들이 질의 처리 과정에서 일찍 제외될 수 있게 해준다. 합성 데이타와 실제 데이타를 사용하여 기존의 액세스 통제 방법과 질의 처리 시간을 비교하는 다양한 실험을 수행한 결과, 본 논문에서 제안한 액세스 통제 방법은 하향식 액세스 통제 방법에 비하여 최대 219배, 상향식 액세스 통제 방법에 비하여 최대 499배 성능을 향상시킴을 보였다. 본 논문의 주요 공헌은 히포크라테스 XML 데이타베이스 모델 상에서 동적 프레디킷을 사용하여 액세스 통제 방법을 질의 계획에 효과적으로 통합할 수 있도록 한 것이다.

Keywords

References

  1. Information and Privacy Commissioner of Ontario, 'Intelligent Software Agents: Turning a Privacy Threat into a Privacy Protector,' Apr. 1999
  2. Information and Privacy Commissioner of Ontario, 'An Internet Privacy Primer: Assume Nothing,' Aug. 2001
  3. Agrawal, R., Kiernan, J., Srikant, R., and Xu, Y., 'Hippocratic Databases,' In Proc. 28th Int'l Conf. on Very Large Data Bases, Hong Kong, China, pp. 143-154, Aug. 2002
  4. 이재길, 한욱신, 황규영, '히포크라테스 XML 데이타베이스: 모델 및 액세스 통제 방법', 정보과학회논문지:데이타베이스, 제31권, 제6호, pp. 684-698, 2004년 12월
  5. N. Roussopoulos, S. Kelley, and F. Vincent. Nearest Neighbor Queries. In Proceedings of the ACM SIGMOD Conference, May, 1995 https://doi.org/10.1145/223784.223794
  6. V. Gaede, O. Gunther, 'Multidimensional Access Methods,' ACM Computing Surveys, 30(2), pp.170-231, 1998 https://doi.org/10.1145/280277.280279
  7. Bertino, E., Castano, S., Ferrari, E., and Mesiti, M., 'Specifying and Enforcing Access Control Policies for XML Document Sources,' World Wide Web Journal, Vol. 3, No. 3, pp. 139-151, 2000 https://doi.org/10.1023/A:1019289831564
  8. Damiani, E., De Capitani di Virnercati, S., Paraboschi, S., and Samarati, P., 'A Fine-Grained Access Control System for XML Documents,' ACM Trans. on Information and System Security, Vol. 5, No. 2, pp. 169-202, May 2002 https://doi.org/10.1145/505586.505590
  9. Cho, S., Arner-Yahia, S., Lakshmanan, V. S., and Srivastava, D., 'Optimizing the Secure Evaluation of Twig Queries,' In Proc. 28th Int'l Conf. on Very Large Data Bases, Hong Kong, China, pp. 490-501, Aug. 2002
  10. Yu, T., Srivastava, D., Lakshmanan, V. S., and Jagadish, H. V., 'Compressed Accessibility Map: Efficient Access Control for XML,' In Proc. 28th Int'l Conf. on Very Large Data Bases, Hong Kong, China, pp. 478-489, Aug. 2002
  11. Berglund, A., Boag, S., Chamberlin, D., Fernandez, M. F., Kay, M., Robie, J., and Simeon, J., XML Path Language (XPath) Version 2.0, W3C Working Draft, Nov. 2003
  12. Li, Q. and Moon, B., 'Indexing and Querying XML Data for Regular Path Expressions,' In Proc. 27th Int'l Conf. on Very Large Data Bases, Rome, Italy, pp. 361-370, Sept. 2001
  13. Al-Khalifa, S., Jagadish, H. V., Koudas, N., Patel, J. M., Srivastava, D., and Wu, Y., 'Structural Joins: A Primitive for Efficient XML Query Pattern Matching,' In Proc. 18th Int'l Conf. on Data Engineering, San Jose, California, pp. 141-152, Feb. 2002 https://doi.org/10.1109/ICDE.2002.994704
  14. Chien, S.-Y., Vagena, Z., Zhang, D., Tsotras, V. J., and Zaniolo, C., 'Efficient Structural Joins on Indexed XML Documents,' In Proc. 28th Int'l Conf. on Very Large Data Bases, Hong Kong, China, pp. 263-274, Aug. 2002
  15. Wu, Y., Patel, J. M., and Jagadish, H. V., 'Structural Join Order Selection for XML Query Optimization,' In Proc. 19th Int'l Conf. on Data Engineering, Bangalore, India, pp. 443-454, Mar. 2003
  16. Graefe, G., 'Query Evaluation Techniques for Large Databases,' ACM Computing Surveys, Vol. 25, No. 2, pp. 73-170, June 1993 https://doi.org/10.1145/152610.152611
  17. Bruno, N., Koudas, N., and Srivastava, D., 'Holistic Twig Joins: Optimal XML Pattern Matching,' In Proc. 2002 ACM SIGMOD Int'l Conf. on Management of Data, ACM SIGMOD, Madison, Wisconsin, pp. 310-321, June 2002 https://doi.org/10.1145/564691.564727
  18. Amagasa, T., Yoshikawa, M., and Uemura, S., 'QRS: A Robust Numbering Scheme for XML Documents,' In Proc. 19th Int'l Conf. on Data Engineering, Bangalore, India, pp. 705-707, Mar. 2003
  19. Schmidt, A. R., Waas, F., Kersten, M. L., Carey, M. J., Manolescu, I., and Busse, R., 'XMark: A Benchmark for XML Data Management,' In Proc. 28th Int'l Conf. on Very Large Data Bases, Hong Kong, China, pp. 974-985, Aug. 2002
  20. Marcus, M. P., Marcinkiewicz, M. A., and Santorini, B., 'Building a Large Annotated Corpus of English: The Penn Treebank,' Computational Linguistics, Vol. 19, No. 2, pp. 313-330, June 1993
  21. Whang, K.-Y. and Krishnamurthy, R., Multilevel Grid Files, IBM Research Report RC11516, IBM Thomas J. Watson Research Center, Yorktown Heights, New York, Nov. 1985
  22. Whang, K.-Y. and Krishnarnurthy, R., 'The Multilevel Grid File - A Dynamic Hierarchical Multidimensional File Structure,' In Proc. Int'l Conf. on Database Systems for Advanced Applications, Tokyo, Japan, pp. 449-459, Apr. 1991
  23. Aref, W. G. and Ilyas, I. F., 'SP-GiST: An Extensible Database Index for Supporting Space Partitioning Trees,' Journal of Intelligent Information Systems, Vol. 17, No. 2-3, pp. 215-240, Dec. 2001 https://doi.org/10.1023/A:1012809914301
  24. Rabitti, F., Bertino, E., Kim, W., and Woelk, D., 'A Model of Authorization for Next-Generation Database Systems,' ACM Trans. on Database Systems, Vol. 16, No.1, pp. 88-131, Mar. 1991 https://doi.org/10.1145/103140.103144