Journal of KIISE:Databases (한국정보과학회논문지:데이타베이스)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지

An XML Access Control Method through Filtering XPath Expressions

XPath 표현식의 필터링을 통한 XML 접근 제어 기법

  • Published : 2005.04.01
Download PDF
⟨ Previous Next ⟩

Abstract

XML (extensible Markup Language) is recognized as a standard of data representation and transmission on Internet. XPath is a standard for specifying parts of XML documents anda suitable language for both query processing and access control of XML. In this paper, we use the XPath expression for representing user queries and access control for XML. And we propose an access control method for XML, where we control accesses to XML documents by filtering query XPath expressions through access control XPath expressions. In the proposed method, we directly search XACT (XML Access Control Tree) for a query XPath expression and extract the access-granted parts. The XACT is our proposedstructure, where the edges are structural summary of XML elements and the nodes contain access-control information. We show the query XPath expressions are successfully filtered through the XACT by our proposed method, and also show the performance improvement by comparing the proposed method with the previous work.

XML은 인터넷 상에서 데이타의 표현 및 전송 표준으로 인식되고 있다. XPath는 XML 문서의 특정 부분을 규정하는 표준으로, XML 질의 처리와 접근 제어에 적합한 언어이다 본 논문에서는 XPath를 사용자 질의 및 접근 제어 정보를 표현하는 방법으로 사용하는 XML 접근 제어 방법을 제안한다. 제안하는 방법은 접근 제어 XPath 표현식을 통해 질의 XPath 표현식을 필터링하여 XML 문서에 대한 접근을 제어한다. 이를 위하여 XML 접근 제어 트리(XACT)를 정의하고, 이 트리를 이용하여 질의 XPath 표현식에서 접근 허용되는 부분만을 추출한다. XACT는 XML 엘리먼트들에 대한 구조적 요약으로 에지를 구성하고, 접근 제어 정보로 노드를 구성한 구조이다. 제안하는 방법의 정확성을 보이고, 기존방법과의 성능을 비교한다

Keywords

References

  1. http://www.nue.et-inf.uni-siegen.de/geuerpoll-mann/xml_security.html
  2. OASIS, eXtensible Access control Markup Language(MACML) Version 1.0, OASIS Standard, February 2003. http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
  3. OASIS, Security Assertion Markup Language (SAML) Version 1.1, OASIS Standard, http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
  4. W3C, Canonical XML Version 1.0, W3C Recommendation, March 2001. http://www.w3.org/TR/xml-c14n
  5. W3C, SOAP Security Extensions: Digital Signature, W3C Note, February 2001. http://www.w3.org/TR/SOAP-dsig/
  6. W3C, XML Key Management Specification (XKMS), W3C Note, March 2001. http://www.w3.org/TR/xkms/
  7. W3C, XML-Signature Syntax and Processing, W3C Recommendation, February 2002. http://www.w3.org/TR/xmldsig-core/
  8. E. Bertino, S. Castano, E. Ferrari 'Securing XML documents with Author-X,' IEEE Internet Computing, 5(3):21-31, 2001 https://doi.org/10.1109/4236.935172
  9. E. Damiani, S. De Capitani di Vimercanti, S. Paraboschi, P. Samarati 'Securing XML Documents,' In Proc. of the 2000 Int'l Conference on Extending Database Technology (EDBT2000), pp 121-135, Germany, March 2000'
  10. E. Damiani, S. De Capitani di Vimercanti, S. Paraboschi, P. Samarati 'Securing SOAP e-services,' IJIS 1:100-115, 2002 https://doi.org/10.1007/s102070100009
  11. M. Kudo, S. Hada 'XML Document Security based on Provisional Authorization,' CCS 2000, pp. 87-96, Athens, Greece https://doi.org/10.1145/352600.352613
  12. G. Miklau, D. Suciu, 'Containment and equivalence for an Xpath fragment,' Proceedings of the twenty-first ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, pp.65-76, 2002 https://doi.org/10.1145/543613.543623
  13. W3C, XML Path Language (XPath) Version 2.0, W3C Working Draft, 2003, http://www.w3.org/TR/2003/WD-XPath20-20030502/
  14. S. Jajodia, P. Samarati, M.L. Sapino, V. S. Subrahmanian 'Flexible Support for Multiple Access Control Policies,' ACM Trans. On Database Systems, 26(2):214-260, June 2001 https://doi.org/10.1145/383891.383894
  15. W3C, XQuery: A Query Language for XML. W3C Working Draft, May 2003. http://www.w3.org/TR/2003/WD-xquery-20030502/
  16. W3C, XSL Transformations (XSLT) Version 1.0, W3C Recommendation, November 1999. http://www.w3.org/TR/xslt
  17. T. Yu, D. Srivastava, L. Lakshmann, H. Jagadish 'Compressed Accessibility Map: Efficient Access Control for XML,' In Proc. of the 28th VLDB Conference, pp. 478-489, Hong Kong, China, 2002
  18. S. Cho, S. Amer-Yahia, L. Lakshmanan, D. Srivastava 'Optimizing the Secure Evaluation of Twig Queries,' In Proc. of the 28thVLDB Conference, pp. 490-501, Hong Kong, China, 2002
  19. S. Cho, S. Amer-Yahia, L. Lakshmanan, D. Srivastava 'LockX: A System for Efficiently Querying Secure XML,' In Proc. of the SIGMOD 2003 Conference, pp, 669, San Diago, CA, 2003
  20. M. Murata, A. Tozawa, M. Kudo 'XML Access Control Using Static Analysis,' CCS 2003, pp. 73-84, Washington, DC, USA, 2003 https://doi.org/10.1145/948109.948122
  21. M. Benedikt, W. Fan, G. Kuper 'Structural Properties of XPath Fragments,' ICDT 2003, pp. 79-95, Italy, January 2003
  22. J. M. Jeon, Y, D, Chung, Y. J. Lee and M. H. Kim 'Filtering of XPath Expressions for XML Access Control,' Technical Report (CS-TR-2004-199), Division of Computer Science, KAIST, 2004