Journal of Digital Contents Society (디지털콘텐츠학회 논문지)

Digital Contents Society (한국디지털콘텐츠학회)
권호 표지

RDB-based XML Access Control Model with XML Tree Levels

XML 트리 레벨을 고려한 관계형 데이터베이스 기반의 XML 접근 제어 모델

  • 김진형 (고려대학교 컴퓨터학과) ;
  • 정동원 (군산대학교 정보통계학과) ;
  • 백두권 (고려대학교 컴퓨터전파통신공학부)
  • Received : 2008.12.30
  • Accepted : 2009.03.11
  • Published : 2009.03.31
Download PDF
⟨ Previous Next ⟩

Abstract

As the secure distribution and sharing of information over the World Wide Web becomes increasingly important, the needs for flexible and efficient support of access control systems naturally arise. Since the eXtensible Markup Language (XML) is emerging as the de-facto standard format of the Internet era for storing and exchanging information, there have been recently, many proposals to extend the XML model to incorporate security aspects. To the lesser or greater extent, however, such proposals neglect the fact that the data for XML documents will most likely reside in relational databases, and consequently do not utilize various security models proposed for and implemented in relational databases. In this paper, we take a rather different approach. We explore how to support security models for XML documents by leveraging on techniques developed for relational databases considering object perspective. More specifically, in our approach, (1) Users make XML queries against the given XML view/schema, (2) Access controls for XML data are specified in the relational database, (3) Data are stored in relational databases, (4) Security check and query evaluation are also done in relational databases, and (5) Controlling access control is executed considering XML tree levels

웹 환경에서 안전한 정보의 분배와 공유가 중요해짐에 따라 유동적이고 효율적인 접근 제어 시스템에 대한 요구 또한 나타나게 되었다. 또한 eXtensible Markup Language (XML)이 인터넷 시대에 정보를 저장 및 교환하기 위한 de-factor 표준으로 인식됨에 따라, 최근 보안을 고려한 XML 모델의 확장에 대한 연구가 활발히 진행되고 있다. 그러나 이러한 최근의 연구들은 여전히 XML 문서에 사용되는 데이터들이 관계형 데이터베이스에 저장 및 관리 되고 있다는 사실을 간과하고 있다. 따라서 이러한 연구들은 이미 많이 제안되고 검증된 관계형 데이터베이스에 대한 보안 모델을 활용 할 수 없다. 이 논문에서는 기존의 연구들과는 다른 접근 방법을 기술한다. 이 논문은 객체 관점에서 관계형 데이터베이스에 대한 보안 모델을 지원하기 위한 XML 보안 모델에 대한 연구에 초점을 둔다. 이 논문에서 제안하는 접근 방법에서는 (1) 사용자는 주어진 XML 뷰 또는 스키마에 XML 질의를 한다. (2) XML 데이터에 대한 접근 제어 규칙은 관계형 데이터베이스에 저장된다. (3) XML 문서의 데이터는 관계형 데이터베이스에 저장된다. (4) 접근 제어 및 질의 싱행은 관계형 데이터베이스 내에서 수행된다. (5) XML 접근 제어는 XML 트리 레벨을 고려하여 수행된다.

Keywords

References

  1. T. Bray et al., (Eds), Extensible Markup Language(XML) Version 1.0, W3C Recommendation, October, 2000.
  2. E. Damiani et al., A Fine-Grained Access Control System for XML Documents, ACM Trans. On Information System Security (TIS-SEC), Vol. 5, No. 2, May 2002.
  3. E. Damiani et al., Design and Implementation of an Access Control Processor for XML Document, Computer Netowkrs, Vol. 33, No. 6, June 2000.
  4. E. Bertino et al., Secure and Selective Dissemination of XML Documents, IEEE Trans. On information and System Security (TISSEC), Vol. 5, No. 3, August 2002.
  5. S. Godik and T. Moses (Eds), eXtensible Access Control Markup Language (XACML) Version 1.0, OASIS Specification Set, February 2003, http://www.oasis-open.org/ committees/xacml/repository.
  6. U.M.Mbaanaso et al., Privacy Preserving Trust Authorization Framework Using XACML, International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM 06), Buffalo, New York, June, 2006.
  7. K.L. Tan et al., Access Control of XML Documents in Relational Database Systems, Int'l Conf. on Internet Computing (ICIC 01), Las Vegas, NV, June 2001.
  8. J. Jeon et al., Filter XPath Expressions for XML Access Control, Computers & Security, 23, 2004
  9. B. Luo et al., Pragmatic XML Access Control using Off-the-Shelf RDBMS, 12th European Symposium On Research In Computer Security (ESORICS 2007), Dresden, Germany, September 2007.
  10. B. Luo et al., QFilter: fine-grained run-time XML access control via NFA-based query rewriting, International Conference on Information and Knowledge Management (CIKM 2004), Washington, DC, USA, November 2004.
  11. C. Byun et al., An Efficient Query-based XML Access Control Enforcement Mechanism, KIISE Journal: Database, Vol. 34, No. 1, February 2007.
  12. P. Samarati et al., An Authorization Model for a Distributed Hypertext System, IEEE Trans. On Knowledge and Data Engineering (TKDE), Vol. 8, No. 4, August 1996.
  13. M. Kudo et al., XML Document Security Based on Provisional Authorization, ACM Conf. on Computer and Communications Security (CCS), Athens, Greece, November 2000.
  14. I. Fundulaki et al., Specifying Access Control Policies for XML Documents with XPath, ACM Symposium on Access Control Models and Technologies (SSACMAT), Yorktown Heights, US, June 2004.
  15. E. Damiani et al., Securing XML Document, 7th International Conference on Extending Database Technology (EDBT 2000), Konstanz, Germany, March 2000.
  16. Y. Xiao et al., Security-Conscious XML Indexing, International Conference on Database Systems for Advanced Applications (DASFAA 07), Bangkok, Thailand, April 2007.
  17. M. Jiang et al., Integration and Efficient Lookup of Compressed XML Accessibility Maps, IEEE Trans. On Knowledge and Data Engineering (TKDE), Vol. 17, No. 7, July 2005.
  18. W. Fan et al., Secure XML Querying with Security Views, ACM SIGMOD, Paris, France, June 2004.
  19. M. Murata et al., XML Access Control Using Static Analysis, ACM trans. Information Systems and Security, Vol. 9, No. 3, August 2006.
  20. N. Qi et al., Access-Condition-Table- Driven Access Control for XML Databases, 9th European Symposium on Research Computer Security (ESORICS 04), Sophia Antipolis, France, September 2004.
  21. N. Qi et al., XML Access Control with Policy Matching Tree, 10th European Symposium on Research in Computer Security (ESORICS 05), Milan, Italy, September 2005.
  22. S. Mohan et al., Ipac: and Interactive Approach to Access Control for Semi-structured Data, International Conference on Information and Knowledge Management (CIKM 05), Bremen, Germany, October 2005.
  23. J. Kim et al., Formal Verification ofthe Value Pattern-based Translation Algorithm, Dynamics of Continuous, Discrete and Impulsive Systems (DCDIS) Series B, Vol. 3, pp. 1359-1363, June 2007.
  24. J. Kim et al., Formal Verification and Quantitative Evaluation of QP-T Algorithm, Dynamics of Continuous, Discrete and Impulsive Systems (DCDIS) Series B, Vol. 3, pp. 1369-1373, June 2007.
  25. J. Kim et al., VQT: Value Cardinality and Query Pattern-based R-Schema to XML Schema Translation with Implicit Referential Integrity, Journal of Zhejiang University-Science A (JZUS-A), Vol. 9, No. 10, November 2008.