Browse > Article

Access Control of XML Documents Including Update Operators  

Lim Chung-Hwan (e 신한 정보기술팀)
Park Seog (서강대학교 컴퓨터학부)
Publication Information
Journal of KIISE:Databases / v.31, no.6, 2004 , pp. 567-584 More about this Journal
Abstract
As XML becomes popular as the way of presenting information on the web, how to secure XML data becomes an important issue. So far study on XML security has focused on security of data communications by using digital sign or encryption technology. But, it now requires not just to communicate secure XML data on communication but also to manage query process to access XML data since XML data becomes more complicated and bigger. We can manage XML data queries by access control technique. Right now current XML data access control only deals with read operation. This approach has no option to process update XML queries. In this paper, we present XML access control model and technique that can support both read and update operations. In this paper, we will propose the operation for XML document update. Also, We will define action type as a new concept to manage authorization information and process update queries. It results in both minimizing access control steps and reducing memory cost. In addition, we can filter queries that have no access rights at the XML data, which it can reduce unnecessary tasks for processing unauthorized query. As a result of the performance evaluation, we show our access control model is proved to be better than other access control model in update query. But it has a little overhead to decide action type in select query.
Keywords
XML security; access control; action type;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Yue Wang, Kian-Lee Tan, 'A Scalable XML Access Control System,' In Proceedings of the 10th International WWW Conference(Poster), 2001
2 Albrecht Schmidt, Florian Waas, Martin Kersten, Michael J.Carey, Ioana Manolescu and Ralph Busse, 'Xmark: A Benchmark for XML Data Management,' Proc. VLDB, Hong Kong, China, 2002
3 Kevin Williams (Editor), et al., 'Professional XML Databases,' wrox, 2001
4 P.Samarati, E.Bertino, and S.Jajodia, 'An Authorization Model for a Distritbuted Hypertext System,' IEEE TKDE, 8(4):555-562, August 1996
5 S.Jajodia, P.samarati, and V.S. Subrahmanian, 'A Logical Language for Expressing Authorization,' In Proceeding of the IEEE Symposium on Security and Privacy, pages 31-42, Oakland, CA, May 1997   DOI
6 Igor Tatarinov, Zachary G. Ives, Alon Y.Halevy, Daniel S.Weld, 'Updating XML,' ACM SIGMOD, pp 413-424, Santa Barbara, California, USA, May, 2001
7 E.Damiani, S.Vimercati, S.Paraboschi, and P.Samarati, 'Securing xml document,' In Proceedings of the 2000 International Conference on Extending Database Technology(EDBT2000), pp. 121-135, Konstan, Germany, March, 2000
8 E.Damiani, S.Vimercati, S.Paraboachk and P.Samarati, 'Design and implementation of an access processor for xml documents,' In Proceedings of the 9th international WWW conference, Amsterdam, May 2000   DOI   ScienceOn
9 T.F. Lunt, 'Access Control Policies for Database Systems,' In C.E. Landwehr, editor, Database Security, II:status and Prospects, North-Holland, Amsterdam, 1989
10 S.Castano, M.Fugini, G.Martella and P.Samarati, 'Database Security,' Addision-Wesley, 1995
11 T.Bray et.al. (ed.), 'Extensible Markup Language (XML) 1.0,' World Wide Web Consortium (W3C), February 1998. http://www.w3.org/TR/REC-xml
12 S.Boag, D.Chamberlin, M.F. Fernandez, D.Florescu, J.Robie, J.simeon, and M.Stefanescu, 'XQuery 1.0: An XML query language,' http://www.w3.org/TR/xquery/, 30 April 2002. W3C working draft
13 David Hunter (Editor), et al., 'Beginning XML,' wrox, 2001
14 Rutgers Security Team, 'WWW Security, A survey,' 1999. http://www-ns.rutgers.edu/www-security/
15 Oracle, 'Database Security in Oracle 8i,' February 1999